Currently Being ModeratedJun 3, 2012 12:47 AM (in response to denisefromak)
You should be able to track the steps of the connection buildup and failure in your log files, both on the client as well as on the server.
Currently Being ModeratedJun 3, 2012 1:23 AM (in response to denisefromak)
Also, you might look into this: http://support.apple.com/kb/HT4748
You can find the shortname for the vpn user in Workgroup Manager->View System Records
This is the solution that worked for me when using L2TP, and only the server admin could login as VPN user.
In vpnd.log there should be an error about 'failing to retrieve MPPE encryption keys' for the user trying to logon. Maybe best if you check that first.
Currently Being ModeratedJun 5, 2012 12:54 PM (in response to denisefromak)
To follow up for future searchers:
Apple support article: http://support.apple.com/kb/HT4748 was very helpful, but it still did not resolve the issue. What is import to mention although, is PPTP works with domain accounts, L2TP with Local Accounts in all cases. I believe the bug in Lion is a little more deep seated in some cases, this one being an example. I have worked around the issue by having my client connect with PPTP and the directory admin account, but accessing the file share with her authentication info (her open directory account).
Currently Being ModeratedJul 18, 2012 5:35 PM (in response to denisefromak)
I am also seeing a similar issue.
But some background first... I had originally exported Open Directory accounts from a 10.5.x server and imported them to the 10.7.4 server. I then had passwords reenterd individually for the acounts, but couldn't get VPN to work even on site. I ended up having to delete the accounts and recreate them individually, but with the same UID in order to get internal VPN to work.
Now I can login with domain acounts through PPTP from off site, but can't login at all with L2TP from off site. I can login with both from on site. I have disabled firewalls on the router and server - temporarily - just to make sure that wasn't any issue... and it wasn't. I have also routed everything through the router so that shouldn't be the issue either. The only log entry of value I can find is below after seeing similar messages saying transmit and receive were successful 4 or 5 times.
racoon: IKE Packet: receive failed. (Responder, Main-Mode Message 5).
Any ideas or resolutions?
Currently Being ModeratedJul 19, 2012 2:30 AM (in response to denisefromak)
I had the same problem and it was resolved with the following terminal comment.
sudo vpnaddkeyagentuser /LDAPv3/127.0.0.1
Also deleting user id 57 (VPN MPPE Key access User) in WGM is an option. However, this is only possible if you don't intend to use PPTP anymore.