The http://macminicolo.net/lionservervpn instructions I think is a good starting point for setting up your VPN but it is a little dated since the new Lion server (10.7.3) is a little different in some spots. All in all though it is a great reference and the rest is up to you. The following pic is what I have opened on my router, keep in mind I pay for a static IP so the ports are not blocked by my cable provider.
at the airport this morning I was fiddling w/my iPad and decided to try VPN. After mucking w/passwords and secrets, it finally worked! I wonder if the VPN errors are too vague, and it was a password issue all along.
Anyway, I VNCed in to my Mac and tried the same thing, no success. Again, console on server shows no activity from the Mac, suggesting that problem is on the client end, but I have no idea where to look.
firewall is off on both server and client.
I tried sudo vpnaddkeyagentuser /LDAPv3/127.0.0.1
but then it asked me 3 times for:
Enter admin name for node /LDAPv3/127.0.0.1:
I had no idea what it is asking for. I tried assigning a name for the node "vpntest", I also tried entering my "admin name" which is "admin", I'm guessing I did it wrong.
Sorry, I didn't say it. Please use username 'diradmin' (Open Directory Admin), password can be the same as admin user.
If it will not help, try to run
sudo mkpassdb -dump
to get a list of the users credentials.
Find the line corresponding to the vpn user (may be vpn_user1).
mkpassdb -setkeyagent 0x.....
where the 0x... bit is the big hex number to the immediate left of the username from the previous dump command.
thanks ctrld. at least it didn't ask for the password 3 times, but still no vpn and still 0 lines added in server's console (I verified connecting from my iPad from home succeeds, and generates 30+ lines in console).
However, after running that terminal command, I found this in console, not sure if it is related to my issue:
opendirectoryd: GSSAPI Error: Miscellaneous failure (see text (Server (krbtgt/OMANSION.PRIVATE@MANSIONSERVER2.LOCAL) unknown while looking up 'ldap/server.omansion.private@OMANSION.PRIVATE' (cached result, timeout in 1200 sec))
I used Wireshark to do a packet capture of en0 (my wifi is off). I think I have discovered the problem, but I don't know the solution. The packet capture shows the following error about 30 times in a row each time i try to enable VPN:
Info: Destination unreachable (port unreachable)
10.0.1.4 is my Mac and 10.0.1.1 is my AEBS. Why would attempting to initiate VPN cause this error?
FWIW, I solved my issue:
I looked through all processes in the activity monitor and I saw IPSecuritasDaemon, which is from a piece of the VPN software that I used to use: http://lobotomo.com/products/IPSecuritas/
I went to their site and downloaded their own installer and ran it. Now my VPN works!!!!
This is quite the old thread, but I wanted to share my results as it was quite a PITA in order to get my VPN up and running.
Attempting to use my Mini for more then a media browser, I installed server on it to use the VPN and other hosting items. Much like the other people in this thread with an AEBS, I could VPN on the same network (dumb) but not from a public IP address. I found that BTMM could mess up some of this up, so I removed that from the config, saved and restarted.
Still assuming it was related to BTMM, I exported my config, and wiped the device. I used Server to reconfigure the VPN settings again and it worked. Luckly the config that Apple exports is human readable, so I started looking through it. I found the following lines and deleted them.
I reloaded my config and it worked with my settings. As someone who works with networking equipment regualrly, this is the problem with Apple's "It Just Works".