8 Replies Latest reply: Nov 4, 2014 6:45 PM by evan.j
rocstarr Level 1 Level 1 (0 points)

Hi Folks,

 

I have a very strange issue concerning making VPN work on two iOS devices I have. I have recently setup Lion Server on a MacMini here in the office with L2TP VPN using a shared secrert phrase and a password authentication.

 

I have Lion running on an a MacBook Air (which I setup VPN using the provisioning profile "VPN.mobileprovision") and Snow Leopard running on an iMac. (VPN was set up manually). Both systems have been tested to work both inside and outsideof my internal network as I have tested with an air card.

 

I also have an iPhone running 4.3.4/4.3.5 that I setup by emailing the provisioning profile and and iPad 1 running iOS 5 beta 4 setup with the vpn provisioning profile. Neither the iPad nor iPhone seem to work at all either internally nor externally. In fact I never see any activity in the vpnd.log when I attempt to connect to with these devices. All I get is the standard "The L2TP-VPN server did not respond. Try reconnecting. ..."

 

Based on my success with the OSX Clients both inside and outside my local network I feel it is safe to say that I do not think the issue resides on the Lion Server nor the network/firewall configuration. I am running a Time Capsule with FW 7.5.2/7.4.2. There was no change in behavior with either version of the Time capsule firmware for the clients whether they were OSX or iOS. I must be clearly missing something here and I don't know what. Any help any of you could provide would be greatly appreciated. Thanks!

 

 

Please see the below settings for my VPN Settings on the host and iOS client

 

 

 

root# serveradmin settings vpn

vpn:vpnHost = ""

vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"

vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1

vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128

vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"

vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"

vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"

vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"

vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"

vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"

vpn:Servers:com.apple.ppp.pptp:enabled = no

vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"

vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"

vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5

vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"

vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1

vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0

vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1

vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1

vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60

vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"

vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0

vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"

vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"

vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1

vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200

vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"

vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"

vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.224"

vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.254"

vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array

vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array

vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array

vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"

vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128

vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0

vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"

vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1

vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"

vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"

vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"

vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"

vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"

vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"

vpn:Servers:com.apple.ppp.l2tp:enabled = yes

vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"

vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"

vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5

vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1

vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"

vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"

vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1

vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0

vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1

vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60

vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1

vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"

vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"

vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"

vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200

vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"

vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""

vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"

vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"

vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""

vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"

vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>

vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"

vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.241"

vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.249"

vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array

vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array

vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array

vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"

 

 

photo1.PNG

 

photo.PNG


iPhone 4, iOS 4.3.3, Lion Server VPN
  • rocstarr Level 1 Level 1 (0 points)

    Issue is resolved. I used the initial random generated shared secret that was generated by Lion Server. The shared secret has special characters. IOS did not like the special characters. See iPhone Console Log below:

     

    Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)

     

    Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: Reading configuration from "/etc/racoon/racoon.conf"

     

    Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: /var/run/racoon/68.9.232.78.conf:6: "?gLA" syntax error

     

    Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: fatal parse failure (1 errors)

     

    That is why I never saw any attempt to connect. The actual process would bomb out before attempting to make a connection to the server.

     

    The shared secret key was:

     

    Y|WNwvM_O"?gLA$F@adT

     

    Looks like it was the " or the ? symbols.

     

    Once I changed the shared secret key the issue went away and the iPhone and iPad could connect to vpn without issue.

     

    Figured I'd let you all know

  • volman69 Level 1 Level 1 (0 points)

    Thanks! I've been trying to get my first VPN going with Lion Sever, and this was apparently the problem. I don't think the "doesn't recognize special characters" is confined to iOS devices b/c I was having the same problem on Snow Leopard and Lion MacBook client machines.

  • didca Level 1 Level 1 (0 points)

    Thanks a lot, I spent a full afternoon verifying that everything went through the router etc. and finally the issue was exactly what you describe. It worked as soon as I changed the private key !

     

    Thanks again.

  • AndreGB Level 1 Level 1 (5 points)

    Thank you for the tip! I was also having this exact same issue and this solved it.

  • michaelmcnally Level 1 Level 1 (0 points)

    Your are a life saver. I never would have tried this and it worked.  I have one associated issue.  It works ONLY if my idevice is using WIFI.  If I try to VPN over ATT 3G then I get: "VPN Connection  The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verfiy your settings and contact your Administrator."

     

    I tried to find another VPN client that would run on an iPhone and connect to Lion Server but could not come up with anything to try that.

     

    Thoughts?

  • sgirard Level 1 Level 1 (40 points)

    Thanks for the catch. I have lost several hours on this tonight, and I am so glad you posted your solution.

     

    For me, my auto-generated shared secret had a " in it and that was the issue. I substituted a different character for the " in the shared secret, restarted the VPN service, changed the shared secret for my devices in profile manager, let them sync, and all is well now.

     

    Again, thanks so much for posting your result.

  • Hunter Bridewell Level 2 Level 2 (265 points)

    Apparently the secret is also limited in length, I attempted to use a 64 character key without any special characters (thanks for the insight) and it would not connect. I reduced the secret to 16 characters and the connection worked.

  • evan.j Level 1 Level 1 (0 points)

    Thank you!  Apparently this issue still exists with suggested secrets in OS X Server 4 and IOS 8.1.  Spent quite a few hours today trying to troubleshoot this.

    Thanks again!