Migrated VPN Service Broken with Catalina

@e-nando Great find, but how did you copy vend into /usr/sbin?

I made sure my Mojave vpnd had root:wheel ownership, but kept getting errors. I turned off System Integrity Protection and got the error  Read-only file system. How did you bypass these copy errors.

Thanks.

I don't have access to a Mojave vpnd binary, if someone would provide one I'd be happy to provide a step-by-step set of instructions.

Edit: NVM, found one tucked away in a time capsule backup. Instructions incoming.

Even with the above, I tried a `vpnd` binary pulled from OS X 10.14.2 and 10.14.3 and neither worked for me. Same behavior as Catalina when trying to connect via remote network.

Coincidentally, I only last night got a softether.org VPN setup on my Mac Mini and it supports IPSec/L2TP so you can still use native VPN client built into Apple devices.

Thanks so much for posting. I am still on Mojave so can send you vpnd if you would like?

Does this actually work? I need VPN access for my current setup so cannot upgrade to Catalina if this is not functional?

Tried that method back in October and it did not work.

Tried one more time now, copied vpnd from 10.14.6, made sure that everything was correct (vpn.ppp.l2tp.plist updated to specify the new path, macOS asked me if I wanted to open a file when reloading vpnd so the new file was actually used) and it still does not work for external connections.

If anyone else wants to try - please go ahead but don't have your hopes high.

I'm not convinced that the problem would be at the client/user end, since in my case, only the server changed, not the clients (iPhone and MacBook Pro).

I copied all my server's information into my router's VPN server set-up, turned off port forwarding, and voilà! It worked instantly with both clients, and with no changes to the client/user setup.

Just saying…

Oh, come on...

You always could connect to a VPN server running on Catalina from the same local network.

External connections never worked.

Before posting a “solution” here, please make sure that it actually works.

If anyone is looking for an alternative solution to a home VPN server, I would recommend considering setting up a Raspberry PI with strongSwan.

I know that it seems like an obvious answer (I knew about it before too), however, what I did not realise is that you can actually have a better VPN server this way (compared to what we had on macOS).

You can actually use "VPN on demand" rules which are super cool (e.g. you can make your iPhone to connect to your VPN whenever you get on an unknown Wi-Fi network). The downside is that you need to be tech savvy to set it up.

My hats off to all of the highly ingenious 3rd party solutions but one of the key reasons many of us bought a mac mini was to have a simple, integrated, Apple-ecosystem-centric solution to home networking. The fact that Apple has unnecessarily rendered their software solution into obsolescence is highly malicious towards their own customers. Frankly, it is unacceptable and should be "fixed" by Apple. I know that Apple could care less what we think, but I would advocate that we maintain pressure. I can say with 100% certainty this will be my last mac if Apple continues to be so obtuse and unwilling to listen to their own loyal customers.

Yes, configure your own OpenVPN certificate-based server: https://github.com/essandess/macos-openvpn-server. This has been a rock-solid alternative to a vpnd-based server.

The MacPorts port macos-vpn-server is based on vpnd and therefore has the same issue discussed in this thread.

I've mentioned it before, but it could have gotten lost in this long thread:

I'm successfully using Mojave in a Parallels VM on Catalina running the VPN configuration I used before Catalina broke it.

Yes. I too paid for Server.app only because I needed VPN. Now I must use 10.13.6 for can use Server.app 5.6.3 with GUI VPN. Where is my VPN, Apple? I want use Server.app with VPN on macOS 10.15, macOS 11+