-
All replies
-
Helpful answers
-
Apr 2, 2015 3:06 PM in response to michaelsmithcomputersby Loner T,Are you able trace the VPN packets from outside through your router and firewall(s)?
You may also want to post in Mac OS X Lion Server and macOS Server.
Please also see
OS X Server (Mavericks): Clients cannot connect to VPN service using L2TP - Apple Support
OS X Server: How to connect to VPN service from Windows - Apple Support
-
Apr 2, 2015 3:49 PM in response to Loner Tby michaelsmithcomputers,How would i trace the VPN packets?
-
Apr 2, 2015 4:04 PM in response to michaelsmithcomputersby michaelsmithcomputers,The links did not help because I am using Mountain Lion server, not Mavericks server. The Mac i am trying to connect to the vpn is on Mavericks version 10.9.5.
-
Apr 2, 2015 4:36 PM in response to michaelsmithcomputersby Loner T,If you have a port-mirroring switch (I use a Netgear GS105E), it is very handy.
This is the typical configuration for a VPN. Let us assume L2TP.
VPN Client (L2TP) -> WAN Router/Firewall (Outside) -> LAN Port Forwarding (inside) -> VPN Server (LNS = OS X server).
You may not be able decrypt packets, but you can see outer headers. If the WAN Router/Gateway has port mirroring functions, you can watch incoming packets at the WAN Interface. The Router/Gateway should just forward packets to the designated Port/IP.
If the packets make it past the Router/Gateway, the Server configuration should be checked. Temporarily, you can turn off the firewall and see if you can get to the OS X server. It will help in pinpointing where the issue might be. Shared secrets should also be checked.
If you are able to VPN from inside, it is a very strange configuration. Usually coming from inside to inside is not permitted.
If the clients and servers use the same intranet addresses, for example the client uses 192.168.x.x and the server is also on 192.168.x.x, you will run into issues. You may need to reserve address space for VPN clients.
-
Apr 2, 2015 5:42 PM in response to Loner Tby michaelsmithcomputers,I can't find anything with port mirroring in the router. I have no firewall installed or firewall/other security software installed or configured on the server. I am not sure what you mean by reserve address space. My computer has an ipv4 of 192.168.1.17 and the server had 192.168.1.16. If I type the ipv4 of the server into the server address field when trying to connect to the vpn in system preferences, it connects and works fine.
-
Apr 2, 2015 6:11 PM in response to michaelsmithcomputersby Loner T,Are you certain you are connecting from inside to inside via a VPN? If the L2TP tunnel has IP addresses which are the same inside and outside the tunnel, routing can be very confusing, and with NAT/PAT, it can fail.