PPTP issues after Tiger Upgrade

[Tom Bridge]

Over the weekend, we moved a server from 10.3 to 10.4, and we’ve been unable to get the vpn to work, post upgrade.

The vpnd.log reads:

[code]2007-05-29 08:37:15 EDT Listening for connections…
2007-05-29 08:37:18 EDT Incoming call… Address given to client = 10.0.0.211
Tue May 29 08:37:18 2007 : Directory Services Authentication plugin initialized
Tue May 29 08:37:18 2007 : Directory Services Authorization plugin initialized
Tue May 29 08:37:18 2007 : PPTP incoming call in progress from ‘scrubbed IP’…
Tue May 29 08:37:18 2007 : PPTP connection established.
Tue May 29 08:37:18 2007 : using link 0
Tue May 29 08:37:18 2007 : Using interface ppp0
Tue May 29 08:37:18 2007 : Connect: ppp0 <--> socket[34:17]
Tue May 29 08:37:18 2007 : sent [LCP ConfReq id=0x1 ]
Tue May 29 08:37:18 2007 : rcvd [LCP ConfReq id=0x1 ]
Tue May 29 08:37:18 2007 : lcp_reqci: returning CONFACK.
Tue May 29 08:37:18 2007 : sent [LCP ConfAck id=0x1 ]
Tue May 29 08:37:18 2007 : rcvd [LCP ConfAck id=0x1 ]
Tue May 29 08:37:18 2007 : sent [LCP EchoReq id=0x0 magic=0x55d993a3]
Tue May 29 08:37:18 2007 : sent [CHAP Challenge id=0x59 , name = “fqdn for real server”]
Tue May 29 08:37:18 2007 : rcvd [LCP EchoReq id=0x0 magic=0xfdb3d38f]
Tue May 29 08:37:18 2007 : sent [LCP EchoRep id=0x0 magic=0x55d993a3]
Tue May 29 08:37:18 2007 : rcvd [LCP EchoRep id=0x0 magic=0xfdb3d38f]
Tue May 29 08:37:18 2007 : rcvd [CHAP Response id=0x59 <7a0b174af79446b4c5febe969b10ba4a00000000000000000aaf64bd9b4c174891af8b668fdca02171abd6aa464b22e500>, name = “someusername”]
Tue May 29 08:37:19 2007 : DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server.
Tue May 29 08:37:19 2007 : sent [CHAP Success id=0x59 “S=E200A4D8E399517053643DADC4F0E8BFC83A4AB0 M=Access granted”]
Tue May 29 08:37:19 2007 : DSAccessControl plugin: User ‘admin’ authorized for access
Tue May 29 08:37:19 2007 : MPPE required, but keys are not available. Possible plugin problem?
Tue May 29 08:37:19 2007 : sent [LCP TermReq id=0x2 “MPPE required but not available”]
Tue May 29 08:37:19 2007 : rcvd [CCP ConfReq id=0x1 ]
Tue May 29 08:37:19 2007 : rcvd [LCP TermAck id=0x2]
Tue May 29 08:37:19 2007 : Connection terminated.
Tue May 29 08:37:19 2007 : Connect time 0.1 minutes.
Tue May 29 08:37:19 2007 : Sent 0 bytes, received 0 bytes.
Tue May 29 08:37:19 2007 : PPTP disconnecting…
Tue May 29 08:37:19 2007 : PPTP disconnected
2007-05-29 08:37:19 EDT –> Client with address = 10.0.0.211 has hungup[/code]

When I looked around for this particular issue, I found [url=http://docs.info.apple.com/article.html?artnum=107915]this technote[/url] which suggests that it’s lack of a vpnkeyuser, so I ran the [code]sudo /usr/sbin/vpnaddkeyagentuser /LDAPv3/127.0.0.1[/code] command and restarted the VPN service, but I’m still getting the same message…

Anyone see the error of my ways?

[PhillyMJS]

Did you set Workgroup Manager to show all the system users and groups, and verify that there was already a VPN key user present in your LDAP directory?

You might want to do that, delete it if there is one, and then recreate it per the tech note– then reboot and take VPN for a spin again. It’s been a while since I had a similar issue, but I remember needing more than one try to get that key user account successfully created.

~Philly

[luke]

I had the same problem in 10.5 and re-creating the key agent user didn’t work for me at first. Make sure to shut off the VPN service first, and delete any trace of any previous key agent users (from WGM, and also with mkpassdb if necessary). Then create a new keyagentuser per the instructions in this thread, and finally start up the VPN service again. YMMV

[Author]

Posts