You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

VPN with Lion not working?

I can't get a connection over VPN with L2TP over IPSec. Same settings as in Snow Leopard. Is anyone able to connect with VPN?

Posted on Jul 23, 2011 7:20 AM

Reply
61 replies

Jul 23, 2011 7:35 AM in response to bwarncke

Im not a VPN power user, but I was able to use my VNC app on the iPhone to connect to my Mac Mini running Lion. Might be unrelated, but I also had to tinker with the system to get screen sharing with control when connecting from Mac Mini 1 to Mac Mini 2 (and vice-versa) using command K. Before there was no need to mess with "remote management" in "Sharing" under Sys Pref, but now there is.

Jul 23, 2011 3:57 PM in response to bwarncke

I did an installation from scratch and re-created my VPN connections (4). All VPNs are headed to different Mac OS X Snow Leopard Servers. None of them work, Lion doesn't seem to be able to connect to them.


Jul 24 00:54:12 kain-osx racoon[483]: IPSec Phase1 started (Initiated by me).
Jul 24 00:54:12 kain-osx racoon[483]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
Jul 24 00:54:12 kain-osx racoon[483]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
Jul 24 00:54:12 kain-osx racoon[483]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
Jul 24 00:54:12 kain-osx racoon[483]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
Jul 24 00:54:12 kain-osx racoon[483]: IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).

Jul 25, 2011 3:35 PM in response to bwarncke

I notised this in the Beta. It seems that Lion unlige the previos versions is not serving the Local IPs. For instance in SLS (Snow Leopard Server) you could set the internal VPN IPs to 10.10.1.3 -10.10.1.10 this was ok and when you connec via VPN you get one of those IPs. Now with lion it does not do that. But if you use an IP on the same subnet then it does work. so it looks like the "VPN Server" or Internal IP pool portion was removed from the OS. NOt sure if there is going to be a fix. but thats just as bad as the no more reall world firewall blocking in the Lion OS. I guess we will see if it changes

Aug 4, 2011 7:25 PM in response to bwarncke

I have tested this quite a bit now. I cannot log in using L2TP VPN on Lion 10.7.0, to an updated Snow Leopard Server OR to an updated Lion Server. I CAN log in using the same settings to a Snow Leopard server. Thing is that connecting to the Snow Leopard server doesn't even see the VPN client coming in. The Error I get on the client side is that the L2TP server is not responding... Whereas when I attempt to connect to my Lion Server I get Authentication failed.


The SL server is running OD and I have configured the services so that the VPN service is accessable to the VPN group only. The Lion server is only running server and has only "local" users. This is probably why the server returns "Authentication failed." The log on the SL server doesn't even have an entry when I attempt to connect using my Lion client. When I connect with my iPhone or iPad or Snow Leopard client the server logs about 30 lines of messages. Again, the settings are exactly the same. It's like there's a firewall blocking VPN from connecting in Lion.


I have tried this using an internal address (local on the same network as the servers) and an external address (from the outside).


I have 2 other users with MacBooks that simply updated in place to Lion and cannot connect. In my case I have a MacBookPro and I did a clean SL install, Update, then download and update of Lion. After that I configured my VPN services. Today I also created a partition on my drive with SL, Updated it and configured the VPN services. It works fine.


I would not think we are the only one's using this. Anyone else using VPN services out there?

Aug 5, 2011 6:19 AM in response to bwarncke

Update.


I have now tested the connection on 4 different servers. Lion client (no updates released yet) to Snow Leopard Servers. 2 servers have been updated to 10.6.7. They work fine. Connect...Enter Password...Authenticating...and we are in! The other two servers have had the 10.6.8 update applied. One with 10.6.8 the other with 10.6.8v1.1. Neither even responds to the request. Both return the message "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator."


Just to review ALL servers still work fine with a SL client.

Aug 8, 2011 6:15 PM in response to Minanke

I have tried your trick, Minanke, to no success. Alas! In my server's log, I get the familiar


8/8/11 7:05:04.866 PM com.apple.ppp.l2tp: 2011-08-08 19:05:04 MDT Incoming call... Address given to client = 192.168.1.227

8/8/11 7:05:04.878 PM pppd: pppd 2.4.2 (Apple version 560.12) started by root, uid 0

8/8/11 7:05:04.880 PM pppd: L2TP incoming call in progress from 'my external ip'...

(repeat five times)

8/8/11 7:05:24.144 PM vpnd: --> Client with address = 192.168.1.227 has hungup


over and over again; on my client's log, I get


8/8/11 7:05:06.117 PM pppd: L2TP cannot connect to the server

8/8/11 7:05:06.169 PM racoon: IKE Packet: transmit success. (Information message).

8/8/11 7:05:06.170 PM racoon: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).

8/8/11 7:05:06.173 PM racoon: IKE Packet: transmit success. (Information message).

8/8/11 7:05:06.174 PM racoon: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).

8/8/11 7:05:06.207 PM racoon: IKE Packet: transmit success. (Information message).

8/8/11 7:05:06.207 PM racoon: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).


And what's very very interesting is that my password can be either correct or incorrect for the same result. That seems interesting. Just thought I'd share that.

Aug 9, 2011 9:28 PM in response to bwarncke

You're not alone and it's not only affected the VPN but the AFP, as well. Just played "Stump the Apple Support Techi" today! Found out I can't link (access) my 2010 MacBook Air (Lion) or my 2010 MacBook Pro (Lion) from my `08 MacBook Pro (Snow Leopard OSX 10.6.8). Before installing Lion on these, I used to be able to access screen, share music libraries and have access to their HDs! Now nada! Did a Data Capture and Apple now has my Sys configs, network settings, Hardware info, etc to attempt to sort out the issue. Guess we're all in the same boat.Supposed to get a call-back in the next day or so ...

Aug 16, 2011 3:15 PM in response to bwarncke

I too was in hopes a 10.7.1 update would fix the problem.


Here's what I have found out today.


I have 4 VPN servers all 10.6.x servers (3 Xserves and 1 Mini) (1 working is all up to date, the other is still on 10.6.7). I can successfully log into 2 of them and cannot log in to 2 of them. The server on the unsuccessful trys shows nothing in the VPN log. The local console shows me plenty. A successful log in looks like this.


8/16/11 4:19:02.507 PM racoon: IKE Packet: transmit success. (Initiator, Main-Mode message 5).

8/16/11 4:19:02.542 PM racoon: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6).

8/16/11 4:19:02.542 PM racoon: IKE Packet: receive success. (Initiator, Main-Mode message 6).

8/16/11 4:19:02.542 PM racoon: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode).

8/16/11 4:19:02.542 PM racoon: IPSec Phase1 established (Initiated by me).

8/16/11 4:19:03.088 PM racoon: IPSec Phase2 started (Initiated by peer).


an unsuccessful log in looks like this.


8/16/11 4:21:17.768 PM racoon: IKE Packet: transmit success. (Initiator, Main-Mode message 5).

8/16/11 4:21:20.538 PM racoon: Received retransmitted packet from 10.1.1.227[500].

8/16/11 4:21:20.538 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).

8/16/11 4:21:23.538 PM racoon: Received retransmitted packet from 10.1.1.227[500].

8/16/11 4:21:23.538 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).


This is not the whole conversation, simply where things go bad. Message 6 seems to be the AUTH Message that the server never receives. I have deleted and recreated the VPN setting for the ones that don't work. I have tried saving my password with the settings. I even tried typing the wrong password. I have also tried typing in a bogus Shared Secret on the Lion client side. I have a SL partition that I have set up the VPN and everything works fine to all four servers. Only Lion 10.7.1 and only to two of the four servers. I have tried replacing the Shared Secret with the same text on both sides (copy and paste). I have tried using Full Name and shortname. As I said it doesn't matter if the password OR shared secret are right or wrong the error "The L2TP Server is not responding..." comes back every time.

VPN with Lion not working?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.