Currently Being ModeratedAug 12, 2011 5:59 AM (in response to topping)
I understand that there are 5 different issues that are being presented in this thread. When I say solved I was speaking of the OP and their issue.
The OP was very specific about their config, a lot of folk have hijacked this thread for their own issues with a completely different configuration.
Currently Being ModeratedAug 18, 2011 12:16 AM (in response to Rob Shepard)
i had the same problem. It's not about your NAT. Its related to your HOST-NAME settings on your Lion mac-Server.
go to Lion Server.app and connect to your Lion Server.
go to the HARDWARE-group (left side) and select your Lion Server.
go to Network and edit your HOSTNAME.
my hostname was choosen as a local-hostname like mini.local, but this is only for internal use.
you have to choose a server.private name, or a real domainname.
if you follow these steps, it would work from inside your network and from internet too.
Currently Being ModeratedAug 19, 2011 2:56 AM (in response to Rob Shepard)
I've got a similar problem. Been running an L2TP/IPSec vpn service using Snow Leopard for months. Upgraded to Lion and now locval vpn connectivity on the same network works but external access to VPN doesn't Difference is that The serve is on our Uni network so there's no NAT router issues as some people have suggested. Everything has a real IP address and as I managet the outside world firewall its not that either.
I'm currently routing people through a backup leopard VPN server till I get the Lion one working.
Also, Do apple want to make things difficult w.r.t. VPN server connectivity?
The Snow Leopard VPN server management page wasn't the best in the world but at least you could quickly see how many VPN users you had and what their userids were. With Lion it looks as if the only thing you can do is look at the diag log for the service..... or have they moved it to some other location?
Currently Being ModeratedAug 21, 2011 5:58 AM (in response to Rob Shepard)
I have been trying to get Lion VPN server up for a while....struggling with the same issues as folks listed here.
I was able to connect on local LAN, but not from WAN. I figured that it must be something with my router [DD-WRT on Linksys 54g].
The apple help says only a couple of ports need to be forwarded. I reviewed the traffic on local LAN and made the following router adjustments:
- Forward ports 50, 51, 500, 548, 1701, 1723, 4500 to the server
- Do not filter anonymous internet requests
- Do not filter multicast
- Do not filter NAT Redirection
The VPN connections are now working for me from WAN side. I still cannot see other IPs on my LAN once VPN'ed in.
BTW, thanks to the following post for insight as well:
Currently Being ModeratedOct 4, 2011 6:52 AM (in response to drrock77)
This sounds like it might be the solution I am looking for (my iPhone and iPad can VPN in, but not my iMac). I am the admin for my offices airport extreme so I can configure the ports, however I'm a little confused as to the specifics.
For each service, the router asks for a list of public UDP and TCP ports and then a list of private UDP and TCP ports. How I had it configured previously to today was:
public UDP ports: 500, 1701, 4500
public TCP ports: 1701
private UDP ports: 500, 1701, 4500
private TCP ports: 1701
So my question is, for the list of ports to forward, which ones go under UDP and which ones go under TCP? Thanks!
Currently Being ModeratedNov 9, 2011 12:07 PM (in response to pjunger)
Rolling back the AirPort Extreme firmware to 7.4.2 worked for me. Many thanks for this suggestion. Going to give Apple Feedback now.
Currently Being ModeratedNov 11, 2011 10:28 AM (in response to Jim Putnam)
I had VPN problem as well in 7.5.2. Updating the Airport Extreme to 7.6 fixed that problem. One thing to note though: airport extreme must not have any mobileme setting.
Currently Being ModeratedNov 12, 2011 5:50 AM (in response to Changren Yong)
Yep. 7.6 seems to have solved this issue. Thanks Apple.
Currently Being ModeratedNov 23, 2011 10:19 PM (in response to Jim Putnam)
So I still had this issue with iOS 5.0.1 and Airport firmware 7.6 I resolved the issue (VPN now works from my iPhone from a remote wifi network) as follows:
(Please note not all of these ports may be necessary I have not regressed that yet)
On my airport
Public UDP Ports 500, 1701, 1723, 4500
Public TCP Ports 1701, 1723
Private UDP Ports 500, 1701, 1723, 4500
Private TCP Ports 1701, 1723
The VPN didn't work until I did the following however:
user name, password, and Shared Secret all set to EIGHT (8) characters (letters only in my test)
Yes that's right, it looks to me that the Lion VPN server has a mistake in the maximum length of one of these character strings.
Kudos if anyone has the time to figure out which one. Please reply if this fixes your issue.
Currently Being ModeratedDec 21, 2011 2:45 PM (in response to Rob Shepard)
7.6 did not solve this for me. Very frustrating. my iPad can connect, but not my iMac running 10.7.2. I even installed the VPN profile that Lion Server created. I am able to screen share with the server and watch vpnd.log in the console. When I connect w/the iPad the console shows activity. When I attempt to connect with the Mac, nothing. Then the Mac says the L2TP server did not respond. Any ideas? This is end-to-end Apple products (I have an AEBS at my house too).
Currently Being ModeratedDec 30, 2011 1:16 PM (in response to GusTheAppsEngr)
Wow. After searching for two hours and struggling, your suggestion of trying 8 characters for the secret, user name, and password fixed it for me. I was over on each. I only got it wiorking if all 3 were 8 or less. Any one of them more than 8, and I would get the following in my log:
CHAP peer authentication failed for <username>
DNS, IP, provided IP address from VPN, and the handshakes in the logs all looked good. I tried reseting users, restarting, restarting services etc. I was only using local directory as I am still configuring the server.
I can now get in and VPN works.
Again, thanks for that little tidbit. I had seen suggestions of making the secret alphanumeric but you were the first to mention size of the fields.
Currently Being ModeratedFeb 1, 2012 11:58 PM (in response to Rob Shepard)
For what it's worth, as of the latest update, 10.7.3, my remaining VPN issues on Lion Server have been resolved. Nothing to do with firewalls, airports, or anything else (as I knew) -- something Apple tweaked in this updated version of the vpnd/VPN configuration fixed what was lacking...yay.
Currently Being ModeratedFeb 13, 2012 12:50 AM (in response to ScottM)
They absolutely did tweak something in 10.7.3. But for me it worked out the other way around. VPN used to be working nicely for me, now I have the same issue of being able to connect locally but not from outside and I have no idea what I need to change now to get it back to work...
Currently Being ModeratedFeb 15, 2012 8:45 AM (in response to Rob Shepard)
I have tried all things, except rolling back firmware (because I have a 5thgen) and nothing. I am so dissapointed Apple haven't stepped in, this is a mojor issue with thier products...
Currently Being ModeratedFeb 15, 2012 9:00 AM (in response to mightymartin)
Strange thing. After checking my firewall finding nothing I assumed it had something to do with my router or the communication between MBP and router. Port forwarding was unchanged but I found that in the UPnP section some device (probably one of our macs from the IP) had somehow grabbed port 4500. Disabled UPnP (don't think I'll need it anyway) and everythings back to normal.