You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Native iOS L2TP VPN not working on Lion Server

Hi Folks,


I have a very strange issue concerning making VPN work on two iOS devices I have. I have recently setup Lion Server on a MacMini here in the office with L2TP VPN using a shared secrert phrase and a password authentication.


I have Lion running on an a MacBook Air (which I setup VPN using the provisioning profile "VPN.mobileprovision") and Snow Leopard running on an iMac. (VPN was set up manually). Both systems have been tested to work both inside and outsideof my internal network as I have tested with an air card.


I also have an iPhone running 4.3.4/4.3.5 that I setup by emailing the provisioning profile and and iPad 1 running iOS 5 beta 4 setup with the vpn provisioning profile. Neither the iPad nor iPhone seem to work at all either internally nor externally. In fact I never see any activity in the vpnd.log when I attempt to connect to with these devices. All I get is the standard "The L2TP-VPN server did not respond. Try reconnecting. ..."


Based on my success with the OSX Clients both inside and outside my local network I feel it is safe to say that I do not think the issue resides on the Lion Server nor the network/firewall configuration. I am running a Time Capsule with FW 7.5.2/7.4.2. There was no change in behavior with either version of the Time capsule firmware for the clients whether they were OSX or iOS. I must be clearly missing something here and I don't know what. Any help any of you could provide would be greatly appreciated. Thanks!



Please see the below settings for my VPN Settings on the host and iOS client




root# serveradmin settings vpn

vpn:vpnHost = ""

vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"

vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1

vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128

vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"

vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"

vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"

vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"

vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"

vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"

vpn:Servers:com.apple.ppp.pptp:enabled = no

vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"

vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"

vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5

vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"

vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1

vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0

vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1

vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1

vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60

vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"

vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"

vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"

vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1

vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200

vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"

vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"

vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.224"

vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.254"

vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array

vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array

vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array

vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"

vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128

vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0

vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"

vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1

vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"

vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"

vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"

vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"

vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"

vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"

vpn:Servers:com.apple.ppp.l2tp:enabled = yes

vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"

vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"

vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5

vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1

vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"

vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"

vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1

vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0

vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1

vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60

vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1

vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"

vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"

vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"

vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200

vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"

vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""

vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"

vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"

vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""

vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"

vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>

vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"

vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.241"

vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.249"

vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array

vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array

vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array

vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"



User uploaded file


User uploaded file

iPhone 4, iOS 4.3.3, Lion Server VPN

Posted on Jul 26, 2011 6:12 AM

Reply
Question marked as Top-ranking reply

Posted on Jul 26, 2011 5:44 PM

Issue is resolved. I used the initial random generated shared secret that was generated by Lion Server. The shared secret has special characters. IOS did not like the special characters. See iPhone Console Log below:


Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)


Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: Reading configuration from "/etc/racoon/racoon.conf"


Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: /var/run/racoon/68.9.232.78.conf:6: "?gLA" syntax error


Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: fatal parse failure (1 errors)


That is why I never saw any attempt to connect. The actual process would bomb out before attempting to make a connection to the server.


The shared secret key was:


Y|WNwvM_O"?gLA$F@adT


Looks like it was the " or the ? symbols.


Once I changed the shared secret key the issue went away and the iPhone and iPad could connect to vpn without issue.


Figured I'd let you all know

8 replies
Question marked as Top-ranking reply

Jul 26, 2011 5:44 PM in response to rocstarr

Issue is resolved. I used the initial random generated shared secret that was generated by Lion Server. The shared secret has special characters. IOS did not like the special characters. See iPhone Console Log below:


Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)


Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: Reading configuration from "/etc/racoon/racoon.conf"


Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: /var/run/racoon/68.9.232.78.conf:6: "?gLA" syntax error


Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: fatal parse failure (1 errors)


That is why I never saw any attempt to connect. The actual process would bomb out before attempting to make a connection to the server.


The shared secret key was:


Y|WNwvM_O"?gLA$F@adT


Looks like it was the " or the ? symbols.


Once I changed the shared secret key the issue went away and the iPhone and iPad could connect to vpn without issue.


Figured I'd let you all know

Dec 18, 2011 10:10 AM in response to rocstarr

Your are a life saver. I never would have tried this and it worked. I have one associated issue. It works ONLY if my idevice is using WIFI. If I try to VPN over ATT 3G then I get: "VPN Connection The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verfiy your settings and contact your Administrator."


I tried to find another VPN client that would run on an iPhone and connect to Lion Server but could not come up with anything to try that.


Thoughts?

May 28, 2012 8:57 PM in response to rocstarr

Thanks for the catch. I have lost several hours on this tonight, and I am so glad you posted your solution.


For me, my auto-generated shared secret had a " in it and that was the issue. I substituted a different character for the " in the shared secret, restarted the VPN service, changed the shared secret for my devices in profile manager, let them sync, and all is well now.


Again, thanks so much for posting your result.

Native iOS L2TP VPN not working on Lion Server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.