cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8698
Views
35
Helpful
13
Replies

RV340 - not able to connect through PPTP or L2TP, known bug due to LOCAL user account passwords stored as "secret"

Pepp123
Level 1
Level 1

I need solution for this issue ASAP or the device is completely useless to me and I will have to return it, so far it seems like a great router, but without VPN from Windows 10 what's the point? 

 

so here are the details, VERY similar if not identical to this: https://supportforums.cisco.com/t5/small-business-routers/pptp-not-recognzing-accounts-in-local-database-rv340/m-p/3052636#M33285 , somehow that's marked as solved without a solution. 

 

Remote client: windows 10 

Types of VPN i tried: PPTP and L2TP with pre-shared secret

 

for PPTP I've tried all sorts of various settings, but I want MS-Chap2 to work if at all possible. No settings allow the remote client to connect.

 

for L2TP windows has an error of EVENT ID 20227 : The error code returned on failure is 789. (RasClient), I do not see much in the router logs for this type of VPN

 

for PPTP I get logs in router so here they are: 

 

pptp: Connection terminated.

pptp: Peer cisco failed CHAP authentication

pptp: RADIUS: Can't read config file /etc/radiusclient/radiusclient.conf

pptp: /etc/radiusclient/radiusclient.conf: no authserver specified

pptpd: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

pptp: Warning - secret file /etc/ppp/pap-secrets has world and/or group access

pptp: Connect: ppp0 <--> pptp (MY HOME IP)

 

I DO NOT HAVE RADIUS enabled/configured etc.. 

 

on routers with IOS/CLI the simple solution seems to be to not make LOCAL USERs passwords "secret", but on the RV340 I seem to be SOL. 

 

Please advise, there seem to be hundreds of us with this issue.

 

Serial Number of router: PSZ21181E2E 

Firmware Version: 1.0.00.33

 

thank you in advance for any help. 

13 Replies 13

Pepp123
Level 1
Level 1

By the way, I tested it with using PAP and it worked fine so this really is a bug on the RV340, it seems to be in the latest firmware as well ( I know mine is outdated). 

 

I believe this is the actual issue: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd97778/?referring_site=bugquickviewredir 

 

but I have no idea how it was not fixed yet. 

Hello everybody

 

Exactly same problem with my new RV340.

RV340 is a VPN-Gateway, but the core function not work ?!?!

 

Hope there is soon a Bugfix.

 

Kind Regards

Chris

 

how this gets past quality control/testing is beyond me. It's ridiculous. 

 

Cisco: oh we allow local accounts on the device? cool feature, customers will like that

 

Cisco: lets offer really popular L2TP/PPTP VPN on this thing, customers will like that...

 

Cisco: I bet MOST of customers will buy this router for the ONLY REASON of using the VPN and having our great support/name branding so it sells easy to their clients. We did real good guys!!! 

 

Dude shunned to basement long time ago:  hey everyone... could ya you know... maybe TRY TO CONNECT so 100% of our customers that want to use this feature aren't screwed? 

 

/end of my attempt at recreating history.

marioesp
Level 1
Level 1

Greetings,

 

about how to configure PPTP on Windows 10, what you need to do is disable CHAP/CHAP2 negotiation on the PPTP security setting, so far, there is known-issue on RV340/RV345 and it's only using PAP (developers are actively working on this to improve it.).

 

the configuration must be like this:{34974A66-02BD-4ECC-8AFA-AF293916DF3B&#125;.png

 

 

 

right now, if you want to use CHAP2, then, you need to set a remote authentication method as RADIUS.

 

Mario Espinoza
.:|:.:|:. Cisco Small Business TAC
Email: marioesp@cisco.com
Shift Hours: Monday - Friday from 9:30 AM – 7:00 PM (EST)

Most of our Product documentation and Solutions to commonly asked questions can be found at
http://www.cisco.com/go/smallbizsupport

Cisco Support Frontline Phone Number: +1 866-606-1866
Cisco Support Worldwide Contacts:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

Thank you for the reply, you are absolutely correct, but..

 

This is a MAJOR selling point of this device, it has been broken for months if not years! It is not only unacceptable to sell a VPN router whose VPN feature is absolutely broken and yet somehow this got through QA testing, but it's shameful that this was not patched immediately. 

 

Not only that, it seems there would be a very simple fix if the device had CLI as the password could be made not secret which supposedly fixes the problem on higher end devices with CLI that also suffered from this bug. If one command can fix it on CLI device, are we really looking at months worth of development for a firmware fix? 

 

 

unfortunately, our Small Business devices are not like enterprise one and so far, there is not ETA about any patch/fix for this issue.

 

I wonder if we can submit a new Service Request (ticket) on our STAC support department so we can escalate your concern to the next level. if you agree, let me know and I will reach you via internal message.

Mario Espinoza
.:|:.:|:. Cisco Small Business TAC
Email: marioesp@cisco.com
Shift Hours: Monday - Friday from 9:30 AM – 7:00 PM (EST)

Most of our Product documentation and Solutions to commonly asked questions can be found at
http://www.cisco.com/go/smallbizsupport

Cisco Support Frontline Phone Number: +1 866-606-1866
Cisco Support Worldwide Contacts:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

Hello Mario

Thank you for instruction but I use OSX and there are no PPTP Client on Board.
On the L2TP Client is it not possible to disable CHAP.

A external Radius Server?!?
Sorry, but you write the RV340 is a SMB product. Small Business usually never have a Radius Server, they not know what that is. So I’m wondering about your second solution.


I know and understand SMB and the difference to Enterprise but:
- 1 Month for a replay
- No Hotfix for a broken core function

If I can help you to escalate the problem and fix it, of corse I agree to change to internal message

Greetings,

 

if you are using OSX or iOS, then, you can try to use Cisco VPN Client on the RV340.

 

I've attached a quick manual.

 

test it and let me know.

Mario Espinoza
.:|:.:|:. Cisco Small Business TAC
Email: marioesp@cisco.com
Shift Hours: Monday - Friday from 9:30 AM – 7:00 PM (EST)

Most of our Product documentation and Solutions to commonly asked questions can be found at
http://www.cisco.com/go/smallbizsupport

Cisco Support Frontline Phone Number: +1 866-606-1866
Cisco Support Worldwide Contacts:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

Hi Mario

Thank you for the manual.
The Cisco VPN-Client works on OSX and IOS11 in client mode.
In the network extension mode no connection possible (IOS and OSX).
Error Message: Communication with VPN-Server failed.
When I switch back to client mode and put the pool IP-Range then everything works.
I think this is next bug in the firmware.

I use vpn on demand, so nem is needed because I don’t won’t route all traffic true the tunnel.
On L2TP is a switch client side to route everything or only the remote subnet.

im using a program called shimo for osx.  PPTP used to work when i had my rv320, now with my RV345 it doesnt work at all. 

 

L2TP, no work on osx or ios

 

ipsec no work on osx or ios, even when using a separate client software like shimo

 

i tried every setting combo possible, nothing works. please try yourself to connect an iphone to the router without using any certificates and just pre shared keys 

 

the only thing that works is site to site vpn between two rv340's  

Three years later and it's still not fixed.  Yay Cisco you're really going the extra mile. I hope the Meraki MX platform works better.

Yep standard VPN support on this router is garbage, and previous supported RV series models were too slow when they did work--despite being stable.  The RV130's recent r54 firmware finally produces usable VPN performance, but I had already phased most of them out at this point.

 

For any sites I manage with significant needs for these types of VPNs, I replaced the RV's with Ubiquiti Edgerouter entry models (X and Lite) which have worked stellar.  The X platform (MediaTek) had occasional buggy firmware releases vs the Lite platform (Cavium), but have not been a problem for the last year or so.  Expect to use a combination of GUI, Config Tree (router registry type structure) and CLI to make them work for VPN's but they are very fast and stable.  The X runs extremely cool and its lower "on paper" specs for routing performance & RAM have not proven to be relevant in any application for my SMB sites.

 

I won't be taking these RV routers seriously anymore, as VPN performance (RV32x) & usability (RV34x) for these types of configs has been a train wreck on their modern supported models for years now.  Cisco seems to be mainly interested in pushing buyers into their paid offerings for the RV34x, with these standard VPN features being spec sheet bs to try to get admins "in the door" and try to convert them.  Hopefully Cisco will one day prove me wrong, but I'm not holding my breath at this point.

Hi everyone,
I had the same issues with my RV340, and I found a solution ! 
If you see your logs, this line need attention : "pptp: RADIUS: Can't read config file /etc/radiusclient/radiusclient.conf" 
What ! Radius , I don't want use a Radius server ! ( this server permit to store ID of user and share it to this rooter) 
Well ! How to change this ? Go to "User Accounts" > Service Auth Sequence  and at PPTP line, change "Customize Primary" To Local DB ! 

That's all ! 
have fun with your RV rooter !