Q: Just updated to OS X server 3.0 now VPN is not working

Change port forwarding settings so that 1701 UDP is forwarded, not 1701 TCP.

http://support.apple.com/kb/TS1629?viewlocale=en_US&locale=en_US

Bryan Dulock

Houston, TX

ACN

I've removed all the port forwarding in my AEBS and let Server recreate the port forwarding for VPN by itself inside of Server and I still can't connect.

Can anyone post their exact settings (without giving away any security info, obviously) to show us that it's working. Maybe there's a small detail that many of us are overlooking since it works for some of you but not for the rest of us.

Thanks.

I seem to be having this problem as well.  I can make a L2TP VPN connection to the server on my local network but not from outside.  I'm using a Time Capsule as my router and DHCP server.   Server seems to be setting up the ports on the TC correctly but I'm unable to connect from outside.  I did have iCloud/BackToMyMac turned on but have now turned BTMM off and logged off of iCloud on that machine and restarted but still no VPN connection.  I do not have any routes set up as I'm happy to have all traffic go via the VPN when I'm connected but don't know if I need a route to make L2TP work.  I don't believe I did under 10.8.

Hello there as well,

I've the same issue and I investigate the problem. The reason why it does not work is, that the racoon (IKE Daemon) does not accept connections on port 4500 (IKE for NAT-T) if the source port is random generated.

Since Mavericks and IOS7 the source port from the client is no longer 4500, this lead to this problem (except you have a old VPN connection already setup bevor you update to IOS7 on your Phone).

If you are in the same network like your server, the IKE NAT-T is not used. In this case the regular port 500 (IKE) is used, and this works as expected. At the moment we have to wait if the problem is fixed by Apple.

There are two possibilities, they can adjust the clients or the server configuration. However if you want to use VPN with OS X native methods, use PPTP. This is not affected but of course it provides no Layer 2 Tunneling.

Regards,

Daniel

Hello bfdulock,

I was working with ML  Server 2.2.2 and all was fine! After upgrade to Mavericks, VPN is not working any more, when I try to connect from outside my network. Local all is still working as well as before.

Because I want to solve the issue, I did multiple Tests. Nothing helps me to connect vis L2TP with my Mac Server 3 - VPN.

Here is something new: I tried to connect with an iPod touch 4. Generation, running iOS 6.1.3. The iPod couldn't connect with the Server, not from intern the local network, and still not from the outside.

So it seems Apple has to do somethung, not the user !!

Best regards,

Heiner

For those that are having VPN issues outside the local network and is connecting VPN locally fine on OS 10.9 Server,

      Has anyone tried turning off the built-in Adaptive Firewall  of OS 10.9? If it works., then I suggest deleting the prefs file of the adaptive firewall

com.apple.alf.plist

I know when I moved up to Mavericks Server form 10.8.5 Server it generated

com.apple.alf.plist.lockfile

com.apple.alf.plist~orig

I know I did not have any issues with my VPN,  but one of my clients who has a 10.8.5 Server had some adaptive firewall issues and was do to a corrupted com.apple.alf.plist

try turning off the adaptive firewall if you are using it.. delete the prefs and turn it on again so it can create a new prefs. check out the options to make sure correct options are there.

Ok, I'm a little confused.. What firewall is the one you can turn on at Security and Privacy?

vs

http://support.apple.com/kb/HT5519

oh I guess I got confused with past articles that I read... oh welll.....

anyway for those that upgraded from 10.6.8 server or before and kept ipfw settings I wonder if that's an issue?

http://support.apple.com/kb/HT5413

Ok... Now I answered my own question.. apparantly, I've been using Application Layer Firewall (alf)...... ok time to switch on Adaptive firewall through OS X Server...

Anyway for those who have been using ALF through Security and Privacy,  yeah try deleting the prefs for it.. might work...

I have the same issue. I can connect with PPTP but can't connect with L2TP from the internet, but it works from the local LAN. I called Apple support and they told me, after sending them my server logs, that it's a bug in the server and it will be fixed in 10.9.1

Same here, but I found something new today,
the l2tp vpn can connect when i am in local network, AS WELL AS when I am in SOME of the external network. today I tried to connect the vpn server which locate at home from a wifi network in the univeristy, and it worked.

the network I tried and failed before include the 4G cellular network of my iphone and most wifi.

seems the network in my university uses some kind of cisco-related system.

what I am sure is, this is not related to any DNS (as ssh worked properly) nor firewall (as it worked on some networks).

should it be some configurations about how packets are treated? I have no knowledge on this..

Universities often have large blocks of actual ip addresses, which won't need nat-t to work. That's why they work without modification. Reverting raccoon works.

how to revert raccoon? nice if there is step by step guide, and even nicer if everything can be finished in ssh terminal.

Thanks!

It's not that easy. You need to have a copy of ML's raccoon before you can start. I reverted from Time Machine backups of the server for most of my servers, but one, I copied from a yet-updated machine. Your mileage may vary.

Once you have a copy, replace the one in /usr/sbin, and reboot.

so it is impossible if i don't have a backup.....

If you have another ML machine, it's a part of the standard OS. I doubt Apple would like it if someone distributed it, and I don't really want a call from their lawyers today.