shortysharp2
Level 1 (0 points)

Q: VPN does not connect.

Setup:

 

late 2011 mac mini server 10.9.2

newest NON ac Airport Extreme

 

I have been working to get VPN going for awhile and had got it working for a bit but since i had to reinstall the Mac OSX im having issues again, any help is much appreciated...

 

 

This is all that the service log for VPN shows:

 

#Fields: date time s-comment

2014-03-02 10:49:00 MST          Loading plugin /System/Library/Extensions/L2TP.ppp

2014-03-02 10:49:00 MST          Listening for connections...

 

Screen Shot 2014-03-02 at 10.57.03 AM.png

MacBook Pro (15-inch Glossy), OS X Mavericks (10.9.2), 512 SSD, 16GB RAM

Posted on Mar 2, 2014 9:58 AM

Close
shortysharp2

Q: VPN does not connect.

  • All replies
  • Helpful answers

  • by shortysharp2,

    shortysharp2 shortysharp2 Mar 2, 2014 10:07 AM in response to shortysharp2
    Level 1 (0 points)
    Mar 2, 2014 10:07 AM in response to shortysharp2

    Do i have to have my server's IP as a DNS? is that manditory? Do I even need DNS turned on? Will VPN work without DNS?

     

    Screen Shot 2014-03-02 at 11.06.25 AM.png

  • by shortysharp2,

    shortysharp2 shortysharp2 Mar 2, 2014 10:17 AM in response to shortysharp2
    Level 1 (0 points)
    Mar 2, 2014 10:17 AM in response to shortysharp2

    sh-3.2# vpnd -x -d -i com.apple.ppp.l2tp

    2014-03-02 11:16:48 MST          Server 'com.apple.ppp.l2tp' starting...

    2014-03-02 11:16:48 MST          Loading plugin /System/Library/Extensions/L2TP.ppp

    2014-03-02 11:16:48 MST          L2TP plugin: first call to socket failed - attempting to load kext

    2014-03-02 11:16:48 MST          params->daemonize = 0

    2014-03-02 11:16:48 MST          params->max_sessions = 128

    2014-03-02 11:16:48 MST          params->server_id = com.apple.ppp.l2tp

    2014-03-02 11:16:48 MST          params->server_type = PPP

    2014-03-02 11:16:48 MST          params->server_subtype = L2TP

    2014-03-02 11:16:48 MST          params->lb_enable = 0

    2014-03-02 11:16:48 MST          params->plugin_path = L2TP.ppp

    2014-03-02 11:16:48 MST          params->log_path = /var/log/ppp/vpnd.log

    2014-03-02 11:16:48 MST          params->next_arg_index = 37

    2014-03-02 11:16:48 MST          params->exec_args[0] = pppd

    2014-03-02 11:16:48 MST          params->exec_args[1] = serverid

    2014-03-02 11:16:48 MST          params->exec_args[2] = com.apple.ppp.l2tp

    2014-03-02 11:16:48 MST          params->exec_args[3] = nodetach

    2014-03-02 11:16:48 MST          params->exec_args[4] = proxyarp

    2014-03-02 11:16:48 MST          params->exec_args[5] = plugin

    2014-03-02 11:16:48 MST          params->exec_args[6] = L2TP.ppp

    2014-03-02 11:16:48 MST          params->exec_args[7] = 10.0.1.3:

    2014-03-02 11:16:48 MST          params->exec_args[8] = ms-dns

    2014-03-02 11:16:48 MST          params->exec_args[9] = 10.0.1.1

    2014-03-02 11:16:48 MST          params->exec_args[10] = debug

    2014-03-02 11:16:48 MST          params->exec_args[11] = logfile

    2014-03-02 11:16:48 MST          params->exec_args[12] = /var/log/ppp/vpnd.log

    2014-03-02 11:16:48 MST          params->exec_args[13] = idle

    2014-03-02 11:16:48 MST          params->exec_args[14] = 7200

    2014-03-02 11:16:48 MST          params->exec_args[15] = noidlesend

    2014-03-02 11:16:48 MST          params->exec_args[16] = lcp-echo-interval

    2014-03-02 11:16:48 MST          params->exec_args[17] = 60

    2014-03-02 11:16:48 MST          params->exec_args[18] = lcp-echo-failure

    2014-03-02 11:16:48 MST          params->exec_args[19] = 5

    2014-03-02 11:16:48 MST          params->exec_args[20] = mru

    2014-03-02 11:16:48 MST          params->exec_args[21] = 1500

    2014-03-02 11:16:48 MST          params->exec_args[22] = mtu

    2014-03-02 11:16:48 MST          params->exec_args[23] = 1280

    2014-03-02 11:16:48 MST          params->exec_args[24] = receive-all

    2014-03-02 11:16:48 MST          params->exec_args[25] = ip-src-address-filter

    2014-03-02 11:16:48 MST          params->exec_args[26] = 1

    2014-03-02 11:16:48 MST          params->exec_args[27] = novj

    2014-03-02 11:16:48 MST          params->exec_args[28] = noccp

    2014-03-02 11:16:48 MST          params->exec_args[29] = intercept-dhcp

    2014-03-02 11:16:48 MST          params->exec_args[30] = require-mschap-v2

    2014-03-02 11:16:48 MST          params->exec_args[31] = plugin

    2014-03-02 11:16:48 MST          params->exec_args[32] = DSAuth.ppp

    2014-03-02 11:16:48 MST          params->exec_args[33] = plugin2

    2014-03-02 11:16:48 MST          params->exec_args[34] = DSACL.ppp

    2014-03-02 11:16:48 MST          params->exec_args[35] = l2tpmode

    2014-03-02 11:16:48 MST          params->exec_args[36] = answer

    2014-03-02 11:16:48 MST          Listening for connections...

  • by shortysharp2,

    shortysharp2 shortysharp2 Mar 2, 2014 10:31 AM in response to shortysharp2
    Level 1 (0 points)
    Mar 2, 2014 10:31 AM in response to shortysharp2

    I also tried making the server PPTP also and connecting over that and i get the same issue

     

    It does look like my iPhone connects just fine, so maybe its just my macbook pro that cant get on?

    any thing that might be making my computer not try and connect?

     

    just verified with another computer. i am able to get on, just not on my new rMBP.

  • by bfdulock,

    bfdulock bfdulock Mar 2, 2014 10:38 AM in response to shortysharp2
    Level 2 (214 points)
    Mar 2, 2014 10:38 AM in response to shortysharp2

    I can't tell much about your set up, but a simple first test is to try connecting to VPN from another computer on your LAN.  If that works, then you very likely have a firewall misconfiguration.

     

    I don't know if this is affecting your setup, but you have not defined a route for your VPN settings.  A standard route would be something like the following:

     

    VPN Route.png

     

    The IP Address should end in 0 (since it refers to the entire subnet).  The Network Type determines what traffic will pass over the VPN connection.  Normally you would choose Private so only traffic directed to the LAN goes over the connection.  Choosing Public sends all Internet traffic from the client over the VPN connection.

     

     

    Bryan Dulock

    Apple Consultants Network

    Houston, TX

  • by shortysharp2,

    shortysharp2 shortysharp2 Mar 2, 2014 11:24 AM in response to bfdulock
    Level 1 (0 points)
    Mar 2, 2014 11:24 AM in response to bfdulock

    from my understanding routes are not necessary.

    i have connected from another machine and do connect properly so it must be something on my mac specifically.

     

    I went into system preferences and firewall is turned off.

     

    thanks for your help.

  • by cpmax,

    cpmax cpmax Mar 3, 2014 10:48 AM in response to shortysharp2
    Level 1 (10 points)
    Mar 3, 2014 10:48 AM in response to shortysharp2

    A few questions about your set up...

     

    Are you forwarding ports to your VPN or is your mac mini with VPN server on it acting as a gateway?

     

    Are the ip addresses you defined in your L2TP set-up on the same network as your LAN?

  • by jaxk66,

    jaxk66 jaxk66 Mar 15, 2014 10:45 PM in response to shortysharp2
    Level 1 (0 points)
    Mar 15, 2014 10:45 PM in response to shortysharp2

    Hi ShortSharp

    I am assuming you have 1 Server in your Network.

    Do I have to have my server's IP as a DNS?

    • Your internal Server is Yes - It is best to have your DCHP Server and DNS Server on the Same Server.  This will provide your Private Subnet with IP Addresses to Friendly Names.

    Is that mandatory?

    • The simple answer is Yes

    Do I even need DNS turned on?

    • Yes – if your DNS is not turned on, you will not connect to anything by a Friendly Name – you will have to use an IP Address or Binary Numbers to connect to anything – not nice

    Will VPN work without DNS?

    • The simple answer is No it will not work.

     

    The best scenario is that you have your own Public IP Address with your own Public Domain Name.

    If you do, here is a nice way of advertising your VPN – vpn.yourpublicdomainname.com.

     

    If you do not have your own Public IP Address you will have to use DDNS (Dynamic Domain Name Service) to make the VPN work within reason – it works best with your own Public IP Address.