I have a single WAN setup and PPTP has been broken since I upgraded to 1.2.1. In version 1.2 it worked perfectly. I've tried changing settings and putting them back, but it continues to fail at the authentication process as you've described. I have the same setup as you, a W2K3 server acting as radius and the PFSense machine acting as the PPTP server. Anyone else notice that PPTP has broken since 1.2.1 upgrade? Here is a snippit of my logs....
Jan 7 19:20:11 mpd: pptp0: killing connection with 24.XX.XX.XXX:58149 Jan 7 19:20:11 mpd: [pt0] LCP: Down event Jan 7 19:20:11 mpd: [pt0] link: DOWN event Jan 7 19:20:11 mpd: [pt0] device is now in state DOWN Jan 7 19:20:11 mpd: [pt0] device: DOWN event in state DOWN Jan 7 19:20:11 mpd: [pt0] LCP: phase shift ESTABLISH --> DEAD Jan 7 19:20:11 mpd: [pt0] LCP: state change Closed --> Initial Jan 7 19:20:11 mpd: [pt0] LCP: Down event Jan 7 19:20:11 mpd: [pt0] link: DOWN event Jan 7 19:20:11 mpd: [pt0] device is now in state DOWN Jan 7 19:20:11 mpd: [pt0] device: DOWN event in state CLOSING Jan 7 19:20:11 mpd: [pt0] LCP: state change Stopped --> Closed Jan 7 19:20:11 mpd: [pt0] LCP: Close event Jan 7 19:20:11 mpd: [pt0] link: CLOSE event Jan 7 19:20:11 mpd: [pt0] device is now in state CLOSING Jan 7 19:20:11 mpd: [pt0] device: CLOSE event in state CLOSING Jan 7 19:20:11 mpd: [pt0] closing link "pt0"... Jan 7 19:20:11 mpd: [pt0] bundle: CLOSE event in state OPENED Jan 7 19:20:11 mpd: [pt0] device is now in state CLOSING Jan 7 19:20:11 mpd: [pt0] IFACE: Close event Jan 7 19:20:11 mpd: pptp0: closing connection with 24.XX.XX.XXX:58149 Jan 7 19:20:11 mpd: [pt0] IFACE: Close event Jan 7 19:20:11 mpd: [pt0] IPCP: LayerFinish Jan 7 19:20:11 mpd: [pt0] IPCP: state change Starting --> Initial Jan 7 19:20:11 mpd: [pt0] IPCP: Close event Jan 7 19:20:11 mpd: [pt0] IFACE: Close event Jan 7 19:20:11 mpd: [pt0] PPTP call terminated Jan 7 19:20:11 mpd: pptp0-0: killing channel Jan 7 19:20:11 mpd: pptp0-0: clearing call Jan 7 19:20:11 mpd: [pt0] device: CLOSE event in state UP Jan 7 19:20:11 mpd: [pt0] LCP: LayerFinish Jan 7 19:20:11 mpd: [pt0] LCP: parameter negotiation failed Jan 7 19:20:11 mpd: [pt0] LCP: LayerFinish Jan 7 19:20:11 mpd: [pt0] LCP: state change Req-Sent --> Stopped Jan 7 19:20:09 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:09 mpd: MP SHORTSEQ Jan 7 19:20:09 mpd: MP MRRU 1600 Jan 7 19:20:09 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:09 mpd: MAGICNUM 44d69474 Jan 7 19:20:09 mpd: MRU 1500 Jan 7 19:20:09 mpd: PROTOCOMP Jan 7 19:20:09 mpd: ACFCOMP Jan 7 19:20:09 mpd: [pt0] LCP: SendConfigReq #10 Jan 7 19:20:07 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:07 mpd: MP SHORTSEQ Jan 7 19:20:07 mpd: MP MRRU 1600 Jan 7 19:20:07 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:07 mpd: MAGICNUM 44d69474 Jan 7 19:20:07 mpd: MRU 1500 Jan 7 19:20:07 mpd: PROTOCOMP Jan 7 19:20:07 mpd: ACFCOMP Jan 7 19:20:07 mpd: [pt0] LCP: SendConfigReq #9 Jan 7 19:20:05 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:05 mpd: MP SHORTSEQ Jan 7 19:20:05 mpd: MP MRRU 1600 Jan 7 19:20:05 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:05 mpd: MAGICNUM 44d69474 Jan 7 19:20:05 mpd: MRU 1500 Jan 7 19:20:05 mpd: PROTOCOMP Jan 7 19:20:05 mpd: ACFCOMP Jan 7 19:20:05 mpd: [pt0] LCP: SendConfigReq #8 Jan 7 19:20:03 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:03 mpd: MP SHORTSEQ Jan 7 19:20:03 mpd: MP MRRU 1600 Jan 7 19:20:03 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:03 mpd: MAGICNUM 44d69474 Jan 7 19:20:03 mpd: MRU 1500 Jan 7 19:20:03 mpd: PROTOCOMP Jan 7 19:20:03 mpd: ACFCOMP Jan 7 19:20:03 mpd: [pt0] LCP: SendConfigReq #7 Jan 7 19:20:01 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:20:01 mpd: MP SHORTSEQ Jan 7 19:20:01 mpd: MP MRRU 1600 Jan 7 19:20:01 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:20:01 mpd: MAGICNUM 44d69474 Jan 7 19:20:01 mpd: MRU 1500 Jan 7 19:20:01 mpd: PROTOCOMP Jan 7 19:20:01 mpd: ACFCOMP Jan 7 19:20:01 mpd: [pt0] LCP: SendConfigReq #6 Jan 7 19:19:59 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:19:59 mpd: MP SHORTSEQ Jan 7 19:19:59 mpd: MP MRRU 1600 Jan 7 19:19:59 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:19:59 mpd: MAGICNUM 44d69474 Jan 7 19:19:59 mpd: MRU 1500 Jan 7 19:19:59 mpd: PROTOCOMP Jan 7 19:19:59 mpd: ACFCOMP Jan 7 19:19:59 mpd: [pt0] LCP: SendConfigReq #5 Jan 7 19:19:57 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:19:57 mpd: MP SHORTSEQ Jan 7 19:19:57 mpd: MP MRRU 1600 Jan 7 19:19:57 mpd: AUTHPROTO CHAP MSOFTv2 Jan 7 19:19:57 mpd: MAGICNUM 44d69474 Jan 7 19:19:57 mpd: MRU 1500 Jan 7 19:19:57 mpd: PROTOCOMP Jan 7 19:19:57 mpd: ACFCOMP Jan 7 19:19:57 mpd: [pt0] LCP: SendConfigReq #4 Jan 7 19:19:55 mpd: ENDPOINTDISC [802.1] 00 00 24 c9 2c b4 Jan 7 19:19:55 mpd: MP SHORTSEQ Jan 7 19:19:55 mpd: MP MRRU 1600 I also noticed that when I save the config, it shows the PPTP server address as 0.0.0.0 in the log, even though I clearly have the WAN IP address in that field. Here is a snippit of that...... Jan 7 19:26:28 mpd: [pt15] using interface ng16 Jan 7 19:26:28 mpd: [pt15] ppp node is "mpd57834-pt15" Jan 7 19:26:28 mpd: [pt14] using interface ng15 Jan 7 19:26:28 mpd: [pt14] ppp node is "mpd57834-pt14" Jan 7 19:26:28 mpd: [pt13] using interface ng14 Jan 7 19:26:28 mpd: [pt13] ppp node is "mpd57834-pt13" Jan 7 19:26:28 mpd: [pt12] using interface ng13 Jan 7 19:26:28 mpd: [pt12] ppp node is "mpd57834-pt12" Jan 7 19:26:28 mpd: [pt11] using interface ng12 Jan 7 19:26:28 mpd: [pt11] ppp node is "mpd57834-pt11" Jan 7 19:26:28 mpd: [pt10] using interface ng11 Jan 7 19:26:28 mpd: [pt10] ppp node is "mpd57834-pt10" Jan 7 19:26:28 mpd: [pt9] using interface ng10 Jan 7 19:26:28 mpd: [pt9] ppp node is "mpd57834-pt9" Jan 7 19:26:28 mpd: [pt8] using interface ng9 Jan 7 19:26:28 mpd: [pt8] ppp node is "mpd57834-pt8" Jan 7 19:26:28 mpd: [pt7] using interface ng8 Jan 7 19:26:28 mpd: [pt7] ppp node is "mpd57834-pt7" Jan 7 19:26:28 mpd: [pt6] using interface ng7 Jan 7 19:26:28 mpd: [pt6] ppp node is "mpd57834-pt6" Jan 7 19:26:28 mpd: [pt5] using interface ng6 Jan 7 19:26:28 mpd: [pt5] ppp node is "mpd57834-pt5" Jan 7 19:26:28 mpd: [pt4] using interface ng5 Jan 7 19:26:28 mpd: [pt4] ppp node is "mpd57834-pt4" Jan 7 19:26:28 mpd: [pt3] using interface ng4 Jan 7 19:26:28 mpd: [pt3] ppp node is "mpd57834-pt3" Jan 7 19:26:28 mpd: [pt2] using interface ng3 Jan 7 19:26:28 mpd: [pt2] ppp node is "mpd57834-pt2" Jan 7 19:26:28 mpd: [pt1] using interface ng2 Jan 7 19:26:28 mpd: [pt1] ppp node is "mpd57834-pt1" Jan 7 19:26:28 mpd: [pt0] using interface ng1 Jan 7 19:26:28 mpd: mpd: local IP address for PPTP is 0.0.0.0 Jan 7 19:26:28 mpd: [pt0] ppp node is "mpd57834-pt0" Jan 7 19:26:28 mpd: mpd: pid 57834, version 3.18 (r...@freebsd7-releng_1_2.pfsense.org 20:18 9-Nov-2008) Any help would be appreciated as I'm at a loss as to why it worked perfectly under 1.2 but not under 1.2.1 with the same config. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -----Original Message----- From: Morgan Reed [mailto:morgan.s.r...@gmail.com] Sent: Monday, January 05, 2009 7:27 AM To: support@pfsense.com Subject: [pfSense Support] Multi-WAN PPTP? Hi all, We've a multi-WAN setup on our pfSense (no redundancy or load balancing, one is dedicated to office internet traffic, the other is dedicated to inbound server traffic), just wondering if it's possible to setup pfSense so we can accept PPTP in on either WAN link (that way if the main link is down we can come in the backup and vice versa). pfSense is our PPTP server, and it authenticates against our Windows 2000 AD via RADIUS/IAS if that makes any difference. I've added a firewall rule to allow 1723 in on WAN2 but there appears to be something else required as my connection attempts timeout at authentication (I've been able to connect PPTP to the WAN2 interface from inside the office with no trouble so I assume that means that the PPTP daemon listens on all interfaces) I recall PPTP also uses IP Proto 47 (GRE), do I need to add a rule to allow that traffic on WAN2? Any suggestions? Thanks, Morgan --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org