Configuring PPTP on GL-MT300N-V2 router

choury · February 16, 2020, 5:26pm

Hi

This is my current setup:

Router: GL-MT300N-V2

VPN Provider: PureVPN

Firmware: LuCI openwrt-18.06

Requirement: PPTP on my router (BBCiPlayer / Chromecast abroad). Only PPTP appears to work in the intended environment according to PureVPN!

I have been following these instructions https://openwrt.org/docs/guide-user/services/vpn/pptp/client

but unfortunately I have not been able to get my configuration to work:

Menu option > LuCI > Network > Interfaces show an issue with the new setting I have tried to create:

Name: VPN

Protocol: PPtP

RX: 0 B (0 Pkts.)

TX: 0 B (0 Pkts.)

Error: Unknown error (AUTH_TOPEER_FAILED)

Does the error AUTH_TOPEER_FAILED indicate what might be wrong (The username and password are certainly correct!)?

As a newbie I need all the help I can get!

Thanks

Chris

khokooli · February 16, 2020, 6:43pm

try pptp with MSCHAPv2 and mppe encryption
also please send system logs and kernel logs, you can find these in luci web manage --> status

choury · February 16, 2020, 9:41pm

Hi Sina

Thanks for taking the time to reply.

Unfortunately the GL-MT300N-V2 doesn’t appear to have GUI settings for MSCHAPv2 and mppe encryption. Perhaps a limitation of being a small travel router.

Here’s a complete cycle of the System Log (repeated every 6 seconds):

Sun Feb 16 20:53:06 2020 daemon.info pppd[31656]: Plugin pptp.so loaded.
Sun Feb 16 20:53:06 2020 daemon.info pppd[31656]: PPTP plugin version 1.00
Sun Feb 16 20:53:06 2020 daemon.notice pppd[31656]: pppd 2.4.7 started by root, uid 0
Sun Feb 16 20:53:07 2020 daemon.info pppd[31656]: Using interface pptp-VPN
Sun Feb 16 20:53:07 2020 daemon.notice pppd[31656]: Connect: pptp-VPN <--> pptp (ukl1.pointtoserver.com)
Sun Feb 16 20:53:08 2020 daemon.warn pppd[31672]: Non-zero Async Control Character Maps are not supported!
Sun Feb 16 20:53:08 2020 daemon.info pppd[31656]: EAP: unknown authentication type 26; Naking
Sun Feb 16 20:53:08 2020 daemon.err pppd[31656]: EAP: peer reports authentication failure
Sun Feb 16 20:53:08 2020 daemon.warn pppd[31672]: Non-zero Async Control Character Maps are not supported!
Sun Feb 16 20:53:08 2020 daemon.notice pppd[31656]: Connection terminated.
Sun Feb 16 20:53:08 2020 daemon.info pppd[31656]: Exit.
Sun Feb 16 20:53:09 2020 daemon.notice netifd: Interface 'VPN' is now down
Sun Feb 16 20:53:09 2020 daemon.notice netifd: Interface 'VPN' is setting up now

Doing a search on “EAP: unknown authentication type 26; Naking” brought up some links e.g:

which suggests editing the /etc/ppp/options.pptp file and making the below changes:

# We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
# refuse-chap
# refuse-mschap

However I'm not sure where to find the options.pptp file and how to edit it?

Thanks for any help.

Chris

ulmwind · February 16, 2020, 10:04pm

Configure OpenVPN. Are you running native OpenWRT or (I suppose, it takes place) clone by GL?

psherman · February 16, 2020, 10:16pm

I agree... OpenVPN is a much better option (WireGuard is also good).

PPTP is not secure. So while it is a functional VPN, it is extremely easy to crack and thus offers little-to-no privacy/security. It is obsolete and deprecated in many OS's now for those reasons (for example, iOS and Mac OS no longer have PPTP installed).

choury · February 17, 2020, 8:36am

Thanks for the reply.

Unfortunately I can't use OpenVPN for my specific requirement and the only other alternative (linitation of my VPN provider) is PPTP.
The solution to get PPTP wokring is to edit the /etc/ppp/options.pptp file and make the following changes:

# We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
# refuse-chap
# refuse-mschap

However as a newbie I don't know how to find and edit this file so I really need help with that?

Thanks

Chris

choury · February 17, 2020, 8:39am

Sorry for the poor formatting before:

editing the /etc/ppp/options.pptp file:

#We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
#(you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
#refuse-chap
#refuse-mschap

Thanks

Chris

ulmwind · February 17, 2020, 9:29am

You have full name of file with path, what is your question? I repeat my question:

choury · February 17, 2020, 9:46am

Hello

I am running
LuCI openwrt-18.06. I think this is the GL implementation.

As a newbie I don’t know which tools I need to locate and edit
/etc/ppp/options.pptp.

Thanks for your help.

Chris

rsalvaterra · February 17, 2020, 9:50am

I wholeheartedly agree, and personally I use WireGuard whenever possible (OpenVPN, previously). <rant>
However, in some unfortunate situations (e. g.: you need to connect to the VPN of some huge dinosaur company, which only supports PPTP, because of reasons), you have to live with it. Yes, any sysadmin worth his salary knows PPTP has been deemed insecure for over a decade, but removing support for a protocol because it's insecure is extremely irresponsible and short-sighted.
</rant>

ulmwind · February 17, 2020, 4:48pm

Install native OpenWRT, and use OpenVPN. What is your limitation concerning OpenVPN?