tdudley55555

Q: Just updated to OS X server 3.0 now VPN is not working

When my boss trys to VPN with his laptop, it gets stuck authenticating.  He has shutdown restarted, but still is not able to logon.  Suggestions? I am running the new OS Maverick with the new OS X server software 3.0.

OS X Mountain Lion (10.8.2)

Posted on Oct 23, 2013 10:36 AM

Close

Q: Just updated to OS X server 3.0 now VPN is not working

  • All replies
  • Helpful answers

Previous Page 2 of 6 last Next
  • by AEMM,

    AEMM AEMM Oct 23, 2013 7:45 PM in response to tdudley55555
    Level 1 (0 points)
    Oct 23, 2013 7:45 PM in response to tdudley55555

    same issue here

  • by Emilio Graveran,

    Emilio Graveran Emilio Graveran Oct 24, 2013 4:28 AM in response to tdudley55555
    Level 1 (10 points)
    Oct 24, 2013 4:28 AM in response to tdudley55555

    I can't connect locally or out on the public internet. One thing I did see is that my Mavericks machines can connect to a ML Server without any issue.

     

    I tried to remove the VPN ports and let Mavericks Server add it's own VPN port numbers and still nothing.

     

    I'm with someone else thinking that it's a new firewall issue or something. Wish Apple would chime in on this or send out a patch.

  • by _cpo_,

    _cpo_ _cpo_ Oct 24, 2013 8:28 AM in response to tdudley55555
    Level 1 (0 points)
    Oct 24, 2013 8:28 AM in response to tdudley55555

    same here for me, vpn simply not working.

     

    osx server stability is really bad - I never had a completely functioning environment since 10.6 anymore. this is really ridiculous for a so called "server software". and I paid for it once more.

  • by fseyler ,

    fseyler fseyler Oct 24, 2013 9:49 AM in response to fseyler
    Level 1 (4 points)
    Oct 24, 2013 9:49 AM in response to fseyler

    On the VPN Client put de local IP VPN Server (192.168.xxx.xxx) and will connect. Actually it is a firewall problem, it's my opinion.

  • by grumpytorpor,

    grumpytorpor grumpytorpor Oct 24, 2013 1:44 PM in response to fseyler
    Level 1 (0 points)
    Oct 24, 2013 1:44 PM in response to fseyler

    It isn't a firewall problem, exactly.  Admins with this problem (including myself) have reported switching back to ML Server and everything working properly, no firewall adjustments needed.  Given the volume of people reporting this problem and lack of solutions, it seems that something about Server 3.0 doesn't behave according to the L2TP specification and ends up being blocked by firewalls which are correctly configured for L2TP traffic.

     

    I have many networks with OS X Server VPN service functioning as the portal in.  They variously run SL Server and ML Server without problem.  It's only when I started this test network to check out Mavericks Server that I saw this problem.  The settings on the test machine's Mavericks partition are *exactly* the same as the ML partition and yet the Mavericks partition can only open VPN connections for people already inside the network, which is not useful except in very esoteric situations.

  • by bfdulock,

    bfdulock bfdulock Oct 24, 2013 2:34 PM in response to _cpo_
    Level 2 (214 points)
    Oct 24, 2013 2:34 PM in response to _cpo_

    I just tested VPN access to a remote Mavericks server and it does work.  Be aware of the following bug:  the VPN menu icon in Mavericks on the client does not show an active connection.  You must view the VPN drop-down menu or open network preferences to see the active connection.

     

    My setup uses L2TP over IPSec with a Comcast modem and port forwarding.  Both server and client are running Mavericks.

     

     

    Bryan Dulock

    Houston, TX

    Apple Consultants Network

  • by fseyler ,

    fseyler fseyler Oct 24, 2013 2:51 PM in response to grumpytorpor
    Level 1 (4 points)
    Oct 24, 2013 2:51 PM in response to grumpytorpor

    Grumpy....At absolutely agree with you.

     

    Bryan.......The L2TP-VPN Server not Response........

     

    TKS.

  • by grumpytorpor,

    grumpytorpor grumpytorpor Oct 24, 2013 3:00 PM in response to bfdulock
    Level 1 (0 points)
    Oct 24, 2013 3:00 PM in response to bfdulock

    bfdulock, that's interesting.  Do you just have the standard 3 L2TP ports forwarding: 500, 1701, and 4500?

  • by bfdulock,

    bfdulock bfdulock Oct 24, 2013 3:06 PM in response to grumpytorpor
    Level 2 (214 points)
    Oct 24, 2013 3:06 PM in response to grumpytorpor

    Yes, those three UDP ports as well as pass-thru for IP-ESP protocol (IP protocol 50, ESP).  It may be that Comcast modems by default have the pass-thru enabled.

     

     

    Bryan Dulock

    Houston, TX

    Apple Consultants Network

     

    Message was edited by: bfdulock

  • by fseyler ,

    fseyler fseyler Oct 24, 2013 7:05 PM in response to tdudley55555
    Level 1 (4 points)
    Oct 24, 2013 7:05 PM in response to tdudley55555

    if you select PPTP work geat, the problem is L2TP, come on PATCH!!!!

  • by Vraiment,

    Vraiment Vraiment Oct 25, 2013 9:43 AM in response to fseyler
    Level 1 (0 points)
    Oct 25, 2013 9:43 AM in response to fseyler

    I can connect to PPTP (in the local network, haven tried outside it) but it gives me an authentication error:

     

    25/10/13 11:38:36.877 pppd[1155]: DSAuth plugin: unsupported authen authority: recved Kerberosv5;;XXXXXXXX@LKDC:SHA1.3C1F3102A3C5684B8F305FFC23F8132F9030C554;LKDC:SHA1.3C1F3102A3C5684B8F305FFC23F8132F9030C554, want ApplePasswordServer
    

     

    Any ideas for a fix?

  • by tdudley55555,

    tdudley55555 tdudley55555 Oct 25, 2013 10:44 AM in response to tdudley55555
    Level 1 (0 points)
    Oct 25, 2013 10:44 AM in response to tdudley55555

    CHECK THE BACK TO MAC IN ICLOUD SETTINGS.

     

    Had the boss look at the iCloud and turned off Back to Mac.  Everything was back to normal.   Thank you Egender.

  • by _cpo_,

    _cpo_ _cpo_ Oct 25, 2013 11:14 AM in response to tdudley55555
    Level 1 (0 points)
    Oct 25, 2013 11:14 AM in response to tdudley55555

    is just noticed that the vpn service is only listening on ports 500 and 4500:

     

    lsof -i4 -n -P | grep racoon

     

    racoon37755       root6u  IPv4 0x8e6f335c5caa21e7  0t0  UDP 192.168.2.5:500
    racoon37755       root7u  IPv4 0x8e6f335c5cf0d987  0t0  UDP 192.168.2.5:4500
    racoon37755       root   12u  IPv4 0x8e6f335c5be31c2f  0t0  UDP 127.0.0.1:500
    racoon37755       root   13u  IPv4 0x8e6f335c5cf0db6f  0t0  UDP 127.0.0.1:4500

     

    shouldn't it be listening on port 1701 and 1723, too? (no other program is listening on these ports, either)

  • by Russell Wittmann,

    Russell Wittmann Russell Wittmann Oct 25, 2013 11:15 AM in response to tdudley55555
    Level 2 (240 points)
    Oct 25, 2013 11:15 AM in response to tdudley55555

    I can verify that after the upgrade vpn works.  but push mail does not

  • by odx,

    odx odx Oct 25, 2013 11:28 AM in response to tdudley55555
    Level 1 (5 points)
    Safari
    Oct 25, 2013 11:28 AM in response to tdudley55555

    I can verify the following:

     

    Mountain Lion Server with Port Forwarding 1701 TCP, 500 UDP and4500 UDP worked.

     

    L2TP is working when there is no firewall between client and server. (Locally inside the same network)

    With the same ports forwarded L2TP is not working through the firewall.

     

    PPTP with TCP Port 1723 is working also for Mavericks.

     

    Any hint how to fix L2TP appreciated!

Previous Page 2 of 6 last Next