Blogs‎ > ‎

Configure PPTP VPN on a Cyberoam UTM for iPhone, iPad, Mac, and Windows

posted Feb 15, 2013, 7:38 PM by Ian Curtinsmith   [ updated Feb 15, 2013, 7:44 PM ]
I should start this article by saying that if possible do not use PPTP VPN's and you should opt where possible for IPSEC vpn tunnels.

Security is a concern around PPTP vpn's and these can easily be cracked in minutes. 

YouTube Video


In fact there are now websites setup where people with no experience can pay others to crack the PPTP VPN password for you such as https://www.cloudcracker.com

The cyberoam UTM appliance can support Standard IPSEC VPN's that the Apple Mac iPhone and iPad and Desktop use and can even be configured to act as a Cisco VPN.

Establish an IPSec Connection Between Cyberoam and Cisco VPN Client 

Configure Apple iPhone for Cyberoam L2TP VPN Connection

However if required you can enable the Cyberoam to allow PPTP vpn connections

Configure Cyberoam to Establish PPTP connection using MS Windows 7 VPN Client

With the default configuration of PPTP VPN on the Cyberoam, only CHAP authentication is set.
The setup of PPTP on the Cyberoam UTM requires one hidden step to enable MS-CHAPv2 that is required for windows and Mac's to use a PPTP VPN connection.

Step 1 – Enable PPTP

1. In the GUI interface, go to VPN -> PPTP
Under General Configuration: choose the local LAN address to be used by PPTP
2. Choose the range to assign to PPTP users
Note: Do not specify the same IP address range in L2TP configuration and PPTP configuration.
3. Specify the DNS Servers to be used.
4. Click "Apply"

 

Step 2 – Set Encryption and Authentication Methods
1. Login to the CLI Console: By clicking Console in the top right corner OR logging in via Telnet or SSH
Choose Menu Option # 4


2. Now use the following syntax to set the encryption and authentication:

console> set vpn pptp authentication MS-CHAPv2 encryption STRONG

3. you can review the settings with the following command: 

console> show vpn configuration

Step 3 – Grant Users Logon access via PPTP

There are a few places to grant access to users:
A. Go to IDENTITY -> USERS and click the user you would like to grant PPTP access. Choose “Enable PPTP”.
B. Go to IDENTITY -> GROUPS and click the group you would like to grant PPTP access. Choose “Enable PPTP”.
C. Go to VPN -> PPTP and click “Add Member(s)” and Choose the ‘groups’ or ‘users’. And click Apply 

Review Users/Groups with PPTP access: 
Go to VPN—PPTP and click “Show PPTP Members” and Choose the ‘groups’ or ‘users’.

Diagnostics and Logging:

1. In CLI - 

console> cyberoam diagnostics show syslog

2. In GUI - Go to LOGS & REPORTS -> LOG VIEWER
Choose View logs for “Authentication”

Comments