14 Replies Latest reply: May 23, 2013 12:27 AM by einord
Patrick Savelberg (Private) Level 1 Level 1 (105 points)
I have a MacPro 2008 with MacOs X Server 10.6.5
Have setup the server, and want to use VPN.

Setup LT2P, made a shared secret etc.
FireWall is turned off
VPN is running and vpnd is shown as process

When i try locally to setup a VPN connection, i keep getting LT2P Server not responding
When i do a port scan no port that uses VPN (500, 4500, 1701) are open.

i Use only one ethernet port.
Where to look, log is not shoming anything execpt listining ....

Multiple Systems, Mac OS X (10.6.5), MacOS X Server 10.6.5
  • 1. Re: VPN running but not responding to clients
    Nachos Libres Level 4 Level 4 (1,205 points)
    Just to make sure - you don't have your starting and ending IP addresses for VPN overlapping or using the same IP addresses that you DHCP server hands out - do you?

    Also, can you post the output of $ sudo serveradmin fullstatus vpn
  • 2. Re: VPN running but not responding to clients
    Patrick Savelberg (Private) Level 1 Level 1 (105 points)
    No it is not overlapping my DHCP.

    Here is the full output :

    vpn:servicePortsAreRestricted = "NO"
    vpn:readWriteSettingsVersion = 1
    vpn:servers:com.apple.ppp.pptp:AuthenticationProtocol = "MSCHAP2"
    vpn:servers:com.apple.ppp.pptp:CurrentConnections = 0
    vpn:servers:com.apple.ppp.pptp:enabled = no
    vpn:servers:com.apple.ppp.pptp:MPPEKeySize = "MPPEKeySize128"
    vpn:servers:com.apple.ppp.pptp:Type = "PPP"
    vpn:servers:com.apple.ppp.pptp:SubType = "PPTP"
    vpn:servers:com.apple.ppp.pptp:AuthenticatorPlugins = "DSAuth"
    vpn:servers:com.apple.ppp.l2tp:AuthenticationProtocol = "MSCHAP2"
    vpn:servers:com.apple.ppp.l2tp:CurrentConnections = 0
    vpn:servers:com.apple.ppp.l2tp:enabled = yes
    vpn:servers:com.apple.ppp.l2tp:startedTime = "2010-12-30 15:28:52 +0100"
    vpn:servers:com.apple.ppp.l2tp:Type = "PPP"
    vpn:servers:com.apple.ppp.l2tp:SubType = "L2TP"
    vpn:servers:com.apple.ppp.l2tp:AuthenticatorPlugins = "DSAuth"
    vpn:servers:com.apple.ppp.l2tp:pid = 1606
    vpn:servicePortsRestrictionInfo = emptyarray
    vpn:health = emptydictionary
    vpn:logPaths:com.apple.ppp.pptp_ServerLog = "/var/log/ppp/vpnd.log"
    vpn:logPaths:com.apple.ppp.pptp_PPPLog = "/var/log/ppp/vpnd.log"
    vpn:logPaths:vpnLog = "/var/log/ppp/vpnd.log"
    vpn:configured = yes
    vpn:state = "RUNNING"
    vpn:setStateVersion = 1

    It is a standard installation, and i have done it multiple times with other machines.

    [edit] checked my other installation and the output is the same.
  • 3. Re: VPN running but not responding to clients
    Nachos Libres Level 4 Level 4 (1,205 points)
    The only other thing I can think of is to make sure you have a DNS entry on your DNS server for the server hosting VPN and making sure you have the IP address of the DNS server entered under Settings and Client Information in VPN.

    It could also be that those ports are being firewalled but you already said your firewall wasn't running.
  • 4. Re: VPN running but not responding to clients
    Leif Carlsson Level 5 Level 5 (4,950 points)
    You can't use Network Utility to scan for open UPD ports, you need something like nmap.

    Nothing in ppp.log?

    Entering login name exactly as it is entered in WGM/account from OD or Local db, use either the long name or the first short name.


    No SACL is used for the VPN service (default is SACL is not in place for VPN)?
  • 5. Re: VPN running but not responding to clients
    Gordon Davisson Level 3 Level 3 (520 points)
    Check to make sure the shared secret is entered correctly (on both server and client) -- if it's wrong, you get the same error as if the server just isn't responding at all.
  • 6. Re: VPN running but not responding to clients
    kjelt Level 1 Level 1 (5 points)
    I am having the same problem...vpnd is sitteng there, listening, but does not react to any connection attempts (not even from the same machine)

    ppp.log says

    Sun Jan 23 01:28:51 2011 : L2TP connecting to server '192.168.0.51' (192.168.0.51)...
    Sun Jan 23 01:28:51 2011 : IPSec connection started
    Sun Jan 23 01:29:01 2011 : IPSec connection failed
  • 7. Re: VPN running but not responding to clients
    kjelt Level 1 Level 1 (5 points)
    follow-up:

    I had an error in the "shared secret" set-up, now its working without problems...so the advice above is true: check the authentication throughly, as errors here show up very much like no connection between client and server was established

    cheers, kjelt

    (I think, my testing it locally was senseless, that can't work in any case)
  • 8. Re: VPN running but not responding to clients
    Patrick Savelberg (Private) Level 1 Level 1 (105 points)
    Nope, the pre-sharedkey is correct.

    The only thing i can think off, the previous system administrator is setup the network in the range:
    192.128.0.x
    This is not o private network range that is used private.
    Can this be the issue, i have setup dozen of VPN's this way and only this one is not working.

    Al already did a clean install again.
  • 9. Re: VPN running but not responding to clients
    MrHoffman Level 6 Level 6 (12,465 points)
    IP routing does not appreciate having the same subnet on both ends of a VPN.

    I'd get out of 192.168.0.0/24 and 192.168.1.0/24 subnets given the prevalence of those subnets on home WiFi and coffee shop networks and given the connectivity problems that the use of duplicate IP subnets causes for VPN IP routing, and preferably get your networks entirely out of the 192.168.0.0/16 block, and preferably into a subnet somewhere in the 10.0.0.0/8 or 172.16.0.0/16 blocks.

    I'd also suggest adding a VPN-capable firewall.

    VPN pass-through with a NAT device is problematic at best. Add to that that various of the Apple Airport and Time Capsule devices have had various forum reports of firmware issues with VPN passthrough with L2TP over the years. And yes, these are among the reasons why I tend to go immediately to a server-grade gateway firewall device.
  • 10. Re: VPN running but not responding to clients
    koa_noise Level 1 Level 1 (0 points)
    I have had issues with this from the beginning. Just had the girl friend turn VPN off and then back on to get it to work since I'm out of town. Apple needs to fix this before they post sites like this...

    http://www.apple.com/server/macosx/features/networking-vpn.html

    You do have to be a network guru to set up Snow Leopard server. Now if I could just get my Airport express to work with the server. Man!
  • 11. Re: VPN running but not responding to clients
    MrHoffman Level 6 Level 6 (12,465 points)
    Welcome to the forums.

    Consider purchasing equipment suited for the task.

    Airport Extreme (AX) and Time Capsule (TC) are not what I would consider server-grade gateway devices; they're fairly feature-weak when server-oriented networking is involved.

    These Apple devices are NAT-based firewalls, and can be appropriate for home use.

    If you are planning to perform inbound connections typical of servers, these devices lack port-mapping flexibility, VPN end-point capabilities, multiple public IP addresses, and DMZ features.

    And FWIW, if you're going to operate with VPN pass-through and NAT using an AX or TC, there is an [Apple tech note (HT3944)|http://support.apple.com/kb/HT3944] around shutting off MobileMe on the AX or TC to get the L2TP VPN pass-through connections to function.
  • 12. Re: VPN running but not responding to clients
    Jerry Z. Level 1 Level 1 (120 points)

    Brilliant! This is the document that I have been looking for and which clears up hours of frustration for me.

     

    Thanks!

  • 13. Re: VPN running but not responding to clients
    koa_noise Level 1 Level 1 (0 points)

    I'm happy to say that the VPN on my Snow Leopard server has been flawless over the last few months. Maybe the fix was through my Airport Extreme or the server either way this is awesome!

  • 14. Re: VPN running but not responding to clients
    einord Level 1 Level 1 (0 points)

    Fantastic! Thanks!