tag:blogger.com,1999:blog-274443552011-11-27T19:18:23.992-05:00Upgrade today!Office 2.0http://www.blogger.com/profile/11057552654508206755noreply@blogger.comBlogger11100tag:blogger.com,1999:blog-27444355.post-1149919921808452832006-06-10T05:47:00.000-04:002006-06-10T05:50:28.756-04:00<h2>The Problem</h2><br />So we couldn't find any documentation on getting a Mac OS X VPN client to connect to our Linksys router using PPTP, so we thought we'd post a short guide. We used Mac OS X Tiger 10.4.6 and a Linksys WRT54GL running DD-WRT v23 SP1, but these steps should work with any router running DD-WRT.<br /><br />Following the guides we've found will result in Internet Connect aborting with the error, "Could not negotiate a connection with the remote PPP server".<br /><br />The problem is that OS X's pppd gets confused about <a href="http://en.wikipedia.org/wiki/MPPE">MPPE</a> encryption and fails to properly start negotiate the encryption:<br /><blockquote><pre><br />$ tail /var/log/ppp.log<br />Sat Jun 10 02:43:15 2006 : Refusing MPPE stateful mode offered by peer<br />Sat Jun 10 02:43:15 2006 : MPPE required but peer negotiation failed</pre></blockquote><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/internetconnectpppfail.0.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/internetconnectpppfail.0.jpg" border="0" alt="" /></a><br />Enabling encryption in OS X actually requires encryption. DD-WRT's default PPTP config enables encryption but does not force it. The problem is that OS X's pppd will fail on encryption negotiation unless the <span style="font-weight:bold;">server requires encryption</span>.<br /><br />Instead of disabling encryption altogether, we need to change DD-WRT's PPTP config to force encryption. The easiest way to do this is to create a startup script that overwrites the default PPTP config. The complete steps follow.<br /><h2>Router Configuration</h2><br />1) Install the most recent version of the dd-wrt firmware for your router.<br /><br />2) Click on <span style="font-style:italic;">Administration</span>, <span style="font-style:italic;">Services</span>. In the <span style="font-style:italic;">PPTP</span> section, enable <span style="font-style:italic;">PPTP Server</span>. At the bottom, hit <span style="font-style:italic;">Save Settings</span>.<br />Now that we have enabled the PPTP server, we must configure it.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/pptpenable.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/pptpenable.jpg" border="0" alt="" /></a><br />3) Click on <span style="font-style:italic;">Administration</span>, <span style="font-style:italic;">Services</span>. In the <span style="font-style:italic;">PPTP</span> section, enter the <span style="font-weight:bold;">LAN</span> address of your router (probably 192.168.1.1). In the <span style="font-style:italic;">Client IP(s)</span> section, enter a range of one or more IP addresses that do not overlap with the DHCP address range. For example: "192.168.1.10-20". In the <span style="font-style:italic;">CHAP-Secrets</span> section, enter a list of username/password combinations in the following file format:<br /><blockquote><pre>user * password *<br />bob * bobspassword *</pre></blockquote><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/pptpsettings.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/pptpsettings.jpg" border="0" alt="" /></a><br />Also, note that the root username/password is also allowed to connect via PPTP. At the bottom, hit <span style="font-style:italic;">Save Settings</span>.<br /><br />The PPTP Server is now configured. However, we need to create a startup script to overwrite one of the PPTP config files. <br /><br />3) Click on <span style="font-style:italic;">Administration</span>, <span style="font-style:italic;">Diagnostics</span>. In the <span style="font-style:italic;">Commands</span> text area, paste the following script:<br /><blockquote><pre>echo 'lock' > /tmp/pptpd/options.pptpd<br />echo 'name *' >> /tmp/pptpd/options.pptpd<br />echo 'proxyarp' >> /tmp/pptpd/options.pptpd<br />echo 'ipcp-accept-local' >> /tmp/pptpd/options.pptpd<br />echo 'ipcp-accept-remote' >> /tmp/pptpd/options.pptpd<br />echo 'lcp-echo-failure 3' >> /tmp/pptpd/options.pptpd<br />echo 'lcp-echo-interval 5' >> /tmp/pptpd/options.pptpd<br />echo 'deflate 0' >> /tmp/pptpd/options.pptpd<br />echo 'auth' >> /tmp/pptpd/options.pptpd<br />echo '-chap' >> /tmp/pptpd/options.pptpd<br />echo '-mschap' >> /tmp/pptpd/options.pptpd<br />echo '+mschap-v2' >> /tmp/pptpd/options.pptpd<br />echo 'mppe required' >> /tmp/pptpd/options.pptpd #this line forces encryption and fixes OS X<br />echo 'mppe stateless' >> /tmp/pptpd/options.pptpd<br />echo 'mppc' >> /tmp/pptpd/options.pptpd<br />echo 'ms-ignore-domain' >> /tmp/pptpd/options.pptpd<br />echo 'chap-secrets /tmp/pptpd/chap-secrets' >> /tmp/pptpd/options.pptpd<br />echo 'ip-up-script /tmp/pptpd/ip-up' >> /tmp/pptpd/options.pptpd<br />echo 'ip-down-script /tmp/pptpd/ip-down' >> /tmp/pptpd/options.pptpd<br />echo 'ms-dns 192.168.1.1' >> /tmp/pptpd/options.pptpd #enter your router's ip here<br />echo 'mtu 1450' >> /tmp/pptpd/options.pptpd<br />echo 'mru 1450' >> /tmp/pptpd/options.pptpd<br /></pre></blockquote><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/startupscript.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/1600/startupscript.jpg" border="0" alt="" /></a><br />Make sure to replace "192.168.1.1" with your the LAN IP of your router, if it's different. Click <span style="font-style:italic;">Save Startup</span>. The router is configured, let's setup the VPN connection in OS X.<br /><h2>OS X Configuration</h2><br />1) Open <span style="font-style:italic;">Internet Connect</span>. In the <span style="font-style:italic;">File</span> menu, select <span style="font-style:italic;">New VPN Connection</span>. Pick <span style="font-style:italic;">PPTP</span> and click <span style="font-style:italic;">Continue</span>.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/vpnnew.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/vpnnew.jpg" border="0" alt="" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/vpntype.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/vpntype.jpg" border="0" alt="" /></a><br /><br />2) Under <span style="font-style:italic;">Server address</span>, enter the <span style="font-weight:bold;">WAN</span> IP or hostname of your router. For <span style="font-style:italic;">Account Name</span> and <span style="font-style:italic;">Password</span>, you can use any of the accounts specified earlier, or the root username/password that is used to login to the router.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/vpnsetup.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/vpnsetup.jpg" border="0" alt="" /></a><br /><br />3) In the <span style="font-style:italic;">Connect</span> menu, select <span style="font-style:italic;">Options</span>. Disable <span style="font-style:italic;">Send all traffic over VPN connection</span> and hit <span style="font-style:italic;">OK</span>.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/vpnoptions.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/vpnoptions.jpg" border="0" alt="" /></a><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/vpnroute.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/vpnroute.jpg" border="0" alt="" /></a><br /><br />4) Click the <span style="font-style:italic;">Connect</span> button and enjoy your VPN.<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger/6162/2891/1600/vpnworking.jpg"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;" src="http://photos1.blogger.com/blogger/6162/2891/400/vpnworking.jpg" border="0" alt="" /></a><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/27444355-114991992180845283?l=office20.blogspot.com' alt='' /></div>Office 2.0noreply@blogger.com37