Previous 1 2 3 4 5 Next 70 Replies Latest reply: Oct 31, 2012 6:43 AM by tehcid Go to original post
  • Tracedoggy Level 1 Level 1

    The instructions I think is a good starting point for setting up your VPN but it is a little dated since the new Lion server (10.7.3) is a little different in some spots.  All in all though it is a great reference and the rest is up to you.  The following pic is what I have opened on my router, keep in mind I pay for a static IP so the ports are not blocked by my cable provider.


    Screen Shot 2012-05-04 at 2.28.41 PM.png

  • Dan Pouliot Level 1 Level 1

    Thanks Tracedoggy. I have 500 and 4500 UDP forwarded, and I even used the defaults provided by the AEBS. I followed macminicolo's instructions, but to no avail. frustrating.

  • Dan Pouliot Level 1 Level 1

    at the airport this morning I was fiddling w/my iPad and decided to try VPN. After mucking w/passwords and secrets, it finally worked! I wonder if the VPN errors are too vague, and it was a password issue all along.


    Anyway, I VNCed in to my Mac and tried the same thing, no success. Again, console on server shows no activity from the Mac, suggesting that problem is on the client end, but I have no idea where to look.

  • ctrld Level 1 Level 1

    If your firewall configured properly but you can't connect via L2TP, please try:

    $ sudo vpnaddkeyagentuser /LDAPv3/

  • Dan Pouliot Level 1 Level 1

    firewall is off on both server and client.


    I tried  sudo vpnaddkeyagentuser /LDAPv3/

    but then it asked me 3 times for:

    Enter admin name for node /LDAPv3/

    and Password:.


    I had no idea what it is asking for. I tried assigning a name for the node "vpntest", I also  tried entering my "admin name" which is "admin", I'm guessing I did it wrong.

  • ctrld Level 1 Level 1

    Sorry, I didn't say it. Please use username 'diradmin' (Open Directory Admin), password can be the same as admin user.


    If it will not help, try to run

    sudo mkpassdb -dump

    to get a list of the users credentials.

    Find the line corresponding to the vpn user (may be vpn_user1).



    mkpassdb -setkeyagent 0x.....

    where the 0x... bit is the big hex number to the immediate left of the username from the previous dump command.



  • Dan Pouliot Level 1 Level 1

    thanks ctrld. at least it didn't ask for the password 3 times, but still no vpn and still 0 lines added in server's console (I verified connecting from my iPad from home succeeds, and generates 30+ lines in console).


    However, after running that terminal command, I found this in console, not sure if it is related to my issue:

    opendirectoryd: GSSAPI Error: Miscellaneous failure (see text (Server (krbtgt/OMANSION.PRIVATE@MANSIONSERVER2.LOCAL) unknown while looking up 'ldap/server.omansion.private@OMANSION.PRIVATE' (cached result, timeout in 1200 sec))

  • Dan Pouliot Level 1 Level 1

    I used Wireshark to do a packet capture of en0 (my wifi is off). I think I have discovered the problem, but I don't know the solution. The packet capture shows the following error about 30 times in a row each time i try to enable VPN:




    Protocol: ICMP

    Info: Destination unreachable (port unreachable)

  is my Mac and is my AEBS. Why would attempting to initiate VPN cause this error?

  • Dan Pouliot Level 1 Level 1

    FWIW, I solved my issue:


    I looked through all processes in the activity monitor and I saw IPSecuritasDaemon, which is from a piece of the VPN software that I used to use:


    I went to their site and downloaded their own installer and ran it. Now my VPN works!!!!

  • stephen2011 Level 1 Level 1

    I now have 3 vpn_xxxxxx users. Should I remove some of those VPN users?

  • tehcid Level 1 Level 1

    This is quite the old thread, but I wanted to share my results as it was quite a PITA in order to get my VPN up and running.


    Attempting to use my Mini for more then a media browser, I installed server on it to use the VPN and other hosting items.  Much like the other people in this thread with an AEBS, I could VPN on the same network (dumb) but not from a public IP address.  I found that BTMM could mess up some of this up, so I removed that from the config, saved and restarted.




    Still assuming it was related to BTMM, I exported my config, and wiped the device.  I used Server to reconfigure the VPN settings again and it worked.  Luckly the config that Apple exports is human readable, so I started looking through it.  I found the following lines and deleted them.



















    I reloaded my config and it worked with my settings.  As someone who works with networking equipment regualrly, this is the problem with Apple's "It Just Works".

Previous 1 2 3 4 5 Next