xoxorockoutloud123

Q: VPN clients can not connect. (Clients have hung up?)

I am running a Mac Mini 2012 Server for a VPN service. I tried setting it up with a domain name, and a very simple shared secret, operating on L2TP and PPTP. I am almost 100% sure that everything has been set up correctly. However, when I try to connect to my VPN (by configuration profile and inputting the settings manually), my devices state that the VPN server failed to respond. This occurs on both my local connection and outside my network.

 

Inspecting the VPN logs on my server, I notice that it keeps saying that the client has hung up. Here is the logs from a couple days ago

 

2014-06-02 15:34:18 PDTLoading plugin /System/Library/Extensions/L2TP.ppp

#Start-Date: 2014-06-02 15:34:18 PDT

#Fields: date time s-comment

2014-06-02 15:34:18 PDTLoading plugin /System/Library/Extensions/PPTP.ppp
2014-06-02 15:34:22 PDTListening for connections...
2014-06-02 15:34:26 PDTListening for connections...
2014-06-02 22:32:07 PDTIncoming call... Address given to client = 192.168.1.236
2014-06-02 22:32:07 PDT   --> Client with address = 192.168.1.236 has hungup
2014-06-04 22:31:19 PDTIncoming call... Address given to client = 192.168.1.237
2014-06-04 22:31:19 PDT   --> Client with address = 192.168.1.237 has hungup
2014-06-06 22:30:32 PDTIncoming call... Address given to client = 192.168.1.238
2014-06-06 22:30:32 PDT   --> Client with address = 192.168.1.238 has hungup
2014-06-08 22:29:44 PDTIncoming call... Address given to client = 192.168.1.239
2014-06-08 22:29:44 PDT   --> Client with address = 192.168.1.239 has hungup
2014-06-09 19:29:22 PDTIncoming call... Address given to client = 192.168.1.205
2014-06-09 19:29:22 PDT   --> Client with address = 192.168.1.205 has hungup
2014-06-09 19:29:22 PDTIncoming call... Address given to client = 192.168.1.206
2014-06-09 19:29:22 PDT   --> Client with address = 192.168.1.206 has hungup
2014-06-09 19:29:24 PDTIncoming call... Address given to client = 192.168.1.207
2014-06-09 19:29:24 PDT   --> Client with address = 192.168.1.207 has hungup
2014-06-09 19:29:28 PDTIncoming call... Address given to client = 192.168.1.208
2014-06-09 19:29:28 PDT   --> Client with address = 192.168.1.208 has hungup
2014-06-09 19:29:32 PDTIncoming call... Address given to client = 192.168.1.209
2014-06-09 19:29:32 PDT   --> Client with address = 192.168.1.209 has hungup
2014-06-09 19:29:36 PDTIncoming call... Address given to client = 192.168.1.210
2014-06-09 19:29:36 PDT   --> Client with address = 192.168.1.210 has hungup
2014-06-09 19:29:40 PDTIncoming call... Address given to client = 192.168.1.211

 

I have tried restarting the VPN service multiple times and even reinstalled Server completely.

 

Can someone please help me fix this as I am leaving town soon but need access to my local network?

Mac mini, OS X Mavericks (10.9.3), Running Mac Server

Posted on Jun 14, 2014 11:55 AM

Close

Q: VPN clients can not connect. (Clients have hung up?)

  • All replies
  • Helpful answers

Page 1 Next
  • by MrHoffman,

    MrHoffman MrHoffman Jun 14, 2014 1:00 PM in response to xoxorockoutloud123
    Level 6 (15,637 points)
    Mac OS X
    Jun 14, 2014 1:00 PM in response to xoxorockoutloud123

    192.168.1.0/24 is a very widely used subnet (as is 192.168.0.0/24), and VPN connections are based on IP routing, and IP routing won't work right with the same subnet on both ends of the VPN connection.  Are you possibly attempting to connect from a remote network in the same subnet?

     

    Which version of OS X Server and OS X?  Server.app 3.1.2 and Mavericks 10.9.3?

     

    If you want to try to use the VPN service locally, you'll likely need to configure the VPN client to route all traffic over the VPN.  (Otherwise, you've got a second network path to the destination host and to the destination subnet, and things'll get tangled.)

  • by Linc Davis,

    Linc Davis Linc Davis Jun 14, 2014 1:56 PM in response to xoxorockoutloud123
    Level 10 (208,000 points)
    Applications
    Jun 14, 2014 1:56 PM in response to xoxorockoutloud123

    What is logged on the clients?

  • by cpragman,

    cpragman cpragman Jun 14, 2014 5:05 PM in response to xoxorockoutloud123
    Level 2 (464 points)
    Servers Enterprise
    Jun 14, 2014 5:05 PM in response to xoxorockoutloud123

    Try configuring your server to give out VPN addresses in a different range, such as 192.168.2.xxx

  • by xoxorockoutloud123,

    xoxorockoutloud123 xoxorockoutloud123 Jun 14, 2014 9:34 PM in response to MrHoffman
    Level 1 (0 points)
    Jun 14, 2014 9:34 PM in response to MrHoffman

    I don't believe they are on the same subnet. I am using 3.1.2 and 10.9.3. I had everything updated a while ago. I put my iPhone and Mac both into "Send All Traffic" but they still will not connect.

     

    On the client's ppp.log file, it shows this

     

    Sat Jun 14 21:29:41 2014 : L2TP connecting to server 'felixjen.com' (75.83.255.61)...

    Sat Jun 14 21:29:44 2014 : IPSec connection started

    Sat Jun 14 21:29:45 2014 : IPSec connection established

    Sat Jun 14 21:30:05 2014 : L2TP cannot connect to the server

    Sat Jun 14 21:31:42 2014 : L2TP connecting to server 'felixjen.com' (75.83.255.61)...

    Sat Jun 14 21:31:45 2014 : IPSec connection started

    Sat Jun 14 21:31:46 2014 : IPSec connection established

    Sat Jun 14 21:32:06 2014 : L2TP cannot connect to the server

     

    on two attempts to connect.

     

    Changing the VPN address range has no effect. It still does not let me connect via either local or remote network from any device!

  • by Linc Davis,

    Linc Davis Linc Davis Jun 14, 2014 10:39 PM in response to xoxorockoutloud123
    Level 10 (208,000 points)
    Applications
    Jun 14, 2014 10:39 PM in response to xoxorockoutloud123

    One possible cause of this issue is that "Back to My Mac" is active either on the server or on the client. Another possibility is that UDP port 1701 is blocked by an internal firewall.

  • by dwbrecovery,

    dwbrecovery dwbrecovery Jun 15, 2014 1:40 AM in response to xoxorockoutloud123
    Level 3 (596 points)
    Servers Enterprise
    Jun 15, 2014 1:40 AM in response to xoxorockoutloud123

    Hi xoxorockoutloud123,

    I've noticed you have another discussion going on your Airport Extreme:

    https://discussions.apple.com/thread/6381578

     

    Now, is the Airport Extreme visible in Server.app and has it enabled VPN access to the internet?

    There should be a prompt when you restart the VPN service.

    Is the issue of not having your port settings persistent in the AE ( Airport Extreme ) continuing?

     

    If the port settings aren't persistent in your AE, then the VPN will not accept connections.

    Linc's post is a good starting point to start resolving  the issues.

     

    Cheers

  • by xoxorockoutloud123,

    xoxorockoutloud123 xoxorockoutloud123 Jun 15, 2014 8:42 AM in response to dwbrecovery
    Level 1 (0 points)
    Jun 15, 2014 8:42 AM in response to dwbrecovery

    The AirPort Extreme is visible and in the Server App, the port looks to be correctly forwarded. However, after a reboot, the ports drop so I re-add them.

     

    I believe Back to My Mac is on for one of my clients. I will check up on that! I think 1701 is correctly forwarded because I did it right from the server app.

  • by MrHoffman,

    MrHoffman MrHoffman Jun 15, 2014 8:46 AM in response to xoxorockoutloud123
    Level 6 (15,637 points)
    Mac OS X
    Jun 15, 2014 8:46 AM in response to xoxorockoutloud123

    Back To My Mac is incompatible with VPN traffic, and must be disabled on the AirPort and Time Capsule devices.

     

    I prefer to avoid having Server.app control the AirPort and Time Capsule devices, as there've been issues with that over the years, and also as I'd really rather not have anything that's messing around with the firewall configuration without it being me that's knowingly and explicitly logging into and messing with the firewall configuration.

  • by dwbrecovery,

    dwbrecovery dwbrecovery Jun 15, 2014 9:06 AM in response to MrHoffman
    Level 3 (596 points)
    Servers Enterprise
    Jun 15, 2014 9:06 AM in response to MrHoffman

    Servers running OS X, AE and Server.app haven't had any operating issues since 10.9.1 plus VPN patch.  Logging as well haven't indicated anything of mischief.   But then only have run with config. for less than a year.    Not disagreeing, but sharing what has happened...  

  • by dwbrecovery,

    dwbrecovery dwbrecovery Jun 15, 2014 9:41 AM in response to xoxorockoutloud123
    Level 3 (596 points)
    Servers Enterprise
    Jun 15, 2014 9:41 AM in response to xoxorockoutloud123

    - Looking at your 1st post, the log indicates that L2TP and PPTP are enabled.  Check that port 1723 TCP/UDP is also forwarded in AE.

    - Also check that "Enable NAT Port Mapping Protocol" is enabled

    and the default host is set to your internal server IP. 

    - Use Airport Utility -> File -> Export Configuration File to save current config before proceeding.

     

    Are both L2TP and PPTP not functioning?

  • by xoxorockoutloud123,

    xoxorockoutloud123 xoxorockoutloud123 Jun 15, 2014 9:56 AM in response to MrHoffman
    Level 1 (0 points)
    Jun 15, 2014 9:56 AM in response to MrHoffman

    I disabled Back to my Mac by removing my Apple ID from the Airport. Still no luck.

     

    As per dwb's instructions, everything seems to be forwarded correctly. I also have the NAT checked and added the Internet server IP.

     

    However, neither L2TP or PPTP are functioning. It's quite strange. Even tried restarting VPN a couple of times. I believe that the client is making a successful connection to the server but then refuses to take the address given. Am I right?

  • by dwbrecovery,

    dwbrecovery dwbrecovery Jun 15, 2014 10:01 AM in response to xoxorockoutloud123
    Level 3 (596 points)
    Servers Enterprise
    Jun 15, 2014 10:01 AM in response to xoxorockoutloud123

    - Is the vpn log similar to your original post after L2TP and PPTP checks?

    - Do the logs on the clients indicate where the issue is?

  • by Linc Davis,

    Linc Davis Linc Davis Jun 15, 2014 10:01 AM in response to xoxorockoutloud123
    Level 10 (208,000 points)
    Applications
    Jun 15, 2014 10:01 AM in response to xoxorockoutloud123

    If the application firewall is active on either the server or the client, disable it. Otherwise, start both in safe mode and test.

     

    NAT-PMP has nothing to do with VPN and should not be enabled unless you have some other reason for doing so.

  • by xoxorockoutloud123,

    xoxorockoutloud123 xoxorockoutloud123 Jun 16, 2014 10:35 AM in response to dwbrecovery
    Level 1 (0 points)
    Jun 16, 2014 10:35 AM in response to dwbrecovery

    The logs on the server are the exact same. The client logs are not very helpful either.

     

    Ok I disabled NAT. Fireware was never on. Safe mode yields the same results.

Page 1 Next