VPN Setup

Not a change really, but I did notice that the upgrade process deleted a Unix script I'd created to allow only certain ip address ranges to be sent through the VPN.

OK - this is how you can fix the problem.

make a backup copy of your network id pref list, perhaps using the command line as below from a terminal window.

cp /Library/Preferences/SystemConfiguration/com.apple.network.idenfication.plist /Library/Preferences/SystemConfiguration/com.apple.network.idenfication.plist.o ld

open Library/Preferences/SystemConfiguration/com.apple.network.idenfication.plist using a TEXT editor or something similar.

Open the network settings screen where your VPN is listed (under System Preferences) and make a note of your VPN settings. Then delete the VPN using the "-" button and click Apply.

In the com.apple.network.idenfication.plist you will see the the defintion for the VPN settings a little like thus:

<dict>
<key>Signatures</key>
<array>
<dict>
<key>Identifier</key>
<string>VPN.RemoteAddress=myvpn.domain.com</string>
<key>Services</key>

then lots of settings info, and ending with the definition of a new service

</array>
<key>Signature</key>
<string>VPN.RemoteAddress=myvpn.domain.com</string>
<key>Timestamp</key>
<date>2009-09-01T06:42:53Z</date>
</dict>
<dict>
<key>Identifier</key>

Delete everything and including between the <dict> and </dict> for this Identifier and this will remove the VPN settings and leave all the others intact.

Save the file.

Now go back to your network settings screen and re add the you VPN and it will work once again as it did before.

Has anyone tried this? Seems like a complex way to fix this issue?

I also can't connect with the standard VPN client. Tried the suggested solution, no show.

Using my iMac's 10.5 over the same network there's no problem. I'm not too pleased with SL so far.

The extended logging shows:
Thu Sep 10 17:20:12 2009 : PPTP connecting to server '[myserverip]' ([myserverip])...
Thu Sep 10 17:20:12 2009 : PPTP connection established.
Thu Sep 10 17:20:12 2009 : using link 0
Thu Sep 10 17:20:12 2009 : Using interface ppp0
Thu Sep 10 17:20:12 2009 : Connect: ppp0 <--> socket[34:17]
Thu Sep 10 17:20:12 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x717b6286> <pcomp> <accomp>]
Thu Sep 10 17:20:13 2009 : rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
Thu Sep 10 17:20:13 2009 : sent [LCP ConfReq id=0x2 <magic 0x717b6286>]
Thu Sep 10 17:20:13 2009 : rcvd [LCP ConfAck id=0x2 <magic 0x717b6286>]
Thu Sep 10 17:20:16 2009 : sent [LCP ConfReq id=0x2 <magic 0x717b6286>]
Thu Sep 10 17:20:17 2009 : rcvd [LCP ConfAck id=0x2 <magic 0x717b6286>]
Thu Sep 10 17:20:19 2009 : sent [LCP ConfReq id=0x2 <magic 0x717b6286>]
Thu Sep 10 17:20:19 2009 : rcvd [LCP ConfAck id=0x2 <magic 0x717b6286>]
etc...

until it breaks. Would love a fix!

What worked for me was to create a custom configuration although I usually leave it at Default, because I keep each VPN server as a separate service so I’m able connect to multiple servers simultaneously.

The problem existed with two out of six servers running Mac OS X Server 10.5.8 and a MacBook Pro running Mac OS X 10.6.1. The same MacBook Pro running Mac OS X 10.5.8 was able to connect without problems.

There is no obvious difference in between the servers. All have dynamic IP addresses, are an Open Directory master, only have L2TP over IPsec turned on, authenticate through MS-CHAPv2 and have their client information fields filled with the internal DNS servers and a custom search domain.

Clearing the client information fields in Server Admin, as was suggested on another thread, did not fix the problem. Removing the VPN service, clearing left over information in the appropriate .plist file and re-creating the VPN service on the client, also didn’t help.

I got it working after installing 10.6.1 and completely removing the network plist. Just created a new VPN connection and all is well again. I'm not sure which of the two steps cured it though.

I had an issue where my router's DNS (pointed to OpenDNS) was used first, before the DNS of my VPN (using Snow Leopard Cisco VPN).

Flushing the cache, reordering the services (in System preferences), etc, nothing worked.
I have now resolved it manually by specifying the DNS servers for the interfaces in the order I want.

So, when I connect via AirPort I use this :

sudo networksetup -setdnsservers AirPort VPN DNS_ServerIP VPN DNS_ServerIP2 OpenDNS ServerIP

I can confirm that this is what I want with :
scutil --dns

I then get this :

DNS configuration

resolver #1
search domain[0] : WORKDMAIN.COM
nameserver[0] : CORRECT NAMESERVER1IP
nameserver[1] : CORRECT NAMESERVER2IP
nameserver[2] : 208.67.222.222
order : 200000

Note : nameserver[2] : 208.67.222.222 = OpenDNS

Hopefully this is fixed in 10.6.2

I have the same problem and tried all of your solutions. The problem persists.

scutil --dns tells me that the DNS servers are changed, but apparently it still cannot resolve anything.

Would be great if anyone had another idea.

Cheers

I have the same problem and tried all of your solutions. The problem persists.

scutil --dns tells me that the DNS servers are changed, but apparently it still cannot resolve anything.

Would be great if anyone had another idea.

Cheers

I have the same problem...I think VPN is broken at least on one side...

I can get it to work INSIDE the network (and since it works, Apple Care washes their hands of the issue). But I am unable to get connected from outside the network.

I have opened the proper ports in my router (using PPTP since the router won't support L2TP without a $500 add-on package which I think won't work anyhow if the VPN is broken)...according to the Network Services PDF (which, BTW, has a typo for setting up ports on the router...so you have to refer to the "Well Known Ports" document) but I'm not sure if I'm still not opening the right ports.

My router folks have verified that the traffic is getting through the router, but there is absolutely NO RESPONSE from the server. When I look at the VPN logs the server is "listening", but DEAF (IMHO).

I really don't know where to go from here except that the router folks said I should do a packet capture but I have to go back to Astro-Physics 500 to figure out how to run the packet capture software and I'm worried it will crap up my server anyhow. But what the heck...life is short and art is long...

I'll let you know how it works out.

John

Message was edited by: admin@countryschool.org

Well, it's not...broken, that is.

Turns out that my router policies were out of order. I also had the server using the wrong gateway.

Experiencing same issues/symptoms as described above. It started occurring after updating from 10.5 to 10.6 (also in the 10.6.2 revision).