Lion Server VPN, Can Connect Locally, Not Remotely

Check the setting in airport utility 5.6 AND 6.0.

They seem to share some of the saem info, a mistake in 6.0 will stop stuff working even if properly configured in 5.6.

This solved my vpn problems. make sure all the settings are the same in both versions!

This forum resolved my issue in case anyone is using a Linksys router

http://homecommunity.cisco.com/t5/Wireless-Routers/L2TP-IPsec-Server-behind-WRT3 50N/td-p/183879

I opened up port 500 and 4500 on my router to forward to my lion server and then I was able to VPN locally and externally with no problems.

Cheers!

I also had the same issue such that L2TP works in LAN but not outside the router. I just realized that I have "Back to my Mac" enabled on my Time Capsule which has a conflict to L2TP port forwarding. After disabling that, L2TP works fine.

Same issue. Lion Server with an airport. I disabled "Back to my Mac" on the airport and removed the NAT port forwardings that I had been using. After restarting the airport, I added the new "OS X Server" vpn forwarding rules that appeared in the drop down and all is well again.

Obviously setting up VPN with Lion Server is not easy, as evidenced by the popularity of this post.

None of the recommendations here have helped me. I also tried this:

http://macminicolo.net/lionservervpn

but that too did not get it working.

I cannot find any Apple documentation on how to properly set up VPN. Can anyone post a link?

Once you get past the port conflicts it's actually pretty easy to set up. If you can describe your issues I might be able to help. What is your configuration?

I'm running Lion Server 10.7.3, and it is connected to an AEBS running 7.6.1. I have forwarded the VNC port on my AEBS, so I can screen in and watch my server as I try to connect. I open vpnd.log in Console, and when I try to connect, there is no activity in that log file, suggesting that my request never even makes it to the server.

According to the Server App, VPN is on (it has a green light) and is configured for L2TP.

Here are my network settings in Server Admin:

FYI: I am using dyn.com to map a domain to my router's public facing IP.

Any help is greatly appreciated!

This sounds like the same issue I had. What port forwardings do you have on your AEBS? If you have any IDs entered in "Back to My Mac" you need to remove them and restart the AEBS.

VPN (L2TP)

Public UDP:500,1701,4500

Private UDP:500,1701,4500

VPN (PPTP):

Public TCP: 1723

Private TCP:1723

I am looking at the Mobile Me tab in Airport Utility and it's empty, so I assume that is correct. System Preferences on the server shows Back to My Mac is disabled (because an iCloud account is active). I am looking at iCloud in System Preferences and Back to My Mac is unchecked there.

Those are the right ports...and I know it shouldn't make any difference, but what worked for me was deleting the existing mappings that matched yours and creating new ones using the ones named "OS X Server VPN -".

Since you mention the MobileMe tab I have to assume your not using the latest Airport Utility. Get version 6 and delete the existing mappings. The new mappings in which each port has it's own individual mapping will then be availiable to select.

I have both Airport Utilities, I figured I needed the old one to see mobileme.

Interesting that the new utility has "Mac OS X Server VPN" as choices for port mappings, that is news to me!

Out of curiosity, when I select "Mac OS X Server VPN - L2TP" it auto-populates only 1701. I am adding 500 and 4500. I hope that is right. (I wish they would make the port mapping pane in the network tab more than 2 rows high!)

Updated router, still no luck. as an added measure, I created a new VPN.mobileconfig from the server, and installed it on my remote Mac. I got the same "The L2TP-VPN server did not respond." and no new entries in vpnd.log. It would be nice if the AEBS had a log that I could see if the request made it that far.

There are four selections for "Mac OS X Server VPN". The other ports are in the other selections. Like I said, it shouldn't make any difference but adding the four new selections is what made mine start working...

I'm guessing that the latest firmware may not like multiple ports in a single map.

ok, I deleted and re-added all 4, with just 1 port per entry. Still no success, but here's an added detail:

I have been trying VPN from both my Mac and my iPad. I decided to monitor all system log messages. No entries when Mac tries, but a bunch of entries when iPad tries (though it still fails):

The http://macminicolo.net/lionservervpn instructions I think is a good starting point for setting up your VPN but it is a little dated since the new Lion server (10.7.3) is a little different in some spots. All in all though it is a great reference and the rest is up to you. The following pic is what I have opened on my router, keep in mind I pay for a static IP so the ports are not blocked by my cable provider.