2 Replies Latest reply on Mar 15, 2010 6:24 PM by ktenbrook

    PPTP Server not working for Windows 7 Clients?

      Hello.  I hope someone can help me with this.  I have a new SG310 and I am trying to setup VPN access for remote clients.  I'm not a newbie at this kind of thing, but nevertheless I am at a loss as to the true problem.  I have followed all the user manual steps (although the manual is slightly inaccurate), and I seem to be having authentication failure.  My router has the latest firmware version 4.0.6 installed.  I enabled the debugging option in the PPTP setup page.  Here is the Syslog output for a typical session failure:

       

      Mar 14 17:35:46 pptpd[5745]: CTRL: Client 71.29.79.20 control connection started 
      Mar 14 17:35:46 pptpd[5745]: CTRL: Starting call (launching pppd, opening GRE)
      Mar 14 17:35:46 pppd[5746]: pppd 2.4.4 started by root, uid 0
      Mar 14 17:35:46 pppd[5746]: using channel 3
      Mar 14 17:35:46 pppd[5746]: Using interface ppp0
      Mar 14 17:35:46 pppd[5746]: Connect: ppp0 <--> /dev/pts/0
      Mar 14 17:35:46 pppd[5746]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x23cbbcdd> <pcomp> <accomp>]
      Mar 14 17:35:46 pppd[5746]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x79903bf3> <pcomp> <accomp> <callback CBCP>]
      Mar 14 17:35:46 pppd[5746]: sent [LCP ConfRej id=0x0 <callback CBCP>]
      Mar 14 17:35:46 pppd[5746]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x79903bf3> <pcomp> <accomp>]
      Mar 14 17:35:46 pppd[5746]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x79903bf3> <pcomp> <accomp>]
      Mar 14 17:35:49 pppd[5746]: sent [LCP ConfReq id=0x1 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x23cbbcdd> <pcomp> <accomp>]
      Mar 14 17:35:49 pppd[5746]: rcvd [LCP ConfAck id=0x1 <mru 1400> <asyncmap 0x0> <auth chap MS-v2> <magic 0x23cbbcdd> <pcomp> <accomp>]
      Mar 14 17:35:49 pptpd[5745]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
      Mar 14 17:35:49 pppd[5746]: sent [CHAP Challenge id=0x54 <389847e31e77425f4b2a4b96ac56cddb>, name = "PoPToP"]
      Mar 14 17:35:49 pppd[5746]: rcvd [LCP Ident id=0x2 magic=0x79903bf3 "MSRASV5.20"]
      Mar 14 17:35:49 pppd[5746]: rcvd [LCP Ident id=0x3 magic=0x79903bf3 "MSRAS-0-KEVIN-PC"]
      Mar 14 17:35:49 pppd[5746]: rcvd [LCP Ident id=0x4 magic=0x79903bf3 "\342:\017\370\262\210\304H\264vn\036\271\221$\262"]
      Mar 14 17:35:49 pppd[5746]: rcvd [CHAP Response id=0x54 <b4e4c56c80854300b5ceb60068e97d0a0000000000000000d9c1dda2ec7298b91b7eabb68e30c56a10d7289556a0d3ea00>, name = "PWNET\\ktenbrook"]
      Mar 14 17:35:49 pppd[5746]: No CHAP secret found for authenticating PWNET\\ktenbrook
      Mar 14 17:35:49 pppd[5746]: Peer PWNET\\ktenbrook failed CHAP authentication
      Mar 14 17:35:50 pppd[5746]: sent [CHAP Failure id=0x54 ""]
      Mar 14 17:35:50 pppd[5746]: sent [LCP TermReq id=0x2 "Authentication failed"]
      Mar 14 17:35:50 pppd[5746]: rcvd [LCP TermAck id=0x2 "Authentication failed"]
      Mar 14 17:35:50 pppd[5746]: Connection terminated.
      Mar 14 17:35:50 pptpd[5745]: CTRL: Reaping child PPP[5746]
      Mar 14 17:35:50 pppd[5746]: Exit.
      Mar 14 17:35:50 pptpd[5745]: CTRL: Client 71.29.79.20 control connection finished

       

      From this, there seems to be some sort of authentication failure.  I have verified that the user ktenbrook is setup properly in the Users page, there is a Users group with correct ACL, and have triple checked for typos in the passwords, etc.  Now, the network behind the firewall does not have a domain controller - it is a Linux/Samba network.  Is that the problem?  The line above that says  No CHAP secret found for authenticating PWNET\\ktenbrook seems to be the crux of the matter, but I do not see where you would set up a "secret" for PPTP.

       

      Any help would be appreciated.

       

      Thanks.

        • 1. Re: PPTP Server not working for Windows 7 Clients?

          Is

           

          VPN ->PPTP -> PPTP VPN Server -> Required Encryption Level => some ?

          • 2. Re: PPTP Server not working for Windows 7 Clients?

            Hello Ross,

             

            I tried every logical option - from no encryption required to strong encryption required.  The log that I posted with my question was with the setting being strong encryption required, MS-CHAPv2, and corresponding settings on the Windows 7 client side.

             

            Now the bad news.  I really wanted to get this VPN thing solved, but today I had to take the new UTM Firewall out of service and put back my old Tomato Firmware-based router.  I believe the unit is defective.  It has had random occurances where the DNS functionality goes flakey, and it is unable to resolve internal host names on the network, including all the statically set servers that were setup in DHCP.  One moment everything is fine, the next moment I have 25 users who are unable to see the mail server, file server and internet with DNS failures.  They get kicked out of their CAD software because it can no longer contact the license server, also an internal computer.  After 10 days of trying to achieve a stable network, I just have to give up and write off this device as a total loss.  I'd love to send it back and get my money back, although I doubt that the reseller will honor that.  And compared to the thousands of dollars of lost productivity that occurred during the short installed life of this device, it is a small added insult.

             

            I can't believe that with thousands of units that must be out there that my experience is typical.  But, given the recent McAfee EOL announcements, I have no desire to go through the headache of starting over again with a replacement device.  My Tomato-based router had worked reliably for years and I only replaced it at the suggestion of our VOIP provider.  Soon as I put it back in service, my network returned to its former stability with no DNS issues at all.

             

            Anyone want to buy a 10 day old SG310?  Cheap!