odd one, 3900 on a 100MB leased line. All is fine and 20 or so PPTP dial-in users connect fine. Then all of a sudden no new users can join. Existing dial-in users remain connected. Only solution is a full reboot. looks like some sort of DHCP issue.

Running firmware 1.2.2
Syslog below of a user trying to connect at this point

Vigor¬ pptp[25752]: Warning - secret file /etc/ppp/chap-secrets has world and/or group access¬
Vigor¬ pptp[25752]: Peer richardbarry pass CHAP authentication¬
Vigor¬ pptp[25752]: idle_time_limit = 0¬
Vigor¬ pptp[25752]: MPPE 128-bit stateless compression enabled¬
Vigor¬ pptp[25752]: ipcp_resetci: Original our IP address 0.0.0.0; his IP: 0.0.0.0¬
Vigor¬ pptp[25752]: json_choose_hook entered with peer name richardbarry¬
Vigor¬ pptp[25752]: Static IP: ifname = lan1¬
Vigor¬ pptp[25752]: Static IP: ip = 10.0.0.1¬
Vigor¬ pptp[25752]: Static IP: dns = ¬
Vigor¬ pptp[25752]: ipcp_resetci: Get our IP address 10.0.0.1 from user: richardbarry¬
Vigor¬ pptp[25752]: ipcp_resetci: Update local IP address as 10.0.0.1¬
Vigor¬ pptp[25752]: DHCPC: ip_choose_hook entered with peer name richardbarry, local ip 0x100000a¬
Vigor¬ pptp[25752]: DHCPC: lo (our ip) = 127.0.0.1¬
Vigor¬ pptp[25752]: DHCPC: adapter index 1¬
Vigor¬ pptp[25752]: DHCPC: adapter hardware address 00:00:00:00:00:00¬
Vigor¬ pptp[25752]: DHCPC: Using relay address of '10.0.0.1'¬
Vigor¬ pptp[25752]: DHCPC: Broadcasting to servers on interface 'lo'¬
Vigor¬ pptp[25752]: init_packet(): new_uid = richardbarry-ppp1502¬
Vigor¬ pptp[25752]: DHCPC: entering kernel listen mode on lo¬
Vigor¬ pptp[25752]: DHCPC: Opening listen socket on 0x00000000:67 lo¬
Vigor¬ pptp[25752]: DHCPC: Bound socket 0¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x35¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x3d¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x3c¬
Vigor¬ pptp[25752]: DHCPC: Sending discover...¬
Vigor¬ pptp[25752]: Waiting on select...¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x35¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x3d¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x3c¬
Vigor¬ pptp[25752]: DHCPC: Sending discover...¬
Vigor¬ pptp[25752]: Waiting on select...¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x35¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x3d¬
Vigor¬ pptp[25752]: DHCPC: adding option 0x3c¬
Vigor¬ pptp[25752]: DHCPC: Sending discover...¬
Vigor¬ pptp[25752]: Waiting on select...¬
Vigor¬ pptp[25432]: DHCPC: No lease, failing.¬
Vigor¬ pptp[25432]: DHCPC: Failed to obtain an IP address. Terminating connection.¬

Obvious answer. DON'T use PPTP - it's 10 years out of date security wise...

Thank you for that, but its not helpful in this instance.

I don't believe we've run out of DHCP leases so what could cause this?

Ok, I can see the issue. Even when using L2TP over IPSec we get the same issue. We have run out of addresses in the pool. To combat this I've changed the LAN to a /23 network (255.255.254.0 subnet). However I don;t think this will last long

Both a 3900 and a 2960 have this issue. Today there are 99 live leases in the DHCP pool yet new connections are obtaining address at the high end of the range. I fully suspect we are going to run out again today. For example 10.0.0.122 is the highest address in the DHCP table yet the latest user has been assigned 10.0.1.112 !

It’s almost like they are not being released back into the pool until we reboot the firewall. The lease time is set to 24 hours. I've tried changing it to 12 hours with the same results.

We never had this issue with the 2960 which has the option "Clear DHCP lease for inactive clients periodically"