Migrated VPN Service Broken with Catalina

Anyone currently on Catalina - does the 10.15.1 update released today fix this problem? There is nothing within the support notes in regards to VPN, but still have my fingers crossed. I cannot update to Catalina until this issue is resolved. Tks.

https://support.apple.com/en-ca/HT210642

This is really a sad state of affairs. None of these options are really facile and provide a long-term solution for future Apple updates. Apple should really fix this issue. I am astounded at Apple's lack of regard for this problem.

Does anyone know what the change to /usr/sbin/racoon was from Mountain Lion (10.8) to Mavericks (10.9)?

A work-around decribed on https://macminicolo.net/racoon details copying /usr/sbin/racoon from an old system to fix an issue that prevented L2TP VPN connectivity in Server 3.0.1. Any ideas if the current issue with Catalina is related?

Good request! I am going through the ropes best I can but not that easy with the info available! Already installed Xcode and MacPorts. That bit was the easy part. Getting it setup and configured (I only need Mail and VPN) is a whole new challenge!

Ugh perhaps I posted too soon, but perhaps not. I’m also seeing the behavior mentioned by the OP on some external networks, but not others.

I’ll follow up in a bit with a few quick technical pointers and try to characterize when/how the issue arises.

Great you reported it! I was getting frustrated not to be able to make a connection from my ISP or any other external networks. So it is not my settings files!

Apple, please fix Catalina. This just doesn't make sense!!!

I agree, but since this is a personal VPN, I have 32G of memory, AND if I'm using the VPN I'm not home to use the server itself it's a cheap and easy solution. Haven't noticed any degradation in performance when I'm home and the Parallels client is running anyway.

Why unbelievable? They've triaged this and decided that only a relative few of us use it, and so our screams won't be loud enough to rock the prioritizers. Just because that's true doesn't make it right or good, of course, but Apple's the biggest gorilla in this jungle, so…. And honestly, there are worse bugs which go unresolved forever, although I'd guess this one would be pretty easy to identify and fix. Maybe we should scream louder, but given the stripping Apple gave MacOS Server, I'm guessing it wouldn't help.

@e-nando Great find, but how did you copy vend into /usr/sbin?

I made sure my Mojave vpnd had root:wheel ownership, but kept getting errors. I turned off System Integrity Protection and got the error  Read-only file system. How did you bypass these copy errors.

Thanks.

I don't have access to a Mojave vpnd binary, if someone would provide one I'd be happy to provide a step-by-step set of instructions.

Edit: NVM, found one tucked away in a time capsule backup. Instructions incoming.

Thanks so much for posting. I am still on Mojave so can send you vpnd if you would like?

Does this actually work? I need VPN access for my current setup so cannot upgrade to Catalina if this is not functional?

I thought I had solved the problem, but not quite. I can get the Mojave vpnd to work fine on Catalina *IF* I connect from my local network which is not much use. If I connect from the Internet I get 7 incoming calls, and then 7 hangups. I assumed there might have been a port forwarding problem, so I tried forwarding to the Mojave Parallels client I had been using to get around this problem and that worked fine. If I forwarded back to Catalina... NG. VPN Log extracts follow.

Oh, come on...

You always could connect to a VPN server running on Catalina from the same local network.

External connections never worked.

Before posting a “solution” here, please make sure that it actually works.