SirAlmighty
Level 1 (0 points)

Q: 10.9.2 L2TP VPN Server does not work

OK so I have been poking around trying to get the **** VPN server up and running on my 10.9.1 OSX and Server 3.0.2 and for the life of me could not get it to work. I did not resort to the internet but I think I should have sooner. I saw the updates for 10.9.2 and 3.0.3 thinking well maybe it was a know issue and apple fixed it. Comes to find out it was a known issue and they released a sperate pathc to fix the issue with L2TP conneciton behind NAT

 

KB from apple on it

http://support.apple.com/kb/TS5313

http://support.apple.com/kb/TS5313

This is all great but I can not install the patch and the VPN still doesn't work. The patch installer is looking for 10.9.1 software and will not let me install becasue I have 10.9.2 now.  This is fustrating and want to know if anyone else know how to get around this and what the actaul patch did.

 

My issue si I can connect if I am using my lcoal network but as soon as I go out side my network it breaks and will nto allow me to connect. I can see the connections in the data logs but it errors out on the iPhone.

OS X Mavericks (10.9.2)

Posted on Feb 28, 2014 11:30 PM

Close
SirAlmighty

Q: 10.9.2 L2TP VPN Server does not work

  • All replies
  • Helpful answers

  • by cpragman,

    cpragman cpragman Mar 1, 2014 7:29 AM in response to SirAlmighty
    Level 2 (464 points)
    Servers Enterprise
    Mar 1, 2014 7:29 AM in response to SirAlmighty

    Make sure to actually launch the Server app after installing the update from the Apple Store.

    The first time you run Server app, a number of additional adjustments take place, and it might be that this is when the actual upgrade ot the feature you are having issue with occurs.

  • by shortysharp2,

    shortysharp2 shortysharp2 Mar 2, 2014 10:21 AM in response to cpragman
    Level 1 (0 points)
    Mar 2, 2014 10:21 AM in response to cpragman

    having same issue

    10.9.2 mavericks, (just tried a clean install, format and reinstall, and getting the same issue)

     

    My thread:

    https://discussions.apple.com/thread/5956245

     

    some info from terminal:

     

    sh-3.2# vpnd -x -d -i com.apple.ppp.l2tp

    2014-03-02 11:16:48 MST          Server 'com.apple.ppp.l2tp' starting...

    2014-03-02 11:16:48 MST          Loading plugin /System/Library/Extensions/L2TP.ppp

    2014-03-02 11:16:48 MST          L2TP plugin: first call to socket failed - attempting to load kext

  • by shortangrybloke,

    shortangrybloke shortangrybloke Mar 15, 2014 10:09 AM in response to SirAlmighty
    Level 1 (0 points)
    Mar 15, 2014 10:09 AM in response to SirAlmighty

    Identical issue here.

     

    Local connection to 10.9.2/3.0.3 works fine, but clients can't connect when the host is NAT'd.

    10.6.8 Server still works great both locally and NAT'd.

  • by ThePro PR,

    ThePro PR ThePro PR Mar 31, 2014 8:31 PM in response to SirAlmighty
    Level 1 (4 points)
    Notebooks
    Mar 31, 2014 8:31 PM in response to SirAlmighty

    Anyone find a solution yet?

     

    I have the same issue.

     

    I had a client a few months back with the same issue. I applied the patch mentioned on the original post and it fixed the issue.

     

    Now I have another client with the same issue, but this client updated to 10.9.2 before calling me. Now I cant apply the fix. Was this fix included in 10.9.2? Maybe the issue is something else?

     

    Help please.

     

    3/31/14 11:29:17.448 PM pppd[1270]: L2TP connecting to server 'hostname.com' (Public IP)...

    3/31/14 11:29:17.457 PM pppd[1270]: IPSec connection started

    3/31/14 11:29:17.470 PM racoon[1271]: accepted connection on vpn control socket.

    3/31/14 11:29:17.471 PM racoon[1271]: Connecting.

    3/31/14 11:29:17.471 PM racoon[1271]: IPSec Phase 1 started (Initiated by me).

    3/31/14 11:29:17.472 PM racoon[1271]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).

    3/31/14 11:29:17.472 PM racoon[1271]: >>>>> phase change status = Phase 1 started by us

    3/31/14 11:29:20.662 PM racoon[1271]: IKE Packet: transmit success. (Phase 1 Retransmit).

    3/31/14 11:29:23.931 PM racoon[1271]: IKE Packet: transmit success. (Phase 1 Retransmit).

    3/31/14 11:29:27.071 PM racoon[1271]: IKE Packet: transmit success. (Phase 1 Retransmit).

    3/31/14 11:29:27.473 PM pppd[1270]: IPSec connection failed

    3/31/14 11:29:27.474 PM racoon[1271]: IPSec disconnecting from server Public IP

    3/31/14 11:29:27.474 PM racoon[1271]: glob found no matches for path "/var/run/racoon/*.conf"

    3/31/14 11:29:41.313 PM LogMeInIgnition[1001]: Reachability Flag Status: -R ------- networkStatusForFlags

  • by der Mechaniker,

    der Mechaniker der Mechaniker May 7, 2014 10:57 PM in response to SirAlmighty
    Level 1 (0 points)
    May 7, 2014 10:57 PM in response to SirAlmighty

    I'm having a similar issue.

     

    OS 10.9.2 server 3.0.2

    All ports forwarded on my verizon router

     

    just plain old stumped.

     

    any help would be appreciated

  • by Ralston Champagnie,

    Ralston Champagnie Ralston Champagnie May 8, 2014 12:53 PM in response to ThePro PR
    Level 1 (109 points)
    Notebooks
    May 8, 2014 12:53 PM in response to ThePro PR

    Lots of folks including me had waited to deploy VPN both on the server as well as on the client under Mavericks and was surprised beyond any measure to find that 10.9.2 VPN issue...Apple had not fixed...**** Racoon! So, like you, I am at a standstill...and really don't want to use OpenVPN despite it's potential solution...(don't want what appears to be a web-based solution).

     

    The other nightmare is it seems VPN issues are everywhere...I just bought a used Cisco RVS4000 hoping to temperately resolve...only to find out it can't do L2TP over IPsec. So now I back to my Mikrotik...is there any rest for the wicked (VPN)?

  • by John Lockwood,

    John Lockwood John Lockwood May 9, 2014 2:23 AM in response to SirAlmighty
    Level 6 (9,384 points)
    Servers Enterprise
    May 9, 2014 2:23 AM in response to SirAlmighty

    It was my impression that the same standalone (for 10.9.1) VPN fix was built-in to 10.9.2/Server 3.1. As it happens my own OS X VPN Server has a non-NATed address so I do not hit this problem.

     

    As a perhaps more constructive suggestion, you could consider setting up a Linux virtual machine to run Racoon and act as your VPN server. I have done this also and linked it via LDAP to Open Directory for authentication. I have also been able to do the same with StrongSwan. I did however do this so I could run a Cisco IPSec compatible VPN server rather than L2TP. It works fine with the built-in Cisco IPSec client on both Mac and iOS.

     

    Note: Apple's own Racoon implementation does not support Cisco IPSec.

  • by Scotsam,

    Scotsam Scotsam Dec 22, 2014 10:06 AM in response to SirAlmighty
    Level 1 (0 points)
    Dec 22, 2014 10:06 AM in response to SirAlmighty

    I had the same problem. In my case, it turned out that I had enabled "Back to my Mac" in my Airport Extreme. Even though all the correct VPN ports were forwarding to the server, until I disabled "Back to my Mac" and restarted the router, I could only get a VPN connection to work when on my local network.

  • by spencerdiniz,

    spencerdiniz spencerdiniz Sep 3, 2015 3:01 PM in response to Scotsam
    Level 1 (0 points)
    Sep 3, 2015 3:01 PM in response to Scotsam

    Thanks for this... I was having issues with VPN connectivity also. Disabled "Back to my Mac" and it seems to be working fine now. Lets see if it'll last.

  • by sperry1975,

    sperry1975 sperry1975 Oct 4, 2015 12:36 PM in response to spencerdiniz
    Level 1 (10 points)
    Desktops
    Oct 4, 2015 12:36 PM in response to spencerdiniz

    I disabled back to my mac on both Apple computers that I'm trying to use VPN between and still no luck.