Is this a bug or a planned "feature" ?
It is not possible to work with VPN's after upgrade to Catalina.
MacBook Pro with Touch Bar
After doing some tinkering, we discovered that (at least for IKEv2) if you choose 'None' under Authentication Settings in your VPN settings and then select the "certificate" radio button and choose your certificate, it works. No explanation as to why, but it works.
There is another thread of very upset people with the same problem. Apple has broken VPND service in Catalina. The only real solution to this problem is to roll back to Mojave.
https://discussions.apple.com/thread/250730386?answerId=251723626022
Try to run in terminal:
sudo launchctl start com.apple.racoon
Clarifying my use case: after updating to Catalina my L2TP/IPsec connection connects as usual but tunnel connectivity disappears anywhere from 40 to 180 seconds (100% reproducible).
Method of checking:
ping <tunnel-reachable-ip>
Result: replies as usual until 40 to 180 seconds, then "time out"
VPN Log: tail -f /var/log/ppp.log
--No entries during successful pings--
--No entries 10 seconds after first ping timeout, then--
: no echo-reply, despite successful ppp_auxiliary_probe!
: No response to 3 echo-requests
: Serial link appears to be disconnected.
: ipcp: down
..
..
VNP Hardware: D-link VPN DSR-N250
Windows Virtual machine (running on same Catalina mac) connects to the VPN and hold connection indefinitely.
Getting the same problem after an upgrade to Catalina. PPP log shows the error: "L2TP: cannot connect racoon control socket: Connection refused" which I believe is the same as Plicciardello. Tried both native and Shimo clients. Connection to the same VPN server from a different mac running Mojave works fine.
I just found a strange way to get this to work. I had a Mojave Parallels VM (To be able to run Photoshop and Acrobat which would have died a 32 bit death) which was a restore of my Mojave machine before I upgraded to Catalina. This had been running my VPN. I went into the VM and tweeked a couple of IP settings, and now I can VPN into my home network like before, keeping the VM always active of course. May not be for everyone, but it worked for me!
At in I'd hope apple can provide VPN via SSL URGENTLY, as it seems they removed pretty much everything else that is available via VPN providers.
I understand they want to tighten things up, but removing a capability with not replacement in the market is irresponsible.
G
I'm trying to do a native vpnd installation on Catalina 10.15.1. It had worked perfectly on Mojave. I seem to be getting farther than other people so here's what I found.
First, my error in the vpnd.log is:
Fri Nov 1 16:00:55 2019 : L2TP incoming call in progress from '192.168.0.1'...
Fri Nov 1 16:00:56 2019 : L2TP incoming call in progress from '192.168.0.1'...
Fri Nov 1 16:00:58 2019 : L2TP incoming call in progress from '192.168.0.1'...
Fri Nov 1 16:01:06 2019 : L2TP incoming call in progress from '192.168.0.1'...
Fri Nov 1 16:01:10 2019 : L2TP incoming call in progress from '192.168.0.1'...
Fri Nov 1 16:01:14 2019 : L2TP incoming call in progress from '192.168.0.1'...
2019-11-01 16:01:15 EDT --> Client with address = 192.168.0.173 has hungup
2019-11-01 16:01:16 EDT --> Client with address = 192.168.0.174 has hungup
2019-11-01 16:01:18 EDT --> Client with address = 192.168.0.175 has hungup
2019-11-01 16:01:26 EDT --> Client with address = 192.168.0.176 has hungup
2019-11-01 16:01:30 EDT --> Client with address = 192.168.0.177 has hungup
2019-11-01 16:01:34 EDT --> Client with address = 192.168.0.178 has hungup
How I got here:
https://developer.apple.com/support/downloads/macOS-Server-Service-Migration-Guide.pdf
This has information about VPN changes.
The major change I found was that the LaunchDaemon was changed to vpn.ppp.l2tp.plist
I get as far as my log (above) showing that I'm hitting the vpnd service (and I don't know why 6 times) and then hanging up. I know my username/password/shared secret are correct because if I change one of them, I don't appear in the log.
Hope this helps someone else to maybe find an answer.
I am having the same issue using VPN for Azure over IKEv2.; just throws a generic error. The topic is trending for Cisco and Fortinet VPN gateways on Reddit. Apple support had us reinstall Catalina, to no avail.
I've tried to launch the command and VPN still doesn't work but the returned error has changed
From "L2TP: cannot connect racoon control socket: Connection refused" we've evolved to
Tue Oct 29 00:02:35 2019 : IPSec connection started
Tue Oct 29 00:02:35 2019 : IPSec phase 1 client started
Tue Oct 29 00:02:35 2019 : IPSec phase 1 server replied
Tue Oct 29 00:03:05 2019 : IPSec connection failed
So something has changed. Now is the IPSec connection that fails
Any other ideas?
Thanks
Pier
Sitting with the same problem. Waiting on feedback from my Router provider "Draytek" on what next,
anyone else make progress ?
G
Correct dustinfromhayward
your’re experiencing exactly the same problem than me
I've tried this but racoon always stops after one dial out to VPN server.
No reports in logge about racoon exit.
Thanks
Paulo.
same problem.
No L2TP VPN working neither with setup in networking connections nor with the Shimo VPN client.
Shimo support reported me that, due to security features in Catalina, no L2TP can work any more.
So this doesn’t seem a bug but an intentional choice
This wouldn't seem logical for the following two reasons:
1) Apple wouldn't keep the L2TP configuration option if it was no longer supported,
2) In my scenario (above) the connection "does" get established only to be lost in a minute or two.
So we are hoping that Apple just wasn't aware that the functionality is broken in such a peculiar way.
L2TP/IPsec VPN doesn't work after upgrade to Catalina.
