Can routerboard authenticate pptp client with eap-mschap v2? I need to use it with Windows 2012 R2 and client need to be authenticated with his windows credentials. It works with mschap v2 (windows login and password is typed manually bu user) but if I create connection with eap-mschap v2 I've got 628 error while connecting.
I'll be grateful for any response.

EAP/PEAP-xx-CHAP x ? do you deployed RADIUS/DIAMETER server for that ?
no need to use windows or windows server solely for that. you can use number of network appliances(containers)for, including free ones.
if so- dump config of it here.
628 generally is auth issue, AFAIK.
you can temporally use plaintext auth as advised by MS to troubleshoot/locate root of problems
https://social.technet.microsoft.com/fo ... -error-628

Radius on routerboard, vpn authentication by radius. Windows 2012 R2 domain, acting as radius client.
I need Windows to authenticate by domain credentials.
Connection is created by CMAK so it's not possible to change parameters after installing. I've created 2 versions of connection: one with MS-CHAP2 (user enters credentials manually) and second with EAP-MSCHAP2 (actually logged user's credentials are used for authentication).
First one works excellent (but if user will change Windows password, he has to change vpn password too) and second shows error 628.
If I'll have no choice, I'll use version one in my network. But I'm still going to get my network environment user(idiot) friendly

tweak MS-CHAPv2 defaults(there was Several options in windows. some Newer options - simply not supported by ROS, yet, sadly), just avoid plaintext/opened/PAP challenge/"auth"