DescriptionThis article explains how to troubleshoot PPTP VPN users experiencing disconnections on the FortiGate. ScopeAll FortiOS SolutionThe following steps can be used to understand why a PPTP VPN user is experiencing disconnections from the FortiGate, and to enable the appropriate FortiOS debug depending on the type of PPTP VPN User.
1. A PPTP VPN user connects to the FortiGate with local authentication. If the user disconnects and cannot connect then connect the PC and enable the following FortiGate debug via the CLI.
|
diag deb enable
diag deb reset
diag deb console timestamp en
diag deb app ppp -1
diag deb app pptp -1
diag deb app authd -1
diag deb app fn -1
diag deb en
diag vpn pptp status |
2. Collect a sniffer trace on the port of the PPTP connection.
|
diag sniffer packet <port of pptp connection> 'local_ip_addr of pc' 6 |
3. If the PPTP VPN User uses authentication with LDAP then enable the following debug with step 1.
|
diag test auth ldap (ldapservername in GUI) (username to test) (pwd user)
diag test auth ldap LDAP_Server user password |
4. If the PPTP VPN User uses Radius then also collect the following debug.
|
diag test authserver radius <server_name> <chap | pap | mschap | mschap2> <username> <password> |
5. If debug for an authenticated user needs to be taken again, use the following commands to clear the session.
|
diag deb reset
diag deb console time en
diag deb app fnbamd -1
diag deb enable |
6. Compare the debug with PPTP disconnect message on the PC. A full list of PPTP disconnect messages may be found at the Microsoft link http://support.microsoft.com/kb/923944
Should the problem persist, please open a support ticket via the Fortinet Support Portal at https://support.fortinet.com/ . Attach the debug information collected in steps 1-5 to the ticket.
