1 of 1 people found this helpful
What is the result of "Test RADUIS Configuration" on the SnapGear? Can you submit some 'PPTPD' system log?
If you have CHAP authentication on RADIUS server, try changing it to PAP. Also change the Required Encryption Level on SG to 'none' (VPN >> PPTP >> PPTP VPN Server).
What is the username you are trying to connect with? Does it have VPN rights on the IAS server?
Check if you have the PPTP group on SG with PPTP access permission (Users>Groups>Under User ACLs)
If problem persists please contact support and submit a technical support report. Also take a Packet capture (Diagnostics >> Packet Capture) on the LAN interface with -s 1500 host a.b.c.d (where a.b.c.d is the IP address of RADIUS Server).
OK, again, maybe I'm a dolt, but this seems to be an area where the interface has changed significantly, but the documentation is lacking. To sum up, if you are having problems with authentication on PPTP using the 4.x firmware, check the following first:
1.) If you are using Local Users, make sure that the user is assigned to a group that has PPTP access. It is no longer enabled at the user level and the administrators groups does not have PPTP rights by default.
2.) If you are using RADIUS, Make sure that the Default Group is assigned as a group with PPTP access when you change the settings on the PAM page. If you leave it as "No Default Group" it will not work. Maybe there is a way to avoid this, but it sure isn't obvious.
3.) Even though RADIUS is working, when you "Test RADIUS Configuration" on the RADIUS tab, a valid user might end up being denied. I don't know why, but a user that can successfully authenticate for PPTP shows up as Denied when testing the configuration. This is particularly annoying, as an improperly configured RADIUS setup fails in just the same way.