Q: VPN not working after upgrading to Mavericks

Update is working for me.  Now I'm ready for the equivalent iOS update

The VPN update works ... except if you run a pf firewall. I can't turn off the firewall just to get VPN through.

Here are the pf.conf rules I'm using, at the top of the pf.conf file. These break OS X Server's L2TP, but I don't see why.

vpn_udp_services = "{ 500, 1701, 4500 }"

vpn_tcp_services = "{ 1723 }"  # PPTP port, which should be disabled

pass log quick proto udp from any to any port $vpn_udp_services

pass log quick proto tcp from any to any port $vpn_tcp_services

I see the incoming connects with tcpdump, so this should work, but does not. VPN doesn't connect through the server's pf firewall.

$ sudo ifconfig pflog0 create

$ sudo tcpdump -n -e -ttt -i pflog0

00:00:11.571839 rule 2/0(match): pass in on en0: 193.28.195.240.37857 > 10.0.1.3.500: isakmp: phase 1 I ident

00:00:01.279990 rule 4/0(match): pass in on en0: 193.208.95.240.49286 > 10.0.1.3.4500: NONESP-encap: isakmp: phase 1 I ident[E]

Does anyone have OS X Server's VPN service working with a pf firewall? What are your pf.conf rules?

It appears that OS X Server's VPN technology continues to be problematic compared to TLS-based VPN.

I have it running with IceFloor.  Rules are a basic setup- only ports forwarded at the router are the ones for VPN and the only thing allowed into the server are the same ports. I can pull the actual rules later today if you want/it would be helpful.

Thanks -- I had a look at my test IceFloor setup and learned that my nat rules cause the problem, Changing the nat command to this directive allows both L2TP and OpenVPN connections:

int_if = "en0"

nat on $int_if inet from 10.8.0/24 to any -> ($int_if)

Is there an IOS equivalent?

FYI the new update seems to work only if Universal plug and play (UPNP) is disabled on your router.

Hello davedavedave.h,

Could you repost that mavericks-vpn-fix.tar,gz? I've been struggling with VPN issues since upgrading to 10.9, both the native VPN and the Cisco VPN client being broken on my macbook pro. 

Hello I have answered to this problem here: https://discussions.apple.com/message/24376499#24376499

I have Mavericks 10.9.1 installed and the issue is still not fixed for PPTP VPN type.  The "fix" by Tsirakis does not work.

Hello, my solution works for sure for Cisco IPSEC VPN with OSX 10.9.1. In the configuration file I have used:

IKE Authmode psk

Just thought I'd put my two cents in. I've had this issue since first installing Mavericks and finally after trying a few of the fixes people have put forward in this thread, this is the one that finally worked for me:

Running in Terminal: sudo sysctl -w kern.ipc.maxsockbuf=6291456

Create the file /etc/ppp/options (it didn't exist on my disk) and enter this one line: refuse-chap

So the VPN works for me but I lose my connection very often. During the day I have to connect and disconnect like 10 times to get one connection that would last more than 10 minutes. I have used a fix where you go to Open Network Preferences, create a new location and clean all the connections like ethernet, firewire and etc, leaving only Wi-fi. It worked in the first moment and sometimes it works if I keep changing between automatic and a configured new location.

My problem is that it is still not perfect as it was before the update. I still 'get kicked' from internet access. Sometimes I even lose the connection once I disconnect from the VPN. Then I have to restart the PC. Please if anyone know if there's a fix for this kind of problem let me know.

Just to weigh-in, and I realize you are not having success, but we are running the vpn (in Mavericks clients and Mavericks server) for full business days (like 8-10 hours) without issue. Here and there something might happen, but it is likely from the internet provider on either end. It really has been pretty good for us since the fix came out.

Finally I found the solution to this problem. At leat it's a workaround that has proven to be working for my customers.

The problem :

Once the customer connects via Network Connect (SSL VPN), and launches a citrix session or a remote amin or a remote desktop session, he is disconnected after seconds or at most after 2 minutes.

Solution/Workaround:  using the Junos Pulse version 4.0R6 has solved the problem for all customers with this problem.

N.B.  Junos Pulse version 4.0R6 is downloadable from Juniper support download page - you have to have an account linked to ans SA series

I hope it does the same for you guys.

I have a huge problem with my 27" iMac and VPN, since Mavericks.

I always used it and it worked perfectly for years. Since Mavs, when I am connected to VPN, I will get a little snitch message come up asking if any one of many apple processes (icloud helper, assistand just examples). No matter what I click, allow or deny, the machine instantly crashes and power recycles. It comes up with the white screen "your computer restarted because of a problem" and then boots up.

It is losing me a lot of data each time, and is very worrying to see the machine just die in an heartbeat like that.

Anyone know if this is the same issue you are speaking about on this thread? I need a fix, basically VPN is off limits to me now as i can't risk data loss and corruptions. It happens every time i get the LS message pop up. any advice greatly appreciated.