wellness-guiden
Level 1 (0 points)

Q: Cant use VPN... Then what to do?

I've tried to use it, with the build in lion server ap. But I can not connect to the ...

Although I have followed these instructions: http://www.youtube.com/watch?v=NjWO-5-nYKA&feature=g-user-u

 

Is there something that i have forgotten

Mac mini Server (Mid 2011), Mac OS X (10.7.4), Lion Server

Posted on Jun 2, 2012 3:03 PM

Close
wellness-guiden

Q: Cant use VPN... Then what to do?

  • All replies
  • Helpful answers

  • by Good-heart,

    Good-heart Good-heart Jun 3, 2012 12:26 AM in response to wellness-guiden
    Level 1 (35 points)
    Jun 3, 2012 12:26 AM in response to wellness-guiden

    What error message are you getting when you try to connect?

  • by wellness-guiden,

    wellness-guiden wellness-guiden Jun 3, 2012 12:33 AM in response to Good-heart
    Level 1 (0 points)
    Jun 3, 2012 12:33 AM in response to Good-heart

    it say "L2TP VPN server did not respond. Try to connect again. If the problem persists, check the settings and contact the administrator"

  • by Good-heart,

    Good-heart Good-heart Jun 3, 2012 12:38 AM in response to wellness-guiden
    Level 1 (35 points)
    Jun 3, 2012 12:38 AM in response to wellness-guiden

    I assume you are trying to connect from outside your network? Do you use a domain name or the external ip-adress of your server? Are you sure you have opened the right ports in your router?

  • by wellness-guiden,

    wellness-guiden wellness-guiden Jun 3, 2012 12:50 AM in response to Good-heart
    Level 1 (0 points)
    Jun 3, 2012 12:50 AM in response to Good-heart

    I actually get the problem on the internal and external networks. And the gates are set up right

  • by Good-heart,

    Good-heart Good-heart Jun 3, 2012 1:05 AM in response to wellness-guiden
    Level 1 (35 points)
    Jun 3, 2012 1:05 AM in response to wellness-guiden

    If you keep consol.app open while you are trying to connect, it should give you some information about what is going wrong.

  • by wellness-guiden,

    wellness-guiden wellness-guiden Jun 3, 2012 1:21 AM in response to Good-heart
    Level 1 (0 points)
    Jun 3, 2012 1:21 AM in response to Good-heart

    #Fields: date time s-comment

    2012-06-03 10:17:22 CEST          Loading plugin /System/Library/Extensions/PPTP.ppp

    #Start-Date: 2012-06-03 10:17:22 CEST

    #Fields: date time s-comment

    2012-06-03 10:17:22 CEST          Loading plugin /System/Library/Extensions/L2TP.ppp

    2012-06-03 10:17:22 CEST          Listening for connections...

    2012-06-03 10:17:22 CEST          Listening for connections...

    2012-06-03 10:20:07 CEST          Incoming call... Address given to client = 192.168.0.138

    Sun Jun  3 10:20:07 2012 : Directory Services Authentication plugin initialized

    Sun Jun  3 10:20:07 2012 : Directory Services Authorization plugin initialized

    Sun Jun  3 10:20:07 2012 : PPTP incoming call in progress from '94.191.186.41'...

    Sun Jun  3 10:20:08 2012 : PPTP connection established.

    Sun Jun  3 10:20:08 2012 : using link 0

    Sun Jun  3 10:20:08 2012 : Using interface ppp0

    Sun Jun  3 10:20:08 2012 : Connect: ppp0 <--> socket[34:17]

    Sun Jun  3 10:20:08 2012 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x578539c3> <pcomp> <accomp>]

    Sun Jun  3 10:20:08 2012 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x37ffc0a0> <pcomp> <accomp>]

    Sun Jun  3 10:20:08 2012 : lcp_reqci: returning CONFACK.

    Sun Jun  3 10:20:08 2012 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x37ffc0a0> <pcomp> <accomp>]

    Sun Jun  3 10:20:08 2012 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x578539c3> <pcomp> <accomp>]

    Sun Jun  3 10:20:08 2012 : sent [LCP EchoReq id=0x0 magic=0x578539c3]

    Sun Jun  3 10:20:08 2012 : sent [CHAP Challenge id=0x74 <754e20301a607643170765484c227141>, name = "server.martinhedegaard.dk"]

    Sun Jun  3 10:20:08 2012 : rcvd [LCP EchoReq id=0x0 magic=0x37ffc0a0]

    Sun Jun  3 10:20:08 2012 : sent [LCP EchoRep id=0x0 magic=0x578539c3]

    Sun Jun  3 10:20:08 2012 : rcvd [LCP EchoRep id=0x0 magic=0x37ffc0a0]

    Sun Jun  3 10:20:08 2012 : rcvd [CHAP Response id=0x74 <b97b2f714315e21d7d5e324169a3d49e0000000000000000a45625ab5d641f2dd014b8b746cfbf 296f3bc49e6e6096f900>, name = "martinhedegaard"]

    Sun Jun  3 10:20:08 2012 : DSAuth plugin: unsupported authen authority: recved ShadowHash;HASHLIST:<SALTED-SHA512,SMB-NT,CRAM-MD5,RECOVERABLE>, want ApplePasswordServer

    Sun Jun  3 10:20:08 2012 : sent [CHAP Success id=0x74 "S=EB91C0B903FF9A1264DF9AB0B3DC3758CF738ADA M=Access granted"]

    Sun Jun  3 10:20:08 2012 : CHAP peer authentication succeeded for martinhedegaard

    Sun Jun  3 10:20:08 2012 : DSAccessControl plugin: User 'martinhedegaard' authorized for access

    Sun Jun  3 10:20:08 2012 : MPPE required, but keys are not available.  Possible plugin problem?

    Sun Jun  3 10:20:08 2012 : sent [LCP TermReq id=0x2 "MPPE required but not available"]

    Sun Jun  3 10:20:08 2012 : Connection terminated.

    Sun Jun  3 10:20:08 2012 : Connect time 0.0 minutes.

    Sun Jun  3 10:20:08 2012 : Sent 0 bytes, received 0 bytes.

    Sun Jun  3 10:20:08 2012 : PPTP disconnecting...

    Sun Jun  3 10:20:08 2012 : PPTP disconnected

    2012-06-03 10:20:08 CEST             --> Client with address = 192.168.0.138 has hungup


  • by Good-heart,

    Good-heart Good-heart Jun 3, 2012 1:36 AM in response to wellness-guiden
    Level 1 (35 points)
    Jun 3, 2012 1:36 AM in response to wellness-guiden

    OK, what this reads, is that your connection works OK (9th line from the bottom), but you are not authenticated because of missing MPPE keys. (7th line from the bottom). Next step is to check your vpnd.log and see if there is a 'DSAuth: failed te retrieve MPPE ecnryption keys....' message for the user who is trying to connect.

     

    If so, go look http://support.apple.com/kb/HT4748 for a solution. You can find the short name for the vpn system user by going into Workgroup Manager->View->Show System Records.

  • by wellness-guiden,

    wellness-guiden wellness-guiden Jun 3, 2012 4:26 AM in response to Good-heart
    Level 1 (0 points)
    Jun 3, 2012 4:26 AM in response to Good-heart

    It give me back this error

     

    Setting policy for vpn_06b6baffc2d0

     

     

    ***Error: eDSAuthFailed : (-14090) for dsDoDirNodeAuth

     

     

    ***Error: eDSAuthFailed : (-14090) for dsDoDirNodeAuth

      Method = dsAuthMethodStandard:dsAuthSetPolicyAsRoot

  • by Good-heart,

    Good-heart Good-heart Jun 3, 2012 4:39 AM in response to wellness-guiden
    Level 1 (35 points)
    Jun 3, 2012 4:39 AM in response to wellness-guiden

    You're not alone: https://discussions.apple.com/thread/3233432?start=15&tstart=0

  • by wellness-guiden,

    wellness-guiden wellness-guiden Jun 4, 2012 4:43 AM in response to Good-heart
    Level 1 (0 points)
    Jun 4, 2012 4:43 AM in response to Good-heart

    GREAT... NOW DOES IT WORK :-D

     

    But how does i set op to allow more then one connection?

  • by Joseph Elwell,

    Joseph Elwell Joseph Elwell Sep 18, 2012 11:20 PM in response to Good-heart
    Level 1 (25 points)
    Sep 18, 2012 11:20 PM in response to Good-heart

    This worked for me. I also had to turn Encryption to Auto on my iPhone, rather than None.

    Thanks,

    Joseph Elwell.

  • by chrismillah,

    chrismillah chrismillah Jun 10, 2014 1:00 PM in response to wellness-guiden
    Level 1 (0 points)
    Jun 10, 2014 1:00 PM in response to wellness-guiden

    Having the same error message but different console log,

     

    I

     

    - setup by DNS and VPN with server.app (both services have green lights to indicate they are ready)

    - imported my VPN settings to my client machine

    - try to connect and receiving error message "L2TP VPN server did not respond. Try to connect again. If the problem persists, check the settings and contact the administrator"

     

     

    Any help would be greatly appreciated

     

     

     

     

    6/10/14 3:56:48.974 PM configd[17]: SCNC: start, triggered by (741) com.apple.prefe, type L2TP, status 0, trafficClass 0

    6/10/14 3:56:48.981 PM pppd[929]: publish_entry SCDSet() failed: Success!

    6/10/14 3:56:48.981 PM pppd[929]: publish_entry SCDSet() failed: Success!

    6/10/14 3:56:48.982 PM pppd[929]: pppd 2.4.2 (Apple version 727.90.1) started by cmiller, uid 502

    6/10/14 3:56:52.386 PM pppd[929]: L2TP connecting to server 'office.besentient.com' (10.0.1.100)...

    6/10/14 3:56:52.390 PM pppd[929]: IPSec connection started

    6/10/14 3:56:52.407 PM racoon[930]: accepted connection on vpn control socket.

    6/10/14 3:56:52.407 PM racoon[930]: Connecting.

    6/10/14 3:56:52.407 PM racoon[930]: IPSec Phase 1 started (Initiated by me).

    6/10/14 3:56:52.408 PM racoon[930]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).

    6/10/14 3:56:52.408 PM racoon[930]: >>>>> phase change status = Phase 1 started by us

    6/10/14 3:56:52.413 PM racoon[930]: >>>>> phase change status = Phase 1 started by peer

    6/10/14 3:56:52.413 PM racoon[930]: IKE Packet: receive success. (Initiator, Main-Mode message 2).

    6/10/14 3:56:52.417 PM racoon[930]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).

    6/10/14 3:56:52.424 PM racoon[930]: IKE Packet: receive success. (Initiator, Main-Mode message 4).

    6/10/14 3:56:52.440 PM racoon[930]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).

    6/10/14 3:56:55.677 PM racoon[930]: IKE Packet: transmit success. (Phase 1 Retransmit).

    6/10/14 3:56:55.681 PM racoon[930]: !!! skipped retransmitting frags: frag_flags 0, r->sendbuf->l 108, max 1280

    6/10/14 3:56:55.681 PM racoon[930]: Received retransmitted packet from 10.0.1.100[500].

    6/10/14 3:56:55.681 PM racoon[930]: the packet is retransmitted by 10.0.1.100[500].

    6/10/14 3:56:58.837 PM racoon[930]: IKE Packet: transmit success. (Phase 1 Retransmit).

    6/10/14 3:56:58.859 PM racoon[930]: !!! skipped retransmitting frags: frag_flags 0, r->sendbuf->l 108, max 1280

    6/10/14 3:56:58.859 PM racoon[930]: Received retransmitted packet from 10.0.1.100[500].

    6/10/14 3:56:58.859 PM racoon[930]: the packet is retransmitted by 10.0.1.100[500].

    6/10/14 3:57:01.906 PM racoon[930]: IKE Packet: transmit success. (Phase 1 Retransmit).

    6/10/14 3:57:02.153 PM racoon[930]: !!! skipped retransmitting frags: frag_flags 0, r->sendbuf->l 108, max 1280

    6/10/14 3:57:02.153 PM racoon[930]: Received retransmitted packet from 10.0.1.100[500].

    6/10/14 3:57:02.153 PM racoon[930]: the packet is retransmitted by 10.0.1.100[500].

    6/10/14 3:57:13.906 PM racoon[930]: IKE Packet: transmit success. (Phase 1 Retransmit).

    6/10/14 3:57:15.165 PM racoon[930]: !!! skipped retransmitting frags: frag_flags 0, r->sendbuf->l 108, max 1280

    6/10/14 3:57:15.165 PM racoon[930]: Received retransmitted packet from 10.0.1.100[500].

    6/10/14 3:57:15.165 PM racoon[930]: the packet is retransmitted by 10.0.1.100[500].

    6/10/14 3:57:22.412 PM pppd[929]: IPSec connection failed

    6/10/14 3:57:22.412 PM racoon[930]: IPSec disconnecting from server 10.0.1.100

    6/10/14 3:57:22.413 PM racoon[930]: glob found no matches for path "/var/run/racoon/*.conf"

  • by chrismillah,

    chrismillah chrismillah Jun 10, 2014 1:02 PM in response to Good-heart
    Level 1 (0 points)
    Jun 10, 2014 1:02 PM in response to Good-heart

    Good-heart  , would you please take a look at my console log in the above post ?

     

    I have been stuck for two days and not sure where my problem lies

  • by nikkiwork,

    nikkiwork nikkiwork Aug 18, 2014 7:20 AM in response to chrismillah
    Level 1 (0 points)
    Aug 18, 2014 7:20 AM in response to chrismillah

    Try removing special characters from your shared secret: Native iOS L2TP VPN not working on Lion Server

     

    I was having similar issues, and it's fixed now! No need to mess with racoon!

     

    NIK