1

A followup to this question.

I have a Cisco 877 ADSL router configured (at last!) to act as a VPN server; it supports both PPTP and L2TP VPNs, and I can successfully connect to it from Windows computers using the built-in VPN software.

There is only one problem: when using a PPTP VPN, encryption doesn't work. If I configure the client to require encryption (default setting), the connection fails with an error about the remote endpoint not supporting it. If I remove the encryption requirement, the connection succeeds. I've also tried tweaking the encryption settings (40/128 bits), but this didn't work either.

This is the relevant part of the router's configuration; the complete config is available in the question I linked above.

vpdn enable
vpdn-group VPN_Clients
 accept-dialin
  protocol any
  virtual-template 1

ip local pool VPN_Pool 192.168.42.250 192.168.42.254

interface Virtual-Template1
 ip unnumbered Vlan1
 ip nat inside
 peer default ip address pool VPN_Pool
 ppp encrypt mppe auto required
 ppp authentication ms-chap-v2 ms-chap chap

The router's IOS version is 15, and it fully supports encryption.

The strangest thing is, encryption is actually required in the router config; but not only the router doesn't seem to offer it... it also accepts unencrypted connections, which it shouldn't. It's like the ppp encrypt mppe auto required command is completely ignored.

How can I fix this?

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • I'm not sure really, perhaps there is a separation here between the encryption of authentication and encryption of the data transmission. – SpacemanSpiff Jul 03 '11 at 17:52
  • That command (according to the documentation) has the exact purpose of turning on **data** encryption. – Massimo Jul 03 '11 at 18:25
  • I know that PPTP is built upon GRE tunnels, I'll check with someone on why you're seeing what you are. – SpacemanSpiff Jul 03 '11 at 20:20

1 Answers1

0

Looks like it was a bug.

I updated the router's IOS from version 15.0(1) to 15.1(3) and now the problem is gone.

Massimo
  • 68,714
  • 56
  • 196
  • 319
  • Apologies for topping and old topic, but I've followed this thread, and the thread it followed on from, with interest. We're in exactly the same position - need to configure a Cisco 877 router as a VPN server. However, the instructions in the first thread are to setup a PPTP VPN, which I now believe are insecure. If this is the case what are you using instead? – kafka Feb 26 '13 at 15:21
  • The accepted answer in the first thread enables both PPTP and L2TP. – Massimo Feb 26 '13 at 16:21