Previous 1 2 3 4 5 Next 61 Replies Latest reply: Feb 13, 2014 4:07 PM by tqxw Go to original post
  • rkovelman Level 2 (320 points)

    I have a similar situation. PPTP issue specifically not L2TP, as that works.


    10.5.8 Server running VPN service, and have tried the same on 10.6 Server as well.


    10.7.4 Server running OD


    If I run the command sudo vpnaddkeyagentuser /LDAPv3/ , I am prompter for server password and OD password.  This is great BUT


    5/31/12 10:54:24 AM pppd[24271] DSAuth plugin: Error -25300 while retrieving key agent password from the system keychain.

    5/31/12 10:54:24 AM pppd[24271] DSAuth plugin: Could not retrieve key agent account information.


    What I then tried to do was take the VPN user in the OD and grab the login settings data from the keychain located under system on the 10.7 server.  On the 10.5 Server I created a new keychain with the same data and it still fails.  I was hoping since it was the only entry it would pick up on it and use it but it does not.


    Anyone have any other ideas??? 

  • windrago Level 1 (0 points)

    I have tried pretty much every suggestion and still not working. Anyone got any luck with this issue?

  • blk182n7 Level 1 (0 points)

    I have go VPN in 10.7.4 working for a while check out these instructions here


    just follow the directions exactaly and it works great. 

  • windrago Level 1 (0 points)

    Thanks, I saw that one. Unfortunately that tutorial requires to have dhcp, nat and everything else up.

    Which I don't want to do as I have already some of those service working and configured in alternative ways.

  • blk182n7 Level 1 (0 points)

    That may pose a huge issue for you then.  tyou may consider going back to 10.6.8 .  I wonder if the bata for 10.8 has VPN like 10.6.8,  somehow i doubt Apple would back track though.   you could also use a third party VPN client. 

  • rkovelman Level 2 (320 points)


    This is by far the worst implementation for a VPN service I have ever seen, especially in a medium to large business.  You can leave Enterprise out at this point.  I eventually purchased a MacMini runnig 10.7 and linked that to my OD Master as a replica.  Employees can now VPN with out an issue.  There is a cool tool I would HIGHLY suggest:



    You can create routing rules and so forth with ease!

  • windrago Level 1 (0 points)

    Could not agree more on that, by far a piece of junk assembled as art.

    Thanks for the tool, I will take a look

  • flowirin Level 1 (10 points)

    this may be off track for lots of you, but i was having issues connecting to a 10.6.8 served L2TP vpn with my recently upgraded 10.7 client.


    it turns out that the practice of leaving the password field blank in the client VPN setup (which we did for 10.6.8 security) fails on 10.7.


    pop the password into the authentication information during the VPN client setup and everything works fine.

  • rkovelman Level 2 (320 points)

    L2TP is not the issue with 10.6 and 10.7 Server.  PPTP is the issue as it needs to authenticate to the OD when the user logs in.  L2TP uses a shared password that you type in and then there is a user authentication portion.  I have not heard or personally had any issues with L2TP.  I actually do not implement that type of VPN but each IT admin is different.

  • bob hope Level 1 (110 points)

    I had the same problem.  3 out of 6 machines that we upgraded at the office worked, and 3 didn't.  Tried a clean install and all sorts of other things.  It turned out there was some extra crud that IPSecuritas left on our machines from back in the day that conflicts with how the Lion VPN works.


    Here are the steps that fixed it for me.... hopefully it helps someone else:

    1. Download the latest IPSecuritas from here:
    2. Run the uninstaller
    3. Uncheck "Keep Connection Configurations"
    4. Click "uninstall"
    EXPECT: you should be good to go!


  • ecnav Level 1 (0 points)

    Apple has misrepresented the specifications for the APE, taking advantage of the enthusiastic and trusting consumer. VPN, even passthrough, is a nightmare. Buyer beware. Find a different AP router besides the APE.

  • kremik Level 1 (0 points)

    Finally this solved my problem with IPSec VPN:

  • FlatLander Marc Level 1 (0 points)

    Yes, it did help someone else.  A very frustrated someone else.  I had tried the uninstall, and it wouldn't work.  Unchecking the "do not remove the Configuration Files" did the trick.  Thanks!

  • Thomas Streng Level 1 (0 points)


    it works perfekt for me.

    all my vpn connections are working again now after the update to 10.8.1.

    thanks a lot!


  • Jay Imerman Level 1 (0 points)

    Brilliant!  My secret was 18 characters (for L2TP), and I shortened it to 10, and it worked great.  Throwing me for a loop until I came across this thread.


    I wish the OS X Server app would set a limit on secret length, or at least error if it is too long.