collinssolutions

Q: Lion Server VPN

After setting up lion server vpn i can not mae a connection. Here is my error log. any help is appreciated

 

2011-08-31 14:40:54 CDT          Incoming call... Address given to client = 192.168.1.240

Wed Aug 31 14:40:54 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:40:54 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:40:54 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:40:54 2011 : L2TP received SCCRQ

Wed Aug 31 14:40:54 2011 : L2TP sent SCCRP

2011-08-31 14:40:55 CDT          Incoming call... Address given to client = 192.168.1.241

Wed Aug 31 14:40:55 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:40:55 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:40:55 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:40:55 2011 : L2TP received SCCRQ

Wed Aug 31 14:40:55 2011 : L2TP sent SCCRP

2011-08-31 14:40:57 CDT          Incoming call... Address given to client = 192.168.1.242

Wed Aug 31 14:40:57 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:40:57 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:40:57 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:40:57 2011 : L2TP received SCCRQ

Wed Aug 31 14:40:57 2011 : L2TP sent SCCRP

2011-08-31 14:41:01 CDT          Incoming call... Address given to client = 192.168.1.243

Wed Aug 31 14:41:01 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:41:01 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:41:01 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:41:01 2011 : L2TP received SCCRQ

Wed Aug 31 14:41:01 2011 : L2TP sent SCCRP

2011-08-31 14:41:05 CDT          Incoming call... Address given to client = 192.168.1.244

Wed Aug 31 14:41:05 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:41:05 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:41:05 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:41:05 2011 : L2TP received SCCRQ

Wed Aug 31 14:41:05 2011 : L2TP sent SCCRP

2011-08-31 14:41:09 CDT          Incoming call... Address given to client = 192.168.1.245

Wed Aug 31 14:41:09 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:41:09 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:41:09 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:41:09 2011 : L2TP received SCCRQ

Wed Aug 31 14:41:09 2011 : L2TP sent SCCRP

2011-08-31 14:41:13 CDT          Incoming call... Address given to client = 192.168.1.246

Wed Aug 31 14:41:13 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:41:13 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:41:13 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:41:13 2011 : L2TP received SCCRQ

Wed Aug 31 14:41:13 2011 : L2TP sent SCCRP

2011-08-31 14:41:14 CDT             --> Client with address = 192.168.1.240 has hungup

2011-08-31 14:41:15 CDT             --> Client with address = 192.168.1.241 has hungup

2011-08-31 14:41:17 CDT             --> Client with address = 192.168.1.242 has hungup

2011-08-31 14:41:21 CDT             --> Client with address = 192.168.1.243 has hungup

2011-08-31 14:41:25 CDT             --> Client with address = 192.168.1.244 has hungup

2011-08-31 14:41:29 CDT             --> Client with address = 192.168.1.245 has hungup

Posted on Aug 31, 2011 12:42 PM

Close

Q: Lion Server VPN

  • All replies
  • Helpful answers

Previous Page 2
  • by LinkNS,

    LinkNS LinkNS Sep 12, 2011 9:57 AM in response to collinssolutions
    Level 1 (0 points)
    Sep 12, 2011 9:57 AM in response to collinssolutions

    On my VPN server, which is also the DNS server, I have a Primary Zone setup similar to the following.  My server is named "servera", a second named "serverb", and my domain is "mydomain.local":

     

    mydomain.local

         servera.mydomain.local                         10.20.0.1

         serverb.mydomain.local                         10.20.0.2

     

     

    The reverse zones are created automatically.

     

    Under settings, I make sure I have the proper forwarders.  In my case it is the DNS servers for my ISP.

  • by collinssolutions,

    collinssolutions collinssolutions Sep 12, 2011 10:16 AM in response to LinkNS
    Level 1 (5 points)
    Sep 12, 2011 10:16 AM in response to LinkNS

    yeah tried all that and no go. Now i did some manual edits to the vpn configuration so i might have messed it up.

     

    collinssolutions.local

         ns1.collinssolutions.local 192.168.1.96

  • by LinkNS,

    LinkNS LinkNS Sep 12, 2011 4:09 PM in response to collinssolutions
    Level 1 (0 points)
    Sep 12, 2011 4:09 PM in response to collinssolutions

    Hmm.  I would delete the zone and start from scratch.  Don't forget to restart your DNS and VPN services.

  • by edljedi,

    edljedi edljedi Sep 12, 2011 5:27 PM in response to LinkNS
    Level 1 (0 points)
    Sep 12, 2011 5:27 PM in response to LinkNS

    Hrm. For me I had imported my settings from my 10.4 Server disk. Perhaps there was some residual junk causing issues but I would hope that the importer would have brought everything in ok. Does anyone know of a tool that would validate the DNS settings and potentially catch issues with DNS that could cause VPN issues/

  • by SvenWHD,

    SvenWHD SvenWHD Sep 18, 2011 1:42 PM in response to collinssolutions
    Level 1 (0 points)
    Sep 18, 2011 1:42 PM in response to collinssolutions

    I have no idea if this might be the same problem on 10.7, but anyway:

     

    I had the same problem in 10.6 Server and I solved it by switching IP addresses between the real interface and the virtual/alias interface I created specifically for the VPN. When trying to connect to the IP of the real interface, everything worked without a problem.

  • by egbertfromkingston,

    egbertfromkingston egbertfromkingston Sep 19, 2011 12:07 PM in response to LinkNS
    Level 1 (0 points)
    Sep 19, 2011 12:07 PM in response to LinkNS

    Hi I am new to setting up servers and only do it for fun with alot of trial and error. Can you tell me if it is necessary to setup the DNS server under services in order to use the VPN function?

  • by MAkahane,

    MAkahane MAkahane Sep 19, 2011 1:34 PM in response to egbertfromkingston
    Level 1 (25 points)
    Sep 19, 2011 1:34 PM in response to egbertfromkingston

    egbert, simply you should is an easy answer.

     

    First of all, read Hoffman, on DNS server setup:

    http://labs.hoffmanlabs.com/node/1436

     

    Then view some Lynda video, google "lynda mac os x dns"

     

    Simplify things as much as possible to test the functionality.

    Briefly:

     

    Server DNS

    yourzone.com

         vpn     A     local IP of VPN server (ie whatever internal IP xxx.xxx.xxx.xxx)

         (other stuff, etc.) For example, if your server's name is server.yourzone.com you should have the same here:

         server     A     local IP of server

     

    Domain (provider?) DNS

    yourzone.com

         vpn     A     public static IP to your server

     

    In this, you should be able to use the same server name vpn.yourzone.com in the VPN client to reach the same place, internally and externally. Your DNS will let your client know the easiest direction to go.

     

    Additionally, your firewall/router/gateway should have passthrough or the necessary ports NATing to the server for outside connections. Hopefully internal IP is also static (just in case the server fails to maintain it as well, which it should). Your VPN is either doing PPTP or L2TP/IPSec. The range of IP is really not that important (as long as it is free). The VPN service is reliant on the directory services (user management) to have some understanding of the username/password it will be given by your client to server. This can be OD or a standalone, but this needs to be there. If there are issues (some accounts are okay, some are not) please look at the logs for VPN and the OD logs for clues. Many typical problems have been well documented from previous versions.

  • by Mark23,

    Mark23 Mark23 Mar 12, 2012 6:12 AM in response to collinssolutions
    Level 3 (975 points)
    Mar 12, 2012 6:12 AM in response to collinssolutions

    To get VPN working on Lion Server, please follow this guide:

     

    http://macminicolo.net/lionservervpn

  • by LLange,

    LLange LLange Jun 12, 2012 4:05 AM in response to edljedi
    Level 1 (4 points)
    Jun 12, 2012 4:05 AM in response to edljedi

    Using existing Open Directory instances

    Open Directory instances created prior to Lion Server v10.7.3 will need their password policy modified to allow PPTP connections. Use the following command:

    pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"

    • Replace "(vpn_idname)" with the short name of the VPN key agent user, found in Server.app or WorkGroup Manager. Choose View > Show System Accounts/Records to make that record visible.
    • Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" is the default name the system uses.

     

    http://support.apple.com/kb/HT4748

Previous Page 2