PPTP VPN on macOS Sierra

Apple stopped the support for it’s builtin PPTP VPN client on macOS Sierra, but they kept their libraries, so it’s still possible to create a PPTP VPN connection over command line without using any 3rd party clients, like FlowVPN or Shimo.

I know that PPTP VPN has become outdated and is less secure than other protocols, but in a corporate world you sometimes don’t have a choice.

The following procedure will show how you can create a PPTP VPN on macOS Sierra. It’s based on my own configuration (MPPE-128), so you might have to adapt it to your need.

The procedure is quite simple, you first need to create a file in /etc/ppp/peers with a name that represent your domain, or company, so in my case I will call it vpn.example.com.

$ sudo touch /etc/ppp/peers/vpn.example.com

This file will contain the configuration that pppd daemon will reference and try to connect.

plugin PPTP.ppp
noauth
# logfile /tmp/ppp.log
remoteaddress "vpn.example.com"
user "username"
password "mYS3cUr3P@ssW0rd!"
redialcount 1
redialtimer 5
idle 1800
# mru 1368
# mtu 1368
receive-all
novj 0:0
ipcp-accept-local
ipcp-accept-remote
# noauth
refuse-eap
refuse-pap
refuse-chap-md5
hide-password
mppe-stateless
mppe-128
# require-mppe-128
looplocal
nodetach
# ms-dns 8.8.8.8
usepeerdns
# ipparam gwvpn
defaultroute
debug

Now you only need start the pppd daemon with the following command and that’s it.

$ sudo pppd call vpn.example.com

Note: This configuration will also change your default route to the VPN.


Alexandre Guimarães Malucelli

Alexandre Guimarães Malucelli is a Site Reliability Engineer and a DevOps Engineer at TOTVS. His main goal is to help growing companies on how to scale their business at Amazon Web Services.


Comments

For comments or any questions, feel free to ping me on