Q: L2TP VPN not working over internet

Hello there,

I have the same problem. Some other threads I've found, are talking about it as an iOS-Problem, cause it seems, that you can connect with an Mac running new Mac OS X Mavericks as well. I couldn't test that 'til now.

Why do we allways have to buy a new Version of OS X Server, when upgrading the System?? Software should ever be downwards compatible.... So Apple: Do something to fix your bugs in Mavericks!!

Since Steve Jobe died, the Quality of Mac Software is going down more and more!!

Regards,

Heiner

Hello there as well,

I've the same issue and I investigate the problem. The reason why it does not work is, that the racoon (IKE Daemon) does not accept connections on port 4500 (IKE for NAT-T) if the source port is random generated.

Since Mavericks and IOS7 the source port from the client is no longer 4500, this lead to this problem (except you have a old VPN connection already setup bevor you update to IOS7 on your Phone).

If you are in the same network like your server, the IKE NAT-T is not used. In this case the regular port 500 (IKE) is used, and this works as expected. At the moment we have to wait if the problem is fixed by Apple.

There are two possibilities, they can adjust the clients or the server configuration. However if you want to use VPN with OS X native methods, use PPTP. This is not affected but of course it provides no Layer 2 Tunneling.

Regards,

Daniel

I'm a bit confused between the use of vpnd and racoon, but I think that vpnd uses racoon for IKE. The fun bit is that racoon can do NATT, but I can't seem to make it work. I'm not convinced that we have to wait for Apple to fix this.

I replaced /usr/sbin/racooon with the version from Mountain Lion and that seems to work (though seemed to screw up Screen Sharing authentication until I rebooted).

I just made post with my observations with Verizon FIOS Router at this other link but still uncomfortable with

this being unresolved definatively in so many years of discussion.

My link asks about bad rule in IPSec definition.

UDP Source in IPSec is 500 as well as destination.

What will this do ?

I was Live chatting on Actiontec when tech disconected after an hour without notice.

replacing /usr/sbin/racoon (with two 'o's) didn't work for me.

It took a reboot, but it did finally work. Thanks! I was mucking around with the settings, not thinking of trying a binary replacement.

Looks like there is a VPN Update for OS X Server that just came out. It requires OS X 10.9.1. Installing it myself now.

Good luck to everyone.

Hi TonyPHX_623,

I'm glad it fixed you up. Thank you for the courtesy of awarding the "solved" for this thread, it is much appreciated.

Hello - I seem to be having the same problem but on OSX 10.10.3 Yosemite with Server 4.0.3.

Is there any fix available for this or workaround?  Screenshot below show the log connecting from outside my Airport express (where it does not work) and then over the LAN (where it does work).