PPTP server fix for iOS problems (pptpd/PopTop)

Ever since I was offered an iPod touch 4th gen I have been unsuccessful in my attempts to connect to PPTP based VPN servers from iOS. Apparently this is a well known issue since iOS 4.3.3 or earlier, that did not get fixed in the iOS 5 update.

Having set up my own PPTP-based VPN servers using Poptop (also known as pptpd) under CentOS, I always found it strange that my servers would function perfectly fine under all versions of Windows, but completely refuse to work under iOS and reportedly MacOS X as well.

Symptoms were the following:
  • Initially, the connection to the server starts ("Connecting... Starting... Authenticating... ") and appears successful for a second but then immediately drops, with a vague error message.
  • After a few tweaks that I read on DD-WRT's PPTP server configuration page (pertinent given that DD-WRT uses poptop as well) the situation changed but still failed to solve all of my problems: I was able to connect normally, without any error message, however any network communication failed and timed out. Whenever I tried loading a page it would just keep loading forever. Any app that connects to the Internet did the same- loading forever.
 Finally after a combination of multiple tweaks I finally got it to work! The solution is given below but I'd like to credit people first. First I used the DD-WRT tweaks as I previously said, then I followed the tips of two users who posted on this page, sid2 and jeremy207. Massive thanks to both of them!

Here's what got it to work for me. You need to open up the options file for pptpd usually located here: /etc/ppp/options.pptpd
At the very bottom of the file, insert the following lines:
nopcomp
noaccomp
mtu 1400
mru 1400
default-asyncmap
After saving the file, make sure to restart pptpd properly (I stopped it and started it again completely) and try connecting from iOS again. Worked for me! Hope it will for you as well.

Comments

us vpn said…
Great solution, it worked perfectly with mine. Thanks
Glad I could help. This had been torturing for a year or so.
ShutterSpeaks said…
hi,

is it working with iOS 5, i tried your solution and the page u referred to but somehow its not working for me. It randomly disconnect.

tq
Yes it's working fine for me with the latest iOS. Have you tried connecting from another internet link (at work, at a friend's, in a public place, etc.) might be your connection?
Anonymous said…
Thank you so much!
I can confirm that this solution works for iOS 5 clients.
WRT54GL v1.1 running dd-wrt build 14929 vpn
Anonymous said…
Thank you so much. I was getting iOS 6.1.3 to work only after fresh boot. Now it works every time.
scott said…
Thank you!!!
Wang Kan said…
It works! I tried some solutions before. But only this one worked for me. Thank you!
Anonymous said…
“The PPTP protocol does not allow two VPN connections from the same remote IP address”
Unknown said…
YOURVPN provides you the Cheap Vpn For Windows,Android, Iphone, Linux Pptp L2tp Sstp Ovpn $12 Per Year Only so just visit us Cheap Vpn For Iphone Pptp L2tp Sstp Ovpn
Anonymous said…
Anyone know how to get external browsing to work? I can VPN and get internal access but routing back out fails.
Anonymous said…
To get out to the Internet, you have to let the ppp device through your firewall. For iptables, this should work.

You probably have the first 2 rules, or you couldn't get a pptp connection.

The 3rd allows connections from one side of the connection to the other (FORWARDing the ppp connection through the firewall (your pptp server) to either the internal or external connection (you can limit where it is allowed by using -o where device is your wan or lan device (eth0 maybe? Sometimes vlan0). As is, PPP is allowed anywhere, external or internal..

The 4th allows connections to the firewall itself from the PPP connected client. (May not be necessary, but it may be if it is doing DNS, etc)

# for PPTP...allow GRE, port 1723, and forward ppp traffic, and allow in from ppp
iptables -I INPUT -p gre -j ACCEPT
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A FORWARD -j ACCEPT -i ppp+
iptables -A INPUT -j ACCEPT -i ppp+
Unknown said…
Great security system for iPhone..
vpn iphone
Anonymous said…
Thanks.Cool fix for VPN.Nice blog.
top10-bestvpn.com

Popular posts from this blog

Affiliate module for Interspire Shopping Cart

Nginx error 413: Request entity too large Quick Fix

Dealing with Nginx 400 Bad Request HTTP errors