denningsrogue

Q: Post Mavericks (server) upgrade, vpn has stopped working.  Any suggestions?

I upgraded by Mac mini server to Mavericks (including the server update). Now the VPN has stopped working.  Pre update I used the vpn for my MacBook Air, iPad and iPhone.  Now nothing works.  I've checked my router (Apple) and it appears to be set up appropriately to pass VPN traffic. Any ideas?

Mac Mini Server, Mac OS X (10.6.3)

Posted on Oct 23, 2013 12:52 AM

Close

Q: Post Mavericks (server) upgrade, vpn has stopped working.  Any suggestions?

  • All replies
  • Helpful answers

first Previous Page 4 of 8 last Next
  • by powercore,

    powercore powercore Oct 30, 2013 2:45 AM in response to Choddy1
    Level 1 (10 points)
    Oct 30, 2013 2:45 AM in response to Choddy1

    Hello there as well,

     

    I've the same issue and I investigate the problem. The reason why it does not work is, that the racoon (IKE Daemon) does not accept connections on port 4500 (IKE for NAT-T) if the source port is random generated.

     

    Since Mavericks and IOS7 the source port from the client is no longer 4500, this lead to this problem (except you have a old VPN connection already setup bevor you update to IOS7 on your Phone).

     

    If you are in the same network like your server, the IKE NAT-T is not used. In this case the regular port 500 (IKE) is used, and this works as expected. At the moment we have to wait if the problem is fixed by Apple.

     

    There are two possibilities, they can adjust the clients or the server configuration. However if you want to use VPN with OS X native methods, use PPTP. This is not affected but of course it provides no Layer 2 Tunneling.

     

    Regards,

    Daniel

  • by Graeme Wood,Solvedanswer

    Graeme Wood Graeme Wood Oct 31, 2013 7:07 AM in response to powercore
    Level 1 (10 points)
    Oct 31, 2013 7:07 AM in response to powercore

    Based on this I thought I would try replacing /usr/sbin/racoon with the version from Mountain Lion and it seems to be working.

  • by jwestveer,

    jwestveer jwestveer Oct 31, 2013 4:33 PM in response to denningsrogue
    Level 1 (0 points)
    iTunes
    Oct 31, 2013 4:33 PM in response to denningsrogue

    Same problem here.  VPN server worked on ML, but after upgrade to Mavericks it does not respond to L2TP and does not validate to PPTP requests.  ;-(

  • by jwestveer,

    jwestveer jwestveer Oct 31, 2013 5:32 PM in response to Graeme Wood
    Level 1 (0 points)
    iTunes
    Oct 31, 2013 5:32 PM in response to Graeme Wood

    So I tried your solution and moved from a time-machine backup of my

    MountainLion copy of  -r-xr-xr-x  1 root   wheel  1279376 racoon  to my Mavericks apple server;

    rebooted the server, and Ill-be-darned the L2TP connection does work from my workstation and IOS devices!!!  

    But the PPTP connection still fails.

     

    Eh, good enough for me, thanks!

  • by GregoryGearGuy,

    GregoryGearGuy GregoryGearGuy Oct 31, 2013 8:20 PM in response to Graeme Wood
    Level 1 (0 points)
    Oct 31, 2013 8:20 PM in response to Graeme Wood

    Thanks so much for posting this, not sure why I didn't think about trying this - Worked like a champ!

  • by Changren Yong,

    Changren Yong Changren Yong Oct 31, 2013 8:23 PM in response to Graeme Wood
    Level 1 (108 points)
    Mac OS X
    Oct 31, 2013 8:23 PM in response to Graeme Wood

    Thanks that worked! Though if i try to connect with an "services only" account, it would crash Mavericks.

  • by jwestveer,

    jwestveer jwestveer Nov 1, 2013 11:23 AM in response to Changren Yong
    Level 1 (0 points)
    iTunes
    Nov 1, 2013 11:23 AM in response to Changren Yong

    "services only" ?   I connected with an 'open-directory' username that has no home-dirs, as the user for the VPN connection.  And as a 'real' user on the client machine.

     

    But you are correct, this is a hack and may cause other problems.

     

    I opened a case with Apple enterprise support.  Wonder how long a fix will take......tick...tock....tick....tock.

  • by Tom Sheppard,

    Tom Sheppard Tom Sheppard Nov 1, 2013 2:53 PM in response to denningsrogue
    Level 1 (25 points)
    Mac OS X
    Nov 1, 2013 2:53 PM in response to denningsrogue

    For all the good it will do I'm adding a "me too." While running on Mountain Lion I had no problem. "Upgrade" to Mavericks and VPN stopped working when connecting externally and internally. I also can't connect to my calendar & contact servers externally.

     

    No changes to the router. Double-checked all ports open. Rebooted everything I could find including the dogs.

     

    I'm seeing similar logs as others such as:

    server.private servermgrd[64202]: Failed to connect to the IGD, no status info available, error is Error Domain=com.apple.ACPDevice Code=-6753 "The operation couldn\u2019t be completed. (com.apple.ACPDevice error -6753.)"

     

    I'm not a security hack so paying money for Server was my way of obtaining services without the steep learning curve. That's no longer the case, I guess. Silly me.

  • by JohnOnTheCoast,

    JohnOnTheCoast JohnOnTheCoast Nov 1, 2013 9:42 PM in response to denningsrogue
    Level 1 (0 points)
    Nov 1, 2013 9:42 PM in response to denningsrogue

    For others who need L2TP VPN and don't want to wait for Apple's fix,

    Replacing only Mavercks's /user/sbin/raccoon with  Mountain Lion's earlier version (extracted from Time Machine) worked perfectly for me for fixing the totally broken L2TP VPN caused by the recent OS X Server update. I have seen no problems and can happily connect from all devices from external NAT or internal.

  • by JoshuaOchs,

    JoshuaOchs JoshuaOchs Nov 2, 2013 12:53 AM in response to JohnOnTheCoast
    Level 1 (0 points)
    Nov 2, 2013 12:53 AM in response to JohnOnTheCoast

    I wish I knew what was going wrong for me - I've tried to do this a dozen times and all I get is a constantly-crashing racoon (even after a reboot and all). I'm guessing something is now utterly hosed in my VPN settings, especially seeing as I've been trying things like crazy to get this to work. Any way (short of a full re-install or reverting to Time Machine backup) that I can reset everything to do with the VPN service?

  • by Scotty R,

    Scotty R Scotty R Nov 5, 2013 5:24 PM in response to denningsrogue
    Level 1 (0 points)
    Nov 5, 2013 5:24 PM in response to denningsrogue

    Upgraded ML server to Mavericks and VPN stopped working: Attempting to connect would fail within 30-40 seconds whereas with ML Server, it was rock solid. For some reason, the symptoms reminded me of issues long ago with one of the System Accounts lacking proper access to services. With Server App connected to the Mavericks server, Click on Users, then view System Accounts ("View->Show System Accounts" in menu). My list includes "VPN MPPE Key Access User" and it said "Not Allowed" next to it. That's suspicious. Edit that User's "Access to Services" and ensure that "VPN" is clicked...it wasn't for me. That cleared it up immediately. Mavericks VPN server is now rock solid. YMMV.

  • by jwestveer,

    jwestveer jwestveer Nov 5, 2013 7:25 PM in response to Scotty R
    Level 1 (0 points)
    iTunes
    Nov 5, 2013 7:25 PM in response to Scotty R

    Edit that User's "Access to Services" and ensure that "VPN" is clicked...

     

    Tried it.  Unfortunately it did not work for me.

  • by JoshuaOchs,

    JoshuaOchs JoshuaOchs Nov 5, 2013 8:28 PM in response to Scotty R
    Level 1 (0 points)
    Nov 5, 2013 8:28 PM in response to Scotty R

    @Scotty R: Odd, my system has no VPN-related users whatsoever under system accounts, which makes such a fix hard to implement. Anyone know what would kick off fixing that user? Simply disabling/re-enabling the VPN and PPTP did nothing.

  • by kerryfung,

    kerryfung kerryfung Nov 6, 2013 2:24 AM in response to Scotty R
    Level 1 (0 points)
    Nov 6, 2013 2:24 AM in response to Scotty R

    No luck for me. I checked that all users has already been enabled to access VPN, but connection was only by chance and only one account would be able to login at a time.  Further attempt to connect to VPN when there is already a user connected would be denied.  I have only been able to log in when I was away but not when I am in the same country (Hong Kong).

  • by Tom Sheppard,

    Tom Sheppard Tom Sheppard Nov 6, 2013 1:00 PM in response to Scotty R
    Level 1 (25 points)
    Mac OS X
    Nov 6, 2013 1:00 PM in response to Scotty R

    Didn't work for me but many coffee shops are blocking VPN now so it's getting harder to tell.

first Previous Page 4 of 8 last Next