Unfortunately the GL-MT300N-V2 doesn’t appear to have GUI settings for MSCHAPv2 and mppe encryption. Perhaps a limitation of being a small travel router.
Here’s a complete cycle of the System Log (repeated every 6 seconds):
Sun Feb 16 20:53:06 2020 daemon.info pppd[31656]: Plugin pptp.so loaded.
Sun Feb 16 20:53:06 2020 daemon.info pppd[31656]: PPTP plugin version 1.00
Sun Feb 16 20:53:06 2020 daemon.notice pppd[31656]: pppd 2.4.7 started by root, uid 0
Sun Feb 16 20:53:07 2020 daemon.info pppd[31656]: Using interface pptp-VPN
Sun Feb 16 20:53:07 2020 daemon.notice pppd[31656]: Connect: pptp-VPN <--> pptp (ukl1.pointtoserver.com)
Sun Feb 16 20:53:08 2020 daemon.warn pppd[31672]: Non-zero Async Control Character Maps are not supported!
Sun Feb 16 20:53:08 2020 daemon.info pppd[31656]: EAP: unknown authentication type 26; Naking
Sun Feb 16 20:53:08 2020 daemon.err pppd[31656]: EAP: peer reports authentication failure
Sun Feb 16 20:53:08 2020 daemon.warn pppd[31672]: Non-zero Async Control Character Maps are not supported!
Sun Feb 16 20:53:08 2020 daemon.notice pppd[31656]: Connection terminated.
Sun Feb 16 20:53:08 2020 daemon.info pppd[31656]: Exit.
Sun Feb 16 20:53:09 2020 daemon.notice netifd: Interface 'VPN' is now down
Sun Feb 16 20:53:09 2020 daemon.notice netifd: Interface 'VPN' is setting up now
Doing a search on “EAP: unknown authentication type 26; Naking” brought up some links e.g:
which suggests editing the /etc/ppp/options.pptp file and making the below changes:
# We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
# refuse-chap
# refuse-mschap
However I'm not sure where to find the options.pptp file and how to edit it?
I agree... OpenVPN is a much better option (WireGuard is also good).
PPTP is not secure. So while it is a functional VPN, it is extremely easy to crack and thus offers little-to-no privacy/security. It is obsolete and deprecated in many OS's now for those reasons (for example, iOS and Mac OS no longer have PPTP installed).
Unfortunately I can't use OpenVPN for my specific requirement and the only other alternative (linitation of my VPN provider) is PPTP.
The solution to get PPTP wokring is to edit the /etc/ppp/options.pptp file and make the following changes:
# We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
# refuse-chap
# refuse-mschap
However as a newbie I don't know how to find and edit this file so I really need help with that?
#We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
#(you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
#refuse-chap
#refuse-mschap
I wholeheartedly agree, and personally I use WireGuard whenever possible (OpenVPN, previously). <rant>
However, in some unfortunate situations (e. g.: you need to connect to the VPN of some huge dinosaur company, which only supports PPTP, because of reasons), you have to live with it. Yes, any sysadmin worth his salary knows PPTP has been deemed insecure for over a decade, but removing support for a protocol because it's insecure is extremely irresponsible and short-sighted.
</rant>