OpenWrt Forum Archive

Topic: PPTP client won't connect

The content of this topic has been archived on 6 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I am trying to get OpenWRT to act as a PPTP client to a Windows server. I've got another WRT running Sveasoft alchemy and its connects fine. The openWRT router will connect to another VPN with a Linux server without problems. I cannot figure out why it won't connect. The syslog shows the following on OpenWRT:

Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: rcvd [CHAP Success id=0x8d "S=D767F2F595C2F9B98F292557F3F6066F03C11BD9 M=Access granted"]
Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: sent [CCP ConfReq id=0x1 <mppe -H -M -S -L -D +C> <deflate 15> <deflate(old#) 15>]
Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: sent [CCP ConfNak id=0x1 <mppe -H -M +S -L -D -C>]
Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: rcvd [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]
Jan  1 23:09:54 OpenWrt kern.info pppd[1130]: LCP terminated by peer (MPPE required but peer negotiation failed)
Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: sent [LCP TermAck id=0x2]
Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: rcvd [CCP ConfRej id=0x1 <mppe -H -M -S -L -D +C> <deflate 15> <deflate(old#) 15>]
Jan  1 23:09:54 OpenWrt kern.debug pppd[1130]: Discarded non-LCP packet when LCP not open


but on sveasoft it says:

Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: rcvd [CHAP Success id=0x88 "S=967976A57478E47617F9146A6C852874A240DBB5 M=Access granted"]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: sent [CCP ConfReq id=0x1 <mppe +H +M +S +L -D +C>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]
Oct 28 17:46:31 Sopita daemon.notice pppd[8968]: MPPE 128-bit stateless compression enabled
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: rcvd [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 172.x.x.x>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: sent [IPCP ConfAck id=0x1 <compress VJ 0f 01> <addr 172.x.x.x>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: rcvd [IPCP ConfNak id=0x1 <addr 172.17.176.124>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: sent [IPCP ConfReq id=0x2 <compress VJ 0f 01> <addr 172.x.x.x>]
Oct 28 17:46:31 Sopita daemon.debug pppd[8968]: rcvd [IPCP ConfAck id=0x2 <compress VJ 0f 01> <addr 172.x.x.x>]
Oct 28 17:46:31 Sopita daemon.notice pppd[8968]: local  IP address 172.17.176.124
Oct 28 17:46:31 Sopita daemon.notice pppd[8968]: remote IP address 172.17.176.1


I have the ppp_deflate, ppp_async and ppp_mppe_mppc modules loaded. I notice that Sveasoft has these built straight into the kernel rather than as modules. From what I can tell the pptp-client, pppd and kernel versions are identical.

Any ideas why this doesn't work?

show me the related configure files and I would give a shot. pptp(pppd) is quite picky on the options. I spent a few days to get the right config. In general, you need to enable both mppe and mschap-v2(and only this two) .

I've actually not got a /etc/ppp/options file (or equivalent) on either system. What I've done to make the call is to do run the command:

pptp 172.x.x.x user me password pass noauth debug lock persist

This works great on sveasoft, but gives me the errors on openwrt (on openwrt before running this I insmod the appropriate modules and create /var/lock as ppp creates some files there).

I'm wondering if I compile the ppp options into the kernel (instead of as modules) like sveasoft does if that will work?

I've actually not got a /etc/ppp/options file (or equivalent) on either system. What I've done to make the call is to do run the command:

pptp 172.x.x.x user me password pass noauth debug lock persist

This works great on sveasoft, but gives me the errors on openwrt (on openwrt before running this I insmod the appropriate modules and create /var/lock as ppp creates some files there).

I'm wondering if I compile the ppp options into the kernel (instead of as modules) like sveasoft does if that will work?

If there is no other options and the remote is not properly configured, this will most likely failed. You need to add "+mppe-128 require-mschap-v2" and may be "refuse-pap refuse-eap refuse-chap". The reason is that pptp(MS style) use mppe which requires mschap-v2 authentication but if you already agree on some other things(like pap or chap), pppd barks and stop.

ok, i'll give that a try. I still don't see why sveasoft would be negotiating different options to openwrt given that the versions of pptp,pppd and the kernel are identical.

I tried making a normal ppp config with a chap-secrets file and an options file. When require-mschap-v2 is enabled I get:

/usr/sbin/pppd: The remote system (PROVIDER) is required to authenticate itself
/usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so.

My options file consists of:

lock
noauth
nobsdcomp
nodeflate
debug
require-mppe-128
lcp-echo-failure 30
lcp-echo-interval 20
refuse-pap
refuse-eap
refuse-chap
+mppe-128

the chap-secrets consists of:

me@mydomain.com    *    mypassword


I'm still getting the same error messages though. I'm wondering if not having the stateless option enabled is causing problems, howver I can't work out what option to use. Putting "mppe-stateless" or "require-mppe-stateless" in the options causes errors from pptp.

I'm able to connect ok to my linux pptp server with this setup, just not to the windows server (which is what I need).

Just found this page http://pptpclient.sourceforge.net/howto … mppe_rbpnf and it said to try the option nomppe-stateful, I added that to my options file and everything works fine.

By simply running:

pptp 123.123.123.123 user me@my.com password mypassword noauth lock nomppe-stateful debug

also works fine.

The discussion might have continued from here.