Skip navigation

Lion Server VPN, Can Connect Locally, Not Remotely

33009 Views 70 Replies Latest reply: Oct 31, 2012 6:43 AM by tehcid RSS
  • porthosjon Level 1 Level 1 (5 points)
    Currently Being Moderated
    Aug 12, 2011 5:59 AM (in response to topping)

    I understand that there are 5 different issues that are being presented in this thread.  When I say solved I was speaking of the OP and their issue.

     

    The OP was very specific about their config, a lot of folk have hijacked this thread for their own issues with a completely different configuration.

  • an.ke Level 1 Level 1 (0 points)

    i had the same problem. It's not about your NAT. Its related to your HOST-NAME settings on your Lion mac-Server.

     

    go to Lion Server.app and connect to your Lion Server.

    go to the HARDWARE-group (left side) and select your Lion Server.

    go to Network and edit your HOSTNAME.

     

    my hostname was choosen as a local-hostname like mini.local, but this is only for internal use.

    you have to choose a server.private name, or a real domainname.

     

    if you follow these steps, it would work from inside your network and from internet too.

  • alexatull Level 1 Level 1 (0 points)

    I've got a similar problem. Been running an  L2TP/IPSec vpn service using Snow Leopard for months. Upgraded to Lion and now locval vpn connectivity on the same network works but external access to VPN doesn't Difference is that The serve is on our Uni network so there's no NAT  router issues as some people have suggested. Everything has a real IP address and as I managet the outside world firewall its not that either.

     

    I'm currently routing people through a backup leopard VPN server till I get the Lion one working.

     

    Also, Do apple want to make things difficult w.r.t. VPN server connectivity?

     

    The Snow Leopard  VPN server management page wasn't the best in the world but at least you could quickly see how many VPN users you had and what their userids were. With Lion it looks as if the only thing you can do is look at the diag log for the service..... or have they moved it to some other location?

    Rgds

    Alex

  • drrock77 Calculating status...

    I have been trying to get Lion VPN server up for a while....struggling with the same issues as folks listed here.

     

    I was able to connect on local LAN, but not from WAN. I figured that it must be something with my router [DD-WRT on Linksys 54g].

     

    The apple help says only a couple of ports need to be forwarded. I reviewed the traffic on local LAN and made the following router adjustments:

     

    • Forward ports 50, 51, 500, 548, 1701, 1723, 4500 to the server
    • Do not filter anonymous internet requests
    • Do not filter multicast
    • Do not filter NAT Redirection

     

    The VPN connections are now working for me from WAN side. I still cannot see other IPs on my LAN once VPN'ed in.

     

    BTW, thanks to the following post for insight as well:

    https://discussions.apple.com/message/15959842#15959842

  • Dan Pouliot Calculating status...

    This sounds like it might be the solution I am looking for (my iPhone and iPad can VPN in, but not my iMac). I am the admin for my offices airport extreme so I can configure the ports, however I'm a little confused as to the specifics.

     

    For each service, the router asks for a list of public UDP and TCP ports and then a list of private UDP and TCP ports. How I had it configured previously to today was:

     

    public UDP ports: 500, 1701, 4500

    public TCP ports: 1701

    private UDP ports: 500, 1701, 4500

    private TCP ports: 1701

     

    So my question is, for the list of ports to forward, which ones go under UDP and which ones go under TCP? Thanks!

  • Jim Putnam Calculating status...
    Currently Being Moderated
    Nov 9, 2011 12:07 PM (in response to pjunger)

    Rolling back the AirPort Extreme firmware to 7.4.2 worked for me.  Many thanks for this suggestion.  Going to give Apple Feedback now.

  • Changren Yong Level 1 Level 1 (100 points)
    Currently Being Moderated
    Nov 11, 2011 10:28 AM (in response to Jim Putnam)

    I had VPN problem as well in 7.5.2. Updating the Airport Extreme to 7.6 fixed that problem. One thing to note though: airport extreme must not have any mobileme setting.

  • Jim Putnam Level 1 Level 1 (15 points)

    Yep.  7.6 seems to have solved this issue.  Thanks Apple.

  • GusTheAppsEngr Level 1 Level 1 (0 points)
    Currently Being Moderated
    Nov 23, 2011 10:19 PM (in response to Jim Putnam)

    So I still had this issue with iOS 5.0.1 and Airport firmware 7.6   I resolved the issue  (VPN now works from my iPhone from a remote wifi network) as follows:

     

    (Please note not all of these ports may be necessary I have not regressed that yet)

     

    On my airport

    Public UDP Ports 500, 1701, 1723, 4500

    Public TCP Ports 1701, 1723

     

    Private UDP Ports 500, 1701, 1723, 4500

    Private TCP Ports 1701, 1723

     

    The VPN didn't work until I did the following however:

     

    user name, password, and Shared Secret all set to EIGHT (8) characters (letters only in my test)

     

    Yes that's right, it looks to me that the Lion VPN server has a mistake in the maximum length of one of these character strings. 

     

    Kudos if anyone has the time to figure out which one.  Please reply if this fixes your issue.

     

    Thanks,

    Gus

  • Dan Pouliot Level 1 Level 1 (100 points)

    7.6 did not solve this for me. Very frustrating. my iPad can connect, but not my iMac running 10.7.2. I even installed the VPN profile that Lion Server created. I am able to screen share with the server and watch vpnd.log in the console. When I connect w/the iPad the console shows activity. When I attempt to connect with the Mac, nothing. Then the Mac says the L2TP server did not respond. Any ideas? This is end-to-end Apple products (I have an AEBS at my house too).

  • tmksnyder Calculating status...

    Gus,

     

    Wow.  After searching for two hours and struggling, your suggestion of trying 8 characters for the secret, user name, and password fixed it for me.   I was over on each.  I only got it wiorking if all 3 were 8 or less.  Any one of them more than 8, and I would get the following in my log:

     

    CHAP peer authentication failed for <username>

     

    DNS, IP, provided IP address from VPN, and the handshakes in the logs all looked good.  I tried reseting users, restarting, restarting services etc.  I was only using local directory as I am still configuring the server.

     

    I can now get in and VPN works.

     

    Again, thanks for that little tidbit.  I had seen suggestions of making the secret alphanumeric but you were the first to mention size of the fields.

  • ScottM Level 1 Level 1 (120 points)

    For what it's worth, as of the latest update, 10.7.3, my remaining VPN issues on Lion Server have been resolved.  Nothing to do with firewalls, airports, or anything else (as I knew) -- something Apple tweaked in this updated version of the vpnd/VPN configuration fixed what was lacking...yay.

  • mightymartin Level 1 Level 1 (35 points)
    Currently Being Moderated
    Feb 13, 2012 12:50 AM (in response to ScottM)

    They absolutely did tweak something in 10.7.3. But for me it worked out the other way around. VPN used to be working nicely for me, now I have the same issue of being able to connect locally but not from outside and I have no idea what I need to change now to get it back to work...

  • abeoadmin Calculating status...

    I have tried all things, except rolling back firmware (because I have a 5thgen) and nothing. I am so dissapointed Apple haven't stepped in, this is a mojor issue with thier products...

  • mightymartin Level 1 Level 1 (35 points)

    Strange thing. After checking my firewall finding nothing I assumed it had something to do with my router or the communication between MBP and router. Port forwarding was unchanged but I found that in the UPnP section some device (probably one of our macs from the IP) had somehow grabbed port 4500. Disabled UPnP (don't think I'll need it anyway) and everythings back to normal.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.