User profile for user: Douggo
Douggo Author
User level: Level 4
2,740 points

L2TP VPN not connecting

I have been working on getting L2TP VPN connections to work for quite a while with no success. PTPP connections do work, however, with no difficulty. I had a previous thread running on this that went into the archived state and I'm starting afresh, carrying over a conversation from an unrelated thread to keep this more on-track.

The vpnd log reads this when trying to establish a L2TP connection:

Sat Nov 7 09:57:50 2009 : Directory Services Authentication plugin initialized
Sat Nov 7 09:57:50 2009 : Directory Services Authorization plugin initialized
Sat Nov 7 09:57:50 2009 : L2TP incoming call in progress from 'xx.xx.xx.xx'...
Sat Nov 7 09:57:50 2009 : L2TP received SCCRQ
Sat Nov 7 09:57:50 2009 : L2TP sent SCCRP
2009-11-07 09:57:52 PST Incoming call... Address given to client = 10.0.0.60
Sat Nov 7 09:57:52 2009 : Directory Services Authentication plugin initialized
Sat Nov 7 09:57:52 2009 : Directory Services Authorization plugin initialized
Sat Nov 7 09:57:52 2009 : L2TP incoming call in progress from 'xx.xx.xx.xx'...
Sat Nov 7 09:57:52 2009 : L2TP received SCCRQ
Sat Nov 7 09:57:52 2009 : L2TP sent SCCRP
2009-11-07 09:57:56 PST Incoming call... Address given to client = 10.0.0.61
Sat Nov 7 09:57:56 2009 : Directory Services Authentication plugin initialized
Sat Nov 7 09:57:56 2009 : Directory Services Authorization plugin initialized
Sat Nov 7 09:57:56 2009 : L2TP incoming call in progress from 'xx.xx.xx.xx'...
Sat Nov 7 09:57:56 2009 : L2TP received SCCRQ
Sat Nov 7 09:57:56 2009 : L2TP sent SCCRP
2009-11-07 09:58:04 PST Incoming call... Address given to client = 10.0.0.62
Sat Nov 7 09:58:04 2009 : Directory Services Authentication plugin initialized
Sat Nov 7 09:58:04 2009 : Directory Services Authorization plugin initialized
Sat Nov 7 09:58:04 2009 : L2TP incoming call in progress from 'xx.xx.xx.xx'...
Sat Nov 7 09:58:04 2009 : L2TP received SCCRQ
Sat Nov 7 09:58:04 2009 : L2TP sent SCCRP
2009-11-07 09:58:10 PST --> Client with address = 10.0.0.59 has hungup
2009-11-07 09:58:12 PST --> Client with address = 10.0.0.60 has hungup
2009-11-07 09:58:16 PST --> Client with address = 10.0.0.61 has hungup
2009-11-07 09:58:24 PST --> Client with address = 10.0.0.62 has hungup

All the appropriate firewall ports are open as near as I can tell after poring over them and the instructions in Network Services Admin.

-Doug

Mac Pro (2X 3Ghz dual core); MacBook 2GHz C2D; G4 MDD Dual 867, Mac OS X (10.6.1), 20" Cinema Display; 30GB iPod Photo; iPhone; Airport Exteme

Posted on Nov 7, 2009 10:04 AM

Reply
18 replies
User profile for user: Douggo
Douggo Author
User level: Level 4
2,740 points

Nov 9, 2009 12:08 PM in response to Peter Scordamaglia

unplug your connection to the internet (Modem off, whatever it takes to protect you from the next step) and then shut off NAT and the Firewall, then try to connect to PPTP and L2TP via an internal client. It HAS to be that firewall...


Okay, here's what I tried. Dropped the direct external IP Ethernet connection from the modem (tied to en0 on the server), disabled the firewall and NAT, made a new L2TP connection client on my laptop to access the internal IP of the server. It immediately connected. Then, having an inspiration, I duplicated the firewall settings from the 'any' address group to the '10-net' group (our internal IPs are in that range), saved those and tried the VPN connection again. Same result - it connected immediately.

I got into the setup on our modem and checked through again and its internal firewall is shut down - no port blocking enabled. Tried putting the server into the DMZ, no joy.

So right now, my suspicion is that the problem really lies in our modem/router rather than the firewall configuration. Or am I way off track here?

-Doug
Reply
User profile for user: Peter Scordamaglia
Peter Scordamaglia
User level: Level 2
384 points

Nov 10, 2009 3:58 AM in response to Douggo

There is no way to be sure it it not the modem, but most modems are normally setup to not have a firewall setup or have one, and it is not turned on.

I would lean toward the firewall still being the culprit. I think you have a complex ruleset for your firewall and the Mac GUI is not capable to building it properly for you. It will take some tweaking to get it right (moving roles around, building skip rules et al.)

Let me see what I can do to explain this further.

Peter

Message was edited by: Peter Scordamaglia - Clarification of many statements
Reply
User profile for user: Douggo
Douggo Author
User level: Level 4
2,740 points

Nov 12, 2009 8:15 PM in response to Peter Scordamaglia

Hi Peter,

just an update.. As the result of doing some thing really stupid (which is a great, albeit painful, way to learn what not to do..) I've had to nuke and reinstall the server. Ran all the updates to bring it current before starting any services, and then only enabled VPN, NAT and Firewall.

*L2TP VPN now works!*

I'm taking notes as I go, starting with the base firewall and rule settings. I'll continually test VPN connections as I add services and see if there's a trip-point where L2TP connections stop working.

Thanks again for your help.

-Doug
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

L2TP VPN not connecting

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up