User profile for user: ruggiero
ruggiero Author
User level: Level 1
140 points

VPN issues with Snow Leo client against Tiger Server

I have installed Snow Leopard on my Mac Book Pro and now have an issue with network routing when I connect L2TP VPN to a Tiger server.

VPN is configured to not route all traffic over VPN. This has worked nicely for the last 2+ years. When I am at home or at a customers site I connect VPN to my office Tiger Server. No problem leaving the connection on for intranet access and at the same time access the internet directly.

However since installing Snow Leopard client this does not work any more. Whenever I try to connect to the internet (e.g. try to browse with Safari) I get the message "You are not connected to the Internet" while at the same time I browse my VPN'ed intranet and access afp shares and a private mail server over this channel. As soon as I disconnect VPN internet access is restored. I have checked in VPN prefs that the checkbox "route all traffic..." is still unchecked. I even toggled it on, then off again, but nothing happened. Interestingly some times I get the message that Safari cannot find the server, and sometimes, although very rarely, I can actually connect to a server on the outside. I think these are servers whose address is still in the cache so that no DNS lookup is needed. The whole behavior reeks like some DNS issues, but I may be wrong.

Well, from here on I need help. It has worked for the last 2 years and now stopped. The only new thing in the game is Leopard client upgraded to Snow Leopard. Thus I think there must be something in the new OS that causes the problems. But what? And how can I fix it?

Any help very much appreciated
---markus---

MacBook Pro 15", Mac OS X (10.6)

Posted on Sep 3, 2009 12:49 AM

Reply
3 replies
User profile for user: Marty Boegner
Marty Boegner
User level: Level 1
90 points

Sep 14, 2009 4:29 PM in response to ruggiero

I've had similar problems with a Tiger Server (OS X Server v10.4.11 on a PPC Server) and a Snow Leopard MacBook Pro running OS X v10.6.0, and now 10.6.1.

Actually my symptoms are worse, but this combination of search terms brought me here. I get no connection at all. There is no record in the server logs of an attempt. Nothing has changed in my firewall, DNS/IP addresses are clean and accurate. My laptop sees the following in the /var/log/ppp.log:

Thu Sep 10 09:43:03 2009 : L2TP connecting to server '69.243.15.237' (69.243.15.237)...
Thu Sep 10 09:43:03 2009 : IPSec connection started
Thu Sep 10 09:43:03 2009 : IPSec phase 1 client started
Thu Sep 10 09:43:13 2009 : IPSec connection failed


I've stopped and started the service on the server. I updated the server (I had >300 days of uptime so I was a bit behind on updates). I re-verified all the l2tp settings. I have verbose logging checked, and this is all I see in the /var/log/ppp/vpnd.log file on the server

#Start-Date: 2009-09-01 14:31:20 EDT
#Fields: date time s-comment
2009-09-01 14:31:20 EDT Loading plugin /System/Library/Extensions/L2TP.ppp
2009-09-01 14:31:23 EDT Listening for connections...


I'm stumped. I have a backup of the laptop's drive before I updated, I need to blast it onto an external drive to boot the MBP and test the old 10.5 install. Other than that, I'm at a loss.

Suggestions?
Reply
User profile for user: sdrong
sdrong
User level: Level 1
0 points

Sep 16, 2009 11:59 AM in response to Marty Boegner

I'm having the same issue as Marty, Our L2TP connection is failing to connect in IPSec phase1 to Tiger server's vpn server. We have 3 vpn servers here and they all worked find with leopard clients, but it appears snow leopard clients are having some sort of connection issue to tiger servers, snow leopard to leopard servers still connection without issue. I've also tested this under iPhone 3.1 with same effect. So something was changed in the way the handshaking was done between leopard and snow leopard(and iPhone 3.1). Is anyone able to shed some light on this change with perhaps a workaround? other then converting all your vpn servers to 10.5.8
Reply
User profile for user: purpledagger
purpledagger
User level: Level 1
0 points

Oct 8, 2009 11:13 AM in response to ruggiero

I have a similar problem, except Snow Leopard client (MacBook Pro) to Leopard server (G4).
VPN connection worked fine when client was using Leopard. Following is the detailed log for the connection attempt (as seen by the client). Can anyone decipher the problem?
Initially the connection proceeds normally and passes authentication, but seems to go off the rails while negotiating the detailed protocol.

Thu Oct 8 09:59:38 2009 : L2TP connecting to server '192.168.0.22' (192.168.0.22)...
Thu Oct 8 09:59:38 2009 : IPSec connection started
Thu Oct 8 09:59:38 2009 : IPSec phase 1 client started
Thu Oct 8 09:59:38 2009 : IPSec phase 1 server replied
Thu Oct 8 09:59:39 2009 : IPSec phase 2 started
Thu Oct 8 09:59:39 2009 : IPSec phase 2 established
Thu Oct 8 09:59:39 2009 : IPSec connection established
Thu Oct 8 09:59:39 2009 : L2TP sent SCCRQ
Thu Oct 8 09:59:39 2009 : L2TP received SCCRP
Thu Oct 8 09:59:39 2009 : L2TP sent SCCCN
Thu Oct 8 09:59:39 2009 : L2TP sent IRCQ
Thu Oct 8 09:59:39 2009 : L2TP received ICRP
Thu Oct 8 09:59:39 2009 : L2TP sent ICCN
Thu Oct 8 09:59:39 2009 : L2TP connection established.
Thu Oct 8 09:59:39 2009 : using link 0
Thu Oct 8 09:59:39 2009 : Using interface ppp0
Thu Oct 8 09:59:39 2009 : Connect: ppp0 <--> socket[34:18]
Thu Oct 8 09:59:39 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4eaed7b4> <pcomp> <accomp>]
Thu Oct 8 09:59:39 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xf7024d6b> <pcomp> <accomp>]
Thu Oct 8 09:59:39 2009 : lcp_reqci: returning CONFACK.
Thu Oct 8 09:59:39 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xf7024d6b> <pcomp> <accomp>]
Thu Oct 8 09:59:39 2009 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4eaed7b4> <pcomp> <accomp>]
Thu Oct 8 09:59:39 2009 : sent [LCP EchoReq id=0x0 magic=0x4eaed7b4]
Thu Oct 8 09:59:39 2009 : rcvd [LCP EchoReq id=0x0 magic=0xf7024d6b]
Thu Oct 8 09:59:39 2009 : sent [LCP EchoRep id=0x0 magic=0x4eaed7b4]
Thu Oct 8 09:59:39 2009 : rcvd [CHAP Challenge id=0x42 <bfa02e52477ad703f752d91a0650eb71>, name = "FileServer.private"]
Thu Oct 8 09:59:39 2009 : sent [CHAP Response id=0x42 <097b60869efc9e8ee53404b48c993daa0000000000000000b236f046a456159c1a4abfbf518aa1 953a357676e3a0492d00>, name = "Patrick Brownsword"]
Thu Oct 8 09:59:39 2009 : rcvd [LCP EchoRep id=0x0 magic=0xf7024d6b]
Thu Oct 8 09:59:39 2009 : rcvd [CHAP Success id=0x42 "S=2390384D3C6CECE9016F22FFDDE63AA65614D385 M=Access granted"]
Thu Oct 8 09:59:39 2009 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Thu Oct 8 09:59:39 2009 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0>]
Thu Oct 8 09:59:39 2009 : ipcp: returning Configure-REJ
Thu Oct 8 09:59:39 2009 : sent [IPCP ConfRej id=0x1 <addr 0.0.0.0>]
Thu Oct 8 09:59:39 2009 : rcvd [ACSCP ConfReq id=0x1]
Thu Oct 8 09:59:39 2009 : Unsupported protocol 'Apple Client Server Control Protocol' (0x8235) received
Thu Oct 8 09:59:39 2009 : sent [LCP ProtRej id=0x2 82 35 01 01 00 04]
Thu Oct 8 09:59:39 2009 : rcvd [IPCP ConfNak id=0x1 <addr 192.168.0.105> <ms-dns1 75.154.133.100> <ms-dns3 75.154.133.68>]
Thu Oct 8 09:59:39 2009 : sent [IPCP ConfReq id=0x2 <addr 192.168.0.105> <ms-dns1 75.154.133.100> <ms-dns3 75.154.133.68>]
Thu Oct 8 09:59:39 2009 : rcvd [IPCP ConfReq id=0x2 <addrs 0.0.0.0 192.168.0.105>]
Thu Oct 8 09:59:39 2009 : ipcp: returning Configure-REJ
Thu Oct 8 09:59:39 2009 : sent [IPCP ConfRej id=0x2 <addrs 0.0.0.0 192.168.0.105>]
Thu Oct 8 09:59:39 2009 : rcvd [IPCP ConfAck id=0x2 <addr 192.168.0.105> <ms-dns1 75.154.133.100> <ms-dns3 75.154.133.68>]
Thu Oct 8 09:59:39 2009 : rcvd [IPCP ConfReq id=0x3 <addrs 0.0.0.0 192.168.0.105>]
Thu Oct 8 09:59:39 2009 : ipcp: returning Configure-REJ
Thu Oct 8 09:59:39 2009 : sent [IPCP ConfRej id=0x3 <addrs 0.0.0.0 192.168.0.105>]
Thu Oct 8 09:59:39 2009 : rcvd [IPCP ConfReq id=0x4 <addrs 0.0.0.0 192.168.0.105>]
Thu Oct 8 09:59:39 2009 : ipcp: returning Configure-REJ
Thu Oct 8 09:59:39 2009 : sent [IPCP ConfRej id=0x4 <addrs 0.0.0.0 192.168.0.105>]
Thu Oct 8 09:59:39 2009 : rcvd [IPCP ConfReq id=0x5 <addrs 0.0.0.0 192.168.0.105>]
Thu Oct 8 09:59:39 2009 : ipcp: returning Configure-REJ
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

VPN issues with Snow Leo client against Tiger Server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up