Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Accessing a VPN (PPTP) via the command line Internet
My employer has a Microsoft VPN (PPTP) server and I finally got connected to it. The Internet Connection app allows you to access a VPN, but it has a couple of parameters that may cause problems, and it also might be useful to see the command line way to do it. I got the basic command line syntax by invoking Internet Connection, then looking at ps -axlww. Here's the command I use:

% sudo pppd serviceid 2 debug logfile /tmp/ppp.log plugin /System/\
Library/SystemConfiguration/PPPController.bundle/Contents/PlugIns/PPPDialogs.ppp \
plugin PPTP.ppp remoteaddress WWW.XXX.YYY.ZZZ redialcount 1 redialtimer 5 \
idle 1800 mru 1500 mtu 1448 receive-all ipparam 192.168.0.1 novj 0:0 noipdefault \
ipcp-accept-local ipcp-accept-remote noauth refuse-pap refuse-chap-md5 \
user domain\\username mypass password hide-password noaskpassword \
forcedetach mppe-stateless mppe-128 looplocal

% sudo route add -net AAA.BBB.0.0 AAA.BBB.CCC.DDD
Where you replace 'domain', 'username', 'mypass', and the 'AAA.BBB.CCC.DDD', etc, IP addresses with the proper ones for your site.

What's the difference between this and Apple's version? First, I don't use 'usepeerdns' or 'defaultroute', which are more appropriate if the VPN connection will be your ONLY connection to the rest of the net. And I've extended the idle timeout to a half hour (instead of 10 minutes).
    •    
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[47,943 views]  

Accessing a VPN (PPTP) via the command line | 13 comments | Create New Account
Click here to return to the 'Accessing a VPN (PPTP) via the command line' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Accessing a VPN (PPTP) via the command line
Authored by: alajuela on Mar 13, '03 03:03:37PM

This is encouraging, because it's possible it will give me the tool or doorway to force a stateful connection with my company's VPN server, which is a dinosaur. But before I can check that, I received this message when I tried the suggestion:

2003-03-13 12:00:46.397 pppd[457] CFLog (21): Cannot find executable for CFBundle 0x75510 </System> (not loaded)
pppd: Couldn't load plugin /System/

Any thoughts?



[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: alajuela on Mar 13, '03 03:12:05PM

Duh. Sorry. I forgot to fix the spacing between lines.



[ Reply to This | # ]
Can't load /System/ plugin solution
Authored by: Anonymous on Mar 13, '03 07:19:52PM

Good hint. I had the same problem as the above poster, so I launched internet connect, made a pptp tunnel, and did the ps -axlww business. I noticed it's slightly different on my laptop from the posted version in the hint. In my case, the service ID was 45, rather than 2. Once I changed that, the error was gone...

---
Regards,

Ed Hintz



[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: UltraNurd on Mar 14, '03 03:42:18PM

Any idea what "CHAP Authentication Failed" means? I tried messing around with the various options, although it is possible that I have my domain or user name entered incorrectly... Any suggestions?



[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: wfolta on Mar 14, '03 04:59:14PM

Three suggestions:

1. Look at the file /tmp/ppp.log to see the details. Maybe it'll give you an idea.

2. On the Windows server end, they have to go to your account information and check a box that says something like "allow dial-in" to give you VPN access. Evidently this box is unchecked by default. (At least it was for me.)

3. Double-check with the IT people on what your passsword should be. It may not be the same as your "network login" when you're there.



[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: JuliaB on Jul 28, '03 05:40:55PM

User Name or Password is wrong



[ Reply to This | # ]
Slight correction
Authored by: wfolta on Mar 14, '03 04:51:20PM

I had some problems today and don't know if this had anything to do with it or not. I also noticed that I'd made an assumption about the class of the internal network at the other end of the VPN connection.

In the add route command, I had an IP address of AAA.BBB.0.0, which means we have a Class B network at the other end of the VPN, so the network part of an IP address is the first two numbers, while the machine part is the last two numbers.

Two things to note:

1. The command should be edited to say "-net AAA.BBB" with no trailing zeroes. I assume this is the same thing, but it makes the intent clearer and might make a difference.

2. You need to know what class your office has and make sure the -net IP address reflects this. It might not be Class B. In fact, it might be a hybrid that requires you to use netmask notation. (I.e. AAA.BBB.CCC/18 or something like that.)



[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: JuliaB on Jul 28, '03 05:44:01PM

AirPort, how can I get this to work with AirPort?

With Ethernet I works beautifully, thank you!



[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: JuliaB on Aug 05, '03 04:49:24PM

I found out myself:

Unter System, network, network-configuration (I am not quite sure about the words, using a German system). The order has to be: Ethernet, Airport, PPTP, with Airport after PPTP it is not working.



[ Reply to This | # ]
PANTHER 10.3 UPDATE: Accessing a VPN (PPTP) via the command line
Authored by: emarmite on Oct 25, '03 12:45:20PM

I have used this script myself on 10.2. Having upgraded to 10.3, the forcedetach parameter gives an error, I don't know why. I removed it and everything was just fine.



[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: machard on Feb 05, '04 05:15:32PM
Bit if a newbie herem but I'm trying to get my buddys mac on to his vpn so he can ditch the pc that his company gave him... I've got all the info pluggrd into internet connect and I always get "authentication failed". after looking into the log file it reads:

PPTP connecting to server 'AAA.BBB.CCC.DDD'
PPTP connection established.
Using interface ppp0
Connect: ppp0 <--> socket[34:17]
MS-CHAPv2 mutual authentication failed.
Remote message: 46b44ca0e36d0b949d31a3df9b463c422607$
Connection terminated.
PPTP disconnecting...
PPTP disconnected
Anyone have any idea how to resolve the "MS-CHAPv2 mutual authentication failed" issue?

[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: rnilz on Feb 25, '04 09:59:47AM

Okay, I'm not sure about this put try something like this (from the terminal):

sudo pppd serviceid 2 debug logfile /tmp/ppp.log plugin /System/Library/SystemConfiguration/PPPController.bundle/Contents/PlugIns/PPPDialogs.ppp plugin pptp.ppp remoteaddress xxx.yyy.zzz.aaa redialcount 1 redialtimer 5 idle 1800 mru 1500 mtu 1448 receive-all novj 0:0 noipdefault ipcp-accept-local ipcp-accept-remote user theusername password thepassword hide-password noaskpassword looplocal defaultroute usepeerdns

basically, it sounds like the server doesn't allow chapms-v2 authentication and apple's vpn gui doesn't allow for much configuration of the client. The command line (adapted from the original post) should go through all sorts of authentication protocols. If it works, you could shell script it or apple script it.

Hope this helps



[ Reply to This | # ]
Accessing a VPN (PPTP) via the command line
Authored by: finne on Jun 02, '04 11:18:44AM

CHAP authentication is basically the password/username verification: ie your password or username is not correct. When connecting to Microsoft Windows computers a user must often also supply his or her Windows Domain. This can be squeezed in with the username. Use:

domain\username

instead of just username in the field that accepts your username. This worked for me on my employers Windows VPN server



[ Reply to This | # ]