Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Mac OS 9000 Author

Level 2

271 points

How do I set up L2TP VPN?

I've been Google searching for a tutorial on how to do this, but I get plague by "how to connect to VPN" articles and "how to host PPTP VPN". The only L2TP tutorials are too hard to follow or poorly written.

I seem to have set it up properly because I can connect to the server's VPN by LAN. However, if I enter the public domain or IP, it doesn't connect. I have enabled forwarding for the ports 500, 1701, 1723, and 4500 to the server. I also forwarded GRE and ESP. I know HOW to port forward because I have successfully forwarded other ports such as SSH to the server. My firewall security on my router is on the lowest setting.

I still can't connect even if I make my server a DMZ host.

Mac mini, Mac OS X (10.6.7), 4 GB RAM, 2.4 GHz, 500 GB dual HD

Posted on Jun 26, 2011 10:20 AM

Best reply

MrHoffman

Community+ 2024

Level 10

116,769 points

Posted on Jun 26, 2011 12:19 PM

Depending on the exact set-up of the network, L2TP requires UDP ports 500, 1701 and 4500 and the IP-ESP protocol, which is IP protocol 50; ESP.

Other than ESP (which is protocol 50 and not port 50), these are UDP ports, and not TCP.

TCP 1723 is used for PPTP. Not L2TP.

It is common for L2TP passthrough to fail when more than one connection is active.

As compared with L2TP, PPTP is usually easier to get going.

Check your Mac OS X Server firewall, too.

Use of an external firewall-gateway with an embedded VPN server is recommended. (NAT passthrough is something best avoided.)

Also ensure your ISP is not blocking VPN connections. There are ISPs that block server-oriented ports on the residential service tier. (If you're on a business-class tier, ignore this.)

View in context

18 replies

drtj

Level 1

8 points

Nov 13, 2012 10:45 AM in response to Mac OS 9000

I've had problems connecting L2TP VPN from my Mountain Lion Macbook Pro to a MacMini running 10.7 Server. Port 500 was initially forwarded UDP only and making it TCP/UDP fixed the problem. No idea why but it was a fluke that I found it.

Sep 13, 2013 6:22 PM in response to Mac OS 9000

I found this page based on my searching, and due to the exact same problem as you Mac OS 9000.

I hope you've got it working now.

To get my Snow Leopard Server VPN visible to the Internet besides just the LAN — no matter what sort of ports and protocols I allowed through — didn't seem to work.

Go to Firewall Settings > DMZ Host > and enter the IP address of your server. (I'm assuming -- and for the benefit of others -- you've set up the DHCP IP address for your server to be statically set by the Actiontec router.)

May 4, 2014 2:24 AM in response to Mac OS 9000

I found that my FritzBox router's uPNP support already had allocated one of the UDP ports to a different device. After I cleared that uPNP allocation the VPN worked, so that's another thing to check.

How do I set up L2TP VPN?