1 2 3 Previous Next 38 Replies Latest reply: Sep 24, 2013 11:34 AM by jeknight
Frazzler Level 1 Level 1 (0 points)

Since upgrading to Mountain Lion (10.8) my VPN that uses L2TP/IPSec with machine authentication with a certificate no longer works. My other VPNs seem OK, I just have a problem using authentication with certificates.

 

Does anyone else have this problem?

 

Here are my logs, connection always seems to fail transmision with Main-Mode Mesage 5 everytime.

 

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IPSec Phase1 started (Initiated by me).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: receive success. (Initiator, Main-Mode message 2).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: receive success. (Initiator, Main-Mode message 4).

Jul 26 11:52:34 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).

Jul 26 11:52:35 XXXXXXXXXX-macbook-pro.local racoon[11746]: IPSec Phase1 started (Initiated by me).

Jul 26 11:52:35 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).

Jul 26 11:52:38 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Phase1 Retransmit).

Jul 26 11:52:41 --- last message repeated 1 time ---

Jul 26 11:52:41 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: receive success. (Initiator, Main-Mode message 2).

Jul 26 11:52:41 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).

Jul 26 11:52:42 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: receive success. (Initiator, Main-Mode message 4).

Jul 26 11:52:42 XXXXXXXXXX-macbook-pro.local racoon[11746]: IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).

Jul 26 11:53:11 XXXXXXXXXX-macbook-pro.local pppd[11745]: IPSec connection failed

Jul 26 11:53:11 XXXXXXXXXX-macbook-pro.local racoon[11746]: IPSec disconnecting from server 138.XXX.X.X


Macbook Pro 17" (mid 2009), Mac OS X (10.6.1), MacBookPro5,2
  • 1. Re: Mountain Lion VPN problem?
    msltx Level 1 Level 1 (10 points)

    I have the same problem after upgrading from Lion to Mountain Lion. What I did is open Keychain Access and grant the VPN certificate (the private key part) to allow for all applications to access.

  • 2. Re: Mountain Lion VPN problem?
    kremik Level 1 Level 1 (0 points)

    Hallelujah - This soleved the problem for me as well! Thanx a lot msltx!

  • 3. Re: Mountain Lion VPN problem?
    Frazzler Level 1 Level 1 (0 points)

    Great, many thanks for helping out, your answer was spot on, I was beginning to think I may have to wait for OS update but you solved it.

     

    Cheers

  • 4. Re: Mountain Lion VPN problem?
    Adnanm Level 1 Level 1 (0 points)

    I am a bit new at this. i use to have seemless VPN access to my work computer but when I upgraded to ML it all screwed up.

    i use viscosity to for VPN and then Windows RDC to connect to my work computer. now when i connect through VISCOSITY it tells me that I am connected to my work server but when I try to use RDC it couldnt connect. at the same time while I am connected to VPN via Viscosity my internet stop working. I dont know what is going on but it is too frustrating for me.

    anyways, can you please tell me how can I grant the VPN certificate (the private key part) to allow for all applications to access.

    Thanks

  • 5. Re: Mountain Lion VPN problem?
    Frazzler Level 1 Level 1 (0 points)
    1. Open Keychain Access (use spotlight), search for the certificate you use in your VPN configuration using the search box which is located in top right of the winddow, you may have to select the appropriate keychain from the list in the left hand navigation column titled 'Keychains', for me, mine was in the System keychain.
    2. You should see your certificate listed int he main window, it should have a small arrow to the left of the certificate name.
    3. Click on the arrow and this should reveal the private key below, it has a key icon associated with it.
    4. Double click on the private key and a window should pop up showing the private key.
    5. At the top of this window there are two buttons that can be toggled, 'Attributes' and 'Access Control', by default the Attributes button is selected (greyed out). Click on the 'Acces Control' button.
    6. The window changes to display a couple of butons, the top one 'Allow all applications to access this item' and 'Confirm before allowing access'. Click the top button 'Allow all applications to access this item'
    7. Click on the button 'Save Changes', you may have to enter your admin pasword.
    8. Close all the windows and quit Keychain Access.
    9. Now try your VPN.
    10. Good luck.
  • 6. Re: Mountain Lion VPN problem?
    3g91ld3a Level 1 Level 1 (0 points)

    I'm experiencing the same issue on OSX 10.8 with certificates-based L2TP over IPsec VPN with MS-CHAPv2 for PPP, but the identified solution did not resolve the issue for me. /var/log/system.log shows the same as the OP. I've seen previous posters who had PPP issues using CHAP or PAP, but MS-CHAPv2 should "just work" OOB on the native client.

  • 7. Re: Mountain Lion VPN problem?
    3g91ld3a Level 1 Level 1 (0 points)

    I've been testing and determined the issue is definitely certificate related. Using PSK-based L2TP over IPsec with MS-CHAPv2 for PPP works just fine. However, the introduction of the certificate borks it. Any ideas?

  • 8. Re: Mountain Lion VPN problem?
    Schmokolowski Level 1 Level 1 (0 points)

    Thank you very much, you're my hero of the day, VPN is now working as it did before!

  • 9. Re: Mountain Lion VPN problem?
    jippeh Level 1 Level 1 (5 points)

    The solution works indeed, but adds a security risk by allowing all application access to the private key. Better would be to _only_ allow the VPN client (racoon) access.

     

    So instead of choosing the option "Allow all applications to access this item", you should use the option "Always allow access by these applications:" and select racoon. The path fo the executable is /usr/sbin/racoon.

     

    Pro tip: if you don't see the /usr folder when browsing for the executable, use the Show hidden files shortcut: cmd-shift-. (cmd-shift-dot).

  • 10. Re: Mountain Lion VPN problem?
    greg.shaw Level 1 Level 1 (0 points)

    My problem with it. I can access VPN okay. However, when I then tried to access my organisations web pages it will not load. Other web pages are ok. The problem is the same no matter I am on the internal network or coming in from outside the network. When I turn VPN off it is OK. I use the built in VPN in Mountain Lion. The previous OS was fine.

  • 11. Re: Mountain Lion VPN problem?
    Frazzler Level 1 Level 1 (0 points)

    Where does your VPN connect to and where are your organisations web pages hosted?

     

    I suspect this is something to do with DNS and nothing at all to do with Montain Lion upgrade.

  • 12. Re: Mountain Lion VPN problem?
    greg.shaw Level 1 Level 1 (0 points)

    As I said my VPN connection works fine -- It shows I am connected, but consequently I can not then access the actual organization's web site. Web pages are hosted in the organization - www.cdu.edu.au

  • 13. Re: Mountain Lion VPN problem?
    Nuno Barreto Level 1 Level 1 (0 points)

    I have the same problem, but my case is a bit different, since my certificates do not show on the Keychain Access. They are stored in /private/etc/cert.

     

    Any idea How I could solve that problem in this case?

  • 14. Re: Mountain Lion VPN problem?
    Nuno Barreto Level 1 Level 1 (0 points)

    path certificate "/private/etc/cert" in /etc/racoon/racoon.conf

1 2 3 Previous Next