L2TP/IPsec VPN doesn't work after upgrade to Catalina.

I'm trying to do a native vpnd installation on Catalina 10.15.1. It had worked perfectly on Mojave. I seem to be getting farther than other people so here's what I found.

First, my error in the vpnd.log is:

Fri Nov  1 16:00:55 2019 : L2TP incoming call in progress from '192.168.0.1'...

Fri Nov  1 16:00:56 2019 : L2TP incoming call in progress from '192.168.0.1'...

Fri Nov  1 16:00:58 2019 : L2TP incoming call in progress from '192.168.0.1'...

Fri Nov  1 16:01:06 2019 : L2TP incoming call in progress from '192.168.0.1'...

Fri Nov  1 16:01:10 2019 : L2TP incoming call in progress from '192.168.0.1'...

Fri Nov  1 16:01:14 2019 : L2TP incoming call in progress from '192.168.0.1'...

2019-11-01 16:01:15 EDT   --> Client with address = 192.168.0.173 has hungup

2019-11-01 16:01:16 EDT   --> Client with address = 192.168.0.174 has hungup

2019-11-01 16:01:18 EDT   --> Client with address = 192.168.0.175 has hungup

2019-11-01 16:01:26 EDT   --> Client with address = 192.168.0.176 has hungup

2019-11-01 16:01:30 EDT   --> Client with address = 192.168.0.177 has hungup

2019-11-01 16:01:34 EDT   --> Client with address = 192.168.0.178 has hungup

How I got here:

https://developer.apple.com/support/downloads/macOS-Server-Service-Migration-Guide.pdf

This has information about VPN changes.

The major change I found was that the LaunchDaemon was changed to vpn.ppp.l2tp.plist

I get as far as my log (above) showing that I'm hitting the vpnd service (and I don't know why 6 times) and then hanging up. I know my username/password/shared secret are correct because if I change one of them, I don't appear in the log.

Hope this helps someone else to maybe find an answer.

There is another thread of very upset people with the same problem. Apple has broken VPND service in Catalina. The only real solution to this problem is to roll back to Mojave.

https://discussions.apple.com/thread/250730386?answerId=251723626022

I am having the same issue using VPN for Azure over IKEv2.; just throws a generic error. The topic is trending for Cisco and Fortinet VPN gateways on Reddit. Apple support had us reinstall Catalina, to no avail.

After doing some tinkering, we discovered that (at least for IKEv2) if you choose 'None' under Authentication Settings in your VPN settings and then select the "certificate" radio button and choose your certificate, it works. No explanation as to why, but it works.

Clarifying my use case: after updating to Catalina my L2TP/IPsec connection connects as usual but tunnel connectivity disappears anywhere from 40 to 180 seconds (100% reproducible).

Method of checking:

ping <tunnel-reachable-ip>

Result: replies as usual until 40 to 180 seconds, then "time out"

VPN Log: tail -f /var/log/ppp.log

--No entries during successful pings--

--No entries 10 seconds after first ping timeout, then--

: no echo-reply, despite successful ppp_auxiliary_probe!

: No response to 3 echo-requests

: Serial link appears to be disconnected.

: ipcp: down

..

..

VNP Hardware: D-link VPN DSR-N250

Windows Virtual machine (running on same Catalina mac) connects to the VPN and hold connection indefinitely.

same problem.

No L2TP VPN working neither with setup in networking connections nor with the Shimo VPN client.

Shimo support reported me that, due to security features in Catalina, no L2TP can work any more.

So this doesn’t seem a bug but an intentional choice

This wouldn't seem logical for the following two reasons:

1) Apple wouldn't keep the L2TP configuration option if it was no longer supported,

2) In my scenario (above) the connection "does" get established only to be lost in a minute or two.

So we are hoping that Apple just wasn't aware that the functionality is broken in such a peculiar way.

Hope you're right.

This is the exact response by Shimo support "Unfortunately it’s no longer possible to provide PPTP and L2TP support on macOS Catalina due to Apples security restrictions".

Shimo doesn't work any more.

Also Apple VPN on L2TP does't work always returning an error "the server L2TP-VPN did not respond...."

I agree that it's somehow strange to still have configuration available but this is my situation at the moment... :(

Getting the same problem after an upgrade to Catalina. PPP log shows the error: "L2TP: cannot connect racoon control socket: Connection refused" which I believe is the same as Plicciardello. Tried both native and Shimo clients. Connection to the same VPN server from a different mac running Mojave works fine.

I've tried to launch the command and VPN still doesn't work but the returned error has changed

From "L2TP: cannot connect racoon control socket: Connection refused" we've evolved to

Tue Oct 29 00:02:35 2019 : IPSec connection started

Tue Oct 29 00:02:35 2019 : IPSec phase 1 client started

Tue Oct 29 00:02:35 2019 : IPSec phase 1 server replied

Tue Oct 29 00:03:05 2019 : IPSec connection failed

So something has changed. Now is the IPSec connection that fails

Any other ideas?

Thanks

Pier

At in I'd hope apple can provide VPN via SSL URGENTLY, as it seems they removed pretty much everything else that is available via VPN providers.

I understand they want to tighten things up, but removing a capability with not replacement in the market is irresponsible.

G

I just found a strange way to get this to work. I had a Mojave Parallels VM (To be able to run Photoshop and Acrobat which would have died a 32 bit death) which was a restore of my Mojave machine before I upgraded to Catalina. This had been running my VPN. I went into the VM and tweeked a couple of IP settings, and now I can VPN into my home network like before, keeping the VM always active of course. May not be for everyone, but it worked for me!

I add another information.

Examining the log of Vpn Connections (vim /var/log/ppp.log) i've found the following error. "L2TP: cannot connect racoon control socket: Connection refused".

Sitting with the same problem. Waiting on feedback from my Router provider "Draytek" on what next,

anyone else make progress ?

G

Correct dustinfromhayward

your’re experiencing exactly the same problem than me