network adminfromnijmegen
Level 1 (6 points)
Servers Enterprise

Q: VPN no longer connecting on OSX Server

A few weeks ago I set up a local network controlled by a single mac mini on which I installed the OSX Server app. I had it all configured, and it seemed to be working.

 

2 days ago I updated the Server app to version 5.2.

 

Since then I have been unable to create new VPN connections from imacs outside the local network. Nothing in the configuration has changed. On connecting, the client first asks for a username/password (so I'm assuming an initial connection has been made), but after supplying this, the client runs for a few seconds and returns "The L2TP-VPN-server is not responding. Please try to reconnect.".

 

The odd thing is that when I'm on the local network I can use the VPN tunnel without any problems. From outside, it no longer works. However, I can still connect to the webserver, so I'm assuming there is nothing wrong with the DNS, nor with the actual username/password of the user.

 

Looking at the server logs I see a ton of messages from outside users trying to break in, perhaps this has something to do with it? I mean messages like:

Sep 28 14:11:45 --- last message repeated 3 times ---

Sep 28 14:11:45 server-1 ARDAgent[292]: Packet length invalid. Got 0 should be -4

Sep 28 14:11:45 server-1 ARDAgent[292]: MassagePacket failed.

Sep 28 14:11:45 server-1 kernel[0]: l2tp_rfc_lower_input mbuf_pullup len 8 failed 12

Sep 28 14:11:45 server-1 com.apple.xpc.launchd[1] (com.apple.screensharing[61839]): Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.screensharing.server

Sep 28 14:11:45 server-1 sshd[61838]: Did not receive identification string from 17.151.38.200

Sep 28 14:11:45 server-1 com.apple.xpc.launchd[1] (com.openssh.sshd.54E77ED0-00F1-428E-9EFE-1D3CCB818784[61838]): Service exited with abnormal code: 255

Sep 28 14:12:01 server-1 sshd[61843]: error: PAM: authentication error for root from 221.229.172.76 via 192.168.2.10

Sep 28 14:12:02 --- last message repeated 2 times ---

OSX Server 5.2 (build 16S1195)

Posted on Sep 28, 2016 5:29 AM

Close
network adminfromnijmegen

Q: VPN no longer connecting on OSX Server

  • All replies
  • Helpful answers

  • by dwbrecovery,

    dwbrecovery dwbrecovery Sep 28, 2016 7:42 AM in response to network adminfromnijmegen
    Level 3 (662 points)
    Servers Enterprise
    Sep 28, 2016 7:42 AM in response to network adminfromnijmegen

    Hi,

    - Check the VPN Logs:   Server.app -> Logs  Select at the bottom left  -> VPN Service Log.

    Look for entries "Incoming call" and follow the log for local and external client.  Any clues with external clients?

     

    - Also check Console.app on the Server and search for process racoon.  Compare local and external client connections.   Which macOS?   ElCap or Sierra?

     

    hth

    cheers, dwbrecovery 

  • by squirrelist,

    squirrelist squirrelist Oct 3, 2016 12:21 PM in response to dwbrecovery
    Level 1 (24 points)
    Servers Enterprise
    Oct 3, 2016 12:21 PM in response to dwbrecovery

    I am having this same problem after upgrading to macOS Server 5.2. I'm running El Capitan 10.11.6.

     

    Additionally, I've noticed that I cannot change the Shared Secret on the server. And I cannot turn VPN services off. If I try I get some strange entries in my system log:

     

    Oct  3 15:00:47 alice com.apple.SecurityServer[109]: Stating rules file "/etc/authorization": No such file or directory

    Oct  3 15:00:47 alice com.apple.SecurityServer[109]: Authorization via securityd no longer supported

     

    In response to dwbrecovery, In my VPN log I don't get any entries when I try connecting. It just says it's "Listening for connection", an entry from when I booted the server. I do, however, get the same entries the OP mentioned in my server log, so something is connecting.

     

    In my system log here is a filtered list of the entries that mention racoon when I try to connect:

     

    10/3/16 3:17:03.927 PM racoon[382]: !!! skipped retransmitting frags: frag_flags 0, r->sendbuf->l 148, max 1280

    10/3/16 3:17:03.927 PM racoon[382]: !!! skipped retransmitting frags: frag_flags 0, r->sendbuf->l 148, max 1280

    10/3/16 3:17:03.927 PM racoon[382]: Received retransmitted packet from [MY IP][500].

    10/3/16 3:17:03.927 PM racoon[382]: Received retransmitted packet from [MY IP][500].

    10/3/16 3:17:03.927 PM racoon[382]: the packet is retransmitted by [MY IP][500].

    10/3/16 3:17:03.927 PM racoon[382]: the packet is retransmitted by [MY IP][500].

    10/3/16 3:17:03.936 PM racoon[382]: ignore the packet, received unexpecting payload type 1.

    10/3/16 3:17:03.937 PM racoon[382]: ignore the packet, received unexpecting payload type 1.

    10/3/16 3:17:03.937 PM racoon[382]: IKE Packet: receive failed. (Responder, Main-Mode Message 3).

    10/3/16 3:17:04.029 PM racoon[382]: IKE Packet: transmit success. (Phase 1 Retransmit).

    10/3/16 3:17:04.036 PM racoon[382]: ignore the packet, received unexpecting payload type 1.

    10/3/16 3:17:04.037 PM racoon[382]: ignore the packet, received unexpecting payload type 1.

    10/3/16 3:17:04.037 PM racoon[382]: IKE Packet: receive failed. (Responder, Main-Mode Message 3).

    10/3/16 3:17:07.156 PM racoon[382]: !!! skipped retransmitting frags: frag_flags 0, r->sendbuf->l 148, max 1280

    10/3/16 3:17:07.156 PM racoon[382]: !!! skipped retransmitting frags: frag_flags 0, r->sendbuf->l 148, max 1280

    10/3/16 3:17:07.157 PM racoon[382]: Received retransmitted packet from [MY IP][500].

    10/3/16 3:17:07.157 PM racoon[382]: Received retransmitted packet from [MY IP][500].

    10/3/16 3:17:07.157 PM racoon[382]: the packet is retransmitted by [MY IP][500].

    10/3/16 3:17:07.157 PM racoon[382]: the packet is retransmitted by [MY IP][500].

    10/3/16 3:17:07.166 PM racoon[382]: ignore the packet, received unexpecting payload type 1.

    10/3/16 3:17:07.166 PM racoon[382]: ignore the packet, received unexpecting payload type 1.

    10/3/16 3:17:07.166 PM racoon[382]: IKE Packet: receive failed. (Responder, Main-Mode Message 3).

    10/3/16 3:17:07.326 PM racoon[382]: IKE Packet: transmit success. (Phase 1 Retransmit).

    10/3/16 3:17:07.337 PM racoon[382]: ignore the packet, received unexpecting payload type 1.

    10/3/16 3:17:07.337 PM racoon[382]: ignore the packet, received unexpecting payload type 1.

    10/3/16 3:17:07.337 PM racoon[382]: IKE Packet: receive failed. (Responder, Main-Mode Message 3).