DSM 7.0 After DSM 7 update VPN not working

[AdrianEarnshaw]

My apologies, I forgot to post my update. It turned out to be a phone update that borked VPN access. New update released and all is working again for me, sorry it doesn't help your problem.

 

[grasi71]

Hello!

The same is true for me.
Domain users did not work with PPTP and L2TP.
I wrote to the support center. It was repaired remotely.
I asked: how?
Reply:
"Since the NTLMv1 is disabled by default in DSM 7.0 Official, if the service use the MSCHAP authentication to authenticate the domain user, it will fail in DSM 7.
So, I have checked the VPN Server configuration file and then added there the --allow-mschapv2 parameter."

Thanks for Syonology!

 

[marin]

Hi Grasi71,

I'm having the same problem with PPTP after an upgrade to DSM 7.

Which file/line do I add --allow-mschapv2 parameter to ?

I have had a look at the VPN config files but I'm not sure where it should be entered.

Thanks.

Hello!

The same is true for me.
Domain users did not work with PPTP and L2TP.
I wrote to the support center. It was repaired remotely.
I asked: how?
Reply:
"Since the NTLMv1 is disabled by default in DSM 7.0 Official, if the service use the MSCHAP authentication to authenticate the domain user, it will fail in DSM 7.
So, I have checked the VPN Server configuration file and then added there the --allow-mschapv2 parameter."

Thanks for Syonology!

 

[marin]

Fixed it now - just had to clear the SMB Cache on the NAS and add DOMAIN\ in front of the UserName in the Window 10 VPN setting.

 

[grasi71]

Hi Grasi71,

I'm having the same problem with PPTP after an upgrade to DSM 7.

Which file/line do I add --allow-mschapv2 parameter to ?

I have had a look at the VPN config files but I'm not sure where it should be entered.

Thanks.

Hello!
I couldn't find the file either. The support bandage helped me ...

-- post merged: 30. Aug 2021 --

Fixed it now - just had to clear the SMB Cache on the NAS and add DOMAIN\ in front of the UserName in the Window 10 VPN setting.

Hello!
We used to have these settings. Domain \ User.
Unfortunately, it didn't work either ...

 

[James]

I've had the same issue with DSM 7 and VPN Server using L2TP with domain users. I received the following from Synology Support this morning. I will try the fix this evening.

You would need to add this to the file /var/packages/VPNCenter/target/etc/raddb/modules/mschap_ad :

You would need to add "--allow-mschapv2" between "--request-nt-key and --username=%{%{Stripped-User-Name}:-%{User-Name:-None}}"

 

[James]

I've had the same issue with DSM 7 and VPN Server using L2TP with domain users. I received the following from Synology Support this morning. I will try the fix this evening.

You would need to add this to the file /var/packages/VPNCenter/target/etc/raddb/modules/mschap_ad :

You would need to add "--allow-mschapv2" between "--request-nt-key and --username=%{%{Stripped-User-Name}:-%{User-Name:-None}}"

I can confirm the above fixed my issue. It needed to be used in combination with domain\user for the username and changing the DNS address within the L2TP settings to the NAS IP address. By default this was set to 127.0.0.1 which caused DNS resolution to fail.