Catalina and PPTP VPN

I understand security is an issue with PPTP VPN connections, but mitigation systems I access have routers that still rely on this protocol. Apple’s macOS began leaving PPTP years ago and with Catalina, the purge is complete. Fortunately, Filip Molcik and his readers have tackled this and I’ve modified their instructions here for connecting with SmartFlex routers as described in the following steps:

1. Open and run the following command (you may need to precede these with ‘sudo’):

mkdir /etc/ppp/peers
cd /etc/ppp/peers
sudo pico pptp_config_file

2. Paste in the following text and replace instances of REMOTE_ADDRESS, USERNAME, and PASSWORD with what is required by your PPTP server (also note, this text includes commands to refuse authentication for EAP, CHAP, and MSCHAP, if you’re connecting to a PPTP server different than a SmartFlex router, you may need to put hashtags on these lines):

pty “/usr/local/bin/pptp REMOTE_ADDRESS –nolaunchpppd”
remoteaddress REMOTE_ADDRESS
password PASSWORD
# require-mppe-128
# logfile /tmp/pptp_vpn_log.txt
## Other settings
redialcount 1
redialtimer 5
idle 1800
mru 1436
mtu 1436
novj 0:0

3. Download a copy of Filip’s PPTP library built from Debian:

And save this file in:


4. To establish the PPTP VPN connection, I’ve found you need to keep the command prompt for in the same directory where the config file is saved from step 1, above. If so, make the connection in with this command:

sudo pppd call pptp_config_file

5. I should make a script for this, but I use it so infrequently I may not bother. For now, I disconnect by opening Activity Monitor, searching for PPTP, highlight it, click the “x” button, and choose “Quit”.

After making the connection, pptp surged to using about 90% of the cpu on my macbook12,1, but it has since settled down. Thanks, Filip!

Should these connections require MPPE in the future, we’ll need to replace the downloaded file in Step 3 with this library.

Last note, my MacBook Pro connects and pings the ip address it receives, but it can’t ping anything else on the network. Will hopefully resolve this soon.

Leave a Reply