Migrated VPN Service Broken with Catalina

Hi Everyone,

The very intrepid Bernard Tao of VPN Enabler may have come up with a solution. I have already rolled back to Mjoave, but if someone is brave enough to try and test his solution, I would be eternally grateful! I am not going to upgrade Catalina until we have a 100% solution for this massive problem. Loss of VPN is incredibly disruptive to my workflow.

http://cutedgesystems.com/software/openvpnenablerforcatalina/

Thanks!

I gave it a try and had zero luck.

I'm currently working on Wireguard. I've had a little success with it, as in I can connect to the server but can't do anything else. I'll probably be reverting back to Mojave probably this weekend.

Apple can kiss my ***. I am so sick of their shenanigans regarding SERVER.. First they completely GUTTED a fine suite which we PAID for, made it completely useless, there WAS a workaround to at least get VPN working, but now after Catalina, no more.

Seriously, W T F Apple?? W T F ???

I have tried VPN Enabler mention by lcrooks earlier and have managed to get the connection working back to my Catalina OS Mac Mini. I have done this locally from another desktop and remotely from my iphone. The later needed the OpenVPN app installed.

I also needed to edit the config file created by VPN Enabler as it didn't want to work by default. This was a bit of trial and error really as I am certainly no expert on this, but noticed when using the client part of VPN Enabler that the config file didn't seem to reference my server url but the port number instead. I simply replaced the port number with my url and it worked. The lines I changed are below

<key>RemoteAddress</key>

<string>xxx.ddns.net</string> This simply contained "REMOTE"

<key>remote</key>

<string>xxx.ddns.net</string> Note: this is where the port number 1194 was

It does not look like this is going to be fixed in the next release of macOS 10.15.

Please submit a bug report to Apple via http://feedbackassistant.apple.com and post your feedback number here. This is the only way to get attention from Apple. It is not enough to just rant about it on the forums.

Been running with ZyXEL ZYWALL USG series firewalls and the embedded VPN server, FWIW.

There are other similar options, from other vendors.

Not a huge fan of host-based VPN servers, and for various reasons.

But been migrating off of Server for a while too, with the Mojave Server release having discontinued the interesting bits.

iVPN has also officially stated that their software is not compatible with Catalina due to vpnd not working. There are a number of blogs/forums complaining about this horrendous issue. Honestly, I don't think Apple will fix this problem in Catalina or future OSX releases. Incredibly frustrating. Bernard Tao's VPN Enabler / OpenVPN workaround may be the only solution.

https://macserve.org.uk/ivpn/help.php

I migrated to a firewall-based VPN server a decade ago, and that’s just been vastly easier than wrestling with a host-based VPN server and host-based IP routing.

Even back when Mac OS X Server cost a thousand dollars, and had a VPN server.

No need to deal with NAT-passthrough, and the firewall can be accessible when the target server (and VPN server) isn’t.

Using a Mac as an expensive IP router just isn’t “fun”. Never has been.

This is really a sad state of affairs. None of these options are really facile and provide a long-term solution for future Apple updates. Apple should really fix this issue. I am astounded at Apple's lack of regard for this problem.

Does anyone know what the change to /usr/sbin/racoon was from Mountain Lion (10.8) to Mavericks (10.9)?

A work-around decribed on https://macminicolo.net/racoon details copying /usr/sbin/racoon from an old system to fix an issue that prevented L2TP VPN connectivity in Server 3.0.1. Any ideas if the current issue with Catalina is related?

Bug reported also.

I use iVPN (https://macserve.org.uk)

I also test to connect directly to ip in my local network and then VPN connect.

If I use my VPN host name xxxxx.com "Server not responding" but I see "hits" in my VPN log.

2020-01-07 14:09:40 EET Incoming call... Address given to client = 10.0.xx.xx

Tue Jan  7 14:09:40 2020 : publish_entry SCDSet() failed: Success!

Tue Jan  7 14:09:40 2020 : publish_entry SCDSet() failed: Success!

Tue Jan  7 14:09:40 2020 : publish_entry SCDSet() failed: Success!

Tue Jan  7 14:09:40 2020 : L2TP incoming call in progress from '85.xx.xxx.xxx'...

Tue Jan  7 14:09:40 2020 : L2TP received SCCRQ

Tue Jan  7 14:09:40 2020 : L2TP sent SCCRP

2020-01-07 14:09:41 EET   --> Client with address = 10.0.1.70 has hungup

2020-01-07 14:09:42 EET   --> Client with address = 10.0.1.71 has hungup

2020-01-07 14:09:44 EET   --> Client with address = 10.0.1.72 has hungup

I could no longer wait for Apple to fix this solution.

I ended up purchasing a Cisco RV325 VPN Router and installed it in our office so that I could reach macOS Server, all of the machines on the network and all of the services. It actually works a thousand times better than the software VPN that macOS Server provided in the past as you basically have unlimited control with monitoring of who accesses your network.