The Problem
So we couldn't find any documentation on getting a Mac OS X VPN client to connect to our Linksys router using PPTP, so we thought we'd post a short guide. We used Mac OS X Tiger 10.4.6 and a Linksys WRT54GL running DD-WRT v23 SP1, but these steps should work with any router running DD-WRT.
Following the guides we've found will result in Internet Connect aborting with the error, "Could not negotiate a connection with the remote PPP server".
The problem is that OS X's pppd gets confused about MPPE encryption and fails to properly start negotiate the encryption:
$ tail /var/log/ppp.log
Sat Jun 10 02:43:15 2006 : Refusing MPPE stateful mode offered by peer
Sat Jun 10 02:43:15 2006 : MPPE required but peer negotiation failed
Enabling encryption in OS X actually requires encryption. DD-WRT's default PPTP config enables encryption but does not force it. The problem is that OS X's pppd will fail on encryption negotiation unless the server requires encryption.
Instead of disabling encryption altogether, we need to change DD-WRT's PPTP config to force encryption. The easiest way to do this is to create a startup script that overwrites the default PPTP config. The complete steps follow.
Router Configuration
1) Install the most recent version of the dd-wrt firmware for your router.
2) Click on Administration, Services. In the PPTP section, enable PPTP Server. At the bottom, hit Save Settings.
Now that we have enabled the PPTP server, we must configure it.
3) Click on Administration, Services. In the PPTP section, enter the LAN address of your router (probably 192.168.1.1). In the Client IP(s) section, enter a range of one or more IP addresses that do not overlap with the DHCP address range. For example: "192.168.1.10-20". In the CHAP-Secrets section, enter a list of username/password combinations in the following file format:
user * password *
bob * bobspassword *
Also, note that the root username/password is also allowed to connect via PPTP. At the bottom, hit Save Settings.
The PPTP Server is now configured. However, we need to create a startup script to overwrite one of the PPTP config files.
3) Click on Administration, Diagnostics. In the Commands text area, paste the following script:
echo 'lock' > /tmp/pptpd/options.pptpd
echo 'name *' >> /tmp/pptpd/options.pptpd
echo 'proxyarp' >> /tmp/pptpd/options.pptpd
echo 'ipcp-accept-local' >> /tmp/pptpd/options.pptpd
echo 'ipcp-accept-remote' >> /tmp/pptpd/options.pptpd
echo 'lcp-echo-failure 3' >> /tmp/pptpd/options.pptpd
echo 'lcp-echo-interval 5' >> /tmp/pptpd/options.pptpd
echo 'deflate 0' >> /tmp/pptpd/options.pptpd
echo 'auth' >> /tmp/pptpd/options.pptpd
echo '-chap' >> /tmp/pptpd/options.pptpd
echo '-mschap' >> /tmp/pptpd/options.pptpd
echo '+mschap-v2' >> /tmp/pptpd/options.pptpd
echo 'mppe required' >> /tmp/pptpd/options.pptpd #this line forces encryption and fixes OS X
echo 'mppe stateless' >> /tmp/pptpd/options.pptpd
echo 'mppc' >> /tmp/pptpd/options.pptpd
echo 'ms-ignore-domain' >> /tmp/pptpd/options.pptpd
echo 'chap-secrets /tmp/pptpd/chap-secrets' >> /tmp/pptpd/options.pptpd
echo 'ip-up-script /tmp/pptpd/ip-up' >> /tmp/pptpd/options.pptpd
echo 'ip-down-script /tmp/pptpd/ip-down' >> /tmp/pptpd/options.pptpd
echo 'ms-dns 192.168.1.1' >> /tmp/pptpd/options.pptpd #enter your router's ip here
echo 'mtu 1450' >> /tmp/pptpd/options.pptpd
echo 'mru 1450' >> /tmp/pptpd/options.pptpd
Make sure to replace "192.168.1.1" with your the LAN IP of your router, if it's different. Click Save Startup. The router is configured, let's setup the VPN connection in OS X.
OS X Configuration
1) Open Internet Connect. In the File menu, select New VPN Connection. Pick PPTP and click Continue.
2) Under Server address, enter the WAN IP or hostname of your router. For Account Name and Password, you can use any of the accounts specified earlier, or the root username/password that is used to login to the router.
3) In the Connect menu, select Options. Disable Send all traffic over VPN connection and hit OK.
4) Click the Connect button and enjoy your VPN.
