Previous 1 2 Next 23 Replies Latest reply: Jan 21, 2015 7:12 AM by Theviet Go to original post
  • papoosefr Level 1 Level 1 (10 points)

    As a sidenote, after much suffering, I set up a vpn server on an old G4 running leopard. It was easy enough setting it up and getting Macs (Lion) and iOS devices to connect using L2TP but when I tried over Windows 7 I ran into a wall! I finally resorted to your solution, though far from elegant, it did the job!

     

    Thanks

  • andersborg Level 1 Level 1 (0 points)

    Please provide contents for .reg files for XP, Vista and 7, so we don't have to guess and cross reference and hence likely make mistakes.

     

    I noticed that even though I made the changes via the Control Panel, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel didn't get set. I found this value (completely) elsewhere, so the above setting is wrong as far as I can see.

     

    Cheers,

    Anders

  • Scott Lopatin Level 1 Level 1 (25 points)


    heatsea wrote:

     

    beetlejelly,

     

    with your home edition, change registry below.

     

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

    ->0x00000000

     

    HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec

    0x20000000->0x00000000

     

    I made these changes as well as the changes from:

     

    http://support.apple.com/kb/HT5078

     

    On Windows 7 Home Premium. All other settings I believe are correct, but server logs show:

     

    Jan  7 14:55:04 loftbox pppd[1351]: L2TP incoming call in progress from '10.1.10.170'...

    Jan  7 14:55:06 loftbox racoon[151]: IKE Packet: transmit success. (Phase1 Retransmit).

    Jan  7 14:55:13: --- last message repeated 1 time ---

    Jan  7 14:55:13 loftbox vpnd[88]:    --> Client with address = 192.168.2.130 has hungup

    Jan  7 14:55:13 loftbox com.apple.ppp.l2tp[88]: 2012-01-07 14:55:13 PST             --> Client with address = 192.168.2.130 has hungup

    Jan  7 14:55:15 loftbox racoon[151]: IKE Packet: receive success. (Information message).

    Jan  7 14:55:21: --- last message repeated 1 time ---

    Jan  7 14:55:21 loftbox racoon[151]: IKE Packet: transmit success. (Phase1 Retransmit).

     

    And the connection drops.

     

    Has anyone successfully connected VPN from Windows 7 Home Premium to Lion Server?

  • joguic Level 1 Level 1 (0 points)

    I just connect my W7 home basic following all your advices, but changing just one thing

     

    You post this:

    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

    ->0x00000000"

     

    I changed to:

    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel

    ->0x00000001"

     

    Change Lm = LM and the 0 = 1 based on this post


    0 = Send LM & NTLM responses

    1 = Use NTLMv2 responses if negotiated

    2 = Send NTLM response only

    3 = Send NTLMv2 response only

    4 = Send NTLMv2 response only. Refuse LM

    5 = Send NTLMv2 response only. Refuse LM & NTLM

    http://www.sevenforums.com/network-sharing/202099-secpol-msc-network-security-wo rkaround.html

     

    Thanks

  • Octagon2012 Level 1 Level 1 (0 points)

    I want to thank you for the detailed instructions.  It helped me set up a Windows 7 to OS X Lion VPN successfully!

    Unfortunately, the Windows 7 is unable to connect to any Lion SMB shared folder after establishing the VPN.  I wonder if anyone has successfully done SMB in VPN from Windows 7 to OS X Lion?

  • beejster Level 1 Level 1 (0 points)

    You may have to connect your Win7 laptop locally on the LAN, Map the SMB network drives and then use those mapped drives after the VPN connection over the WAN is established. This worked for me.

  • Jay Imerman Level 1 Level 1 (0 points)

    Darn, I've done it all, still doesn't connect!  Windows 7 Professional, Lion Server 10.7.5 (all latest, including 10.7.5 supplemental).  Mac clients connect just great!  FYI the Lion server is behind 2 firewalls, so the Internet one forwards to the internal one, that forwards to the DMZ.  VNC works, Mac clients work, but not Windows client.

     

    Here's what I did:

     

    1.  Change CurrentControlSet\Control\Lsa\LmCompatibilityLevel = 1 (also with local security policy administrator)

    2.  Change AssumeUDPEncapsulationContextOnSendRule = 2

    3.  Forward firewall ports 50-51 UDP (these were not listed on other sites as L2TP or PPTP ports)

    4.  Reboot

    5.  Create VPN settings as indicated above for L2TP - still error 789.  I also tried PPTP, which should be much simpler, still no connection.

     

    What am I missing?  I don't know.

     

    Here's the Windows log tail from the error reporting, I found 2 sections that may be relevant, but they don't tell me much - DisconnectReason = 2, maybe that's error 719?:

     

    [9708] 10-11 14:13:02:116: PortOpen: VPN0-1

    [9708] 10-11 14:13:02:117: Opening line in monitor mode

    [9708] 10-11 14:13:02:117: PortOpen: successfully opened VPN0-1

    [9708] 10-11 14:13:02:118: 

    [9168] 10-11 14:13:04:437: DeviceConnect: DevSpecificInfo of 96 bytes available. Allocating new memory...

    [9168] 10-11 14:13:04:437: DeviceConnect: calling lineMakeCall with size 96 and offset 193

    [9168] 10-11 14:13:04:437: DeviceConnect: calling lineMakeCall for VPN0-1, address=[--deleted--]

    [9168] 10-11 14:13:04:438: DeviceConnect: Changing state for VPN0-1 from 1 -> 4

    [8492] 10-11 14:13:04:438: RasTapicallback: msg=12 , param1=65601l , param2=0l

    [8492] 10-11 14:13:04:438: LINE_REPLY. param1=0x10041

    [8492] 10-11 14:13:04:438: RasTapicallback: msg=2 , param1=512l , param2=0l

    [8492] 10-11 14:13:04:438: RasTapicallback: linecallstate=0x200

    [8492] 10-11 14:13:25:449: RasTapicallback: msg=2 , param1=16384l , param2=2147952451l

    [8492] 10-11 14:13:25:449: RasTapicallback: linecallstate=0x4000

    [8492] 10-11 14:13:25:449: RasTapiCallback: LINECALLSTATE_DISCONNECTED for port VPN0-1. AsyncErr = -2147014845, param2=0x80072743

    [7724] 10-11 14:13:25:449: DeviceWork: VPN0-1. State = 4

    [8492] 10-11 14:13:25:449: RasTapicallback: msg=2 , param1=1l , param2=0l

    [8492] 10-11 14:13:25:449: RasTapicallback: linecallstate=0x1

    [9708] 10-11 14:13:25:452: PortDisconnect: VPN0-1

    [9708] 10-11 14:13:25:452: InitiatePortDisconnection: VPN0-1

    [9708] 10-11 14:13:25:452: InitiatePortDisconnection: Changing state for VPN0-1 from 4 -> 5, id=0x10275

    [9708] 10-11 14:13:25:452: 

    [9708] 10-11 14:13:25:452: 

    [8492] 10-11 14:13:25:452: RasTapicallback: msg=12 , param1=66165l , param2=0l

    [8492] 10-11 14:13:25:452: LINE_REPLY. param1=0x10275

    [8492] 10-11 14:13:25:452: RasTapiCallback: lineDropped. port VPN0-1, id=0xffffffff

    [8492] 10-11 14:13:25:452: RasTapiCallback: Idle Received for port VPN0-1

    [8492] 10-11 14:13:25:452: RasTapiCallback: changing state of VPN0-1. 5 -> 1

    [8492] 10-11 14:13:25:452: RasTapiCallback: lineDeallocateCall for VPN0-1,hcall = 0x1001e

    [7724] 10-11 14:13:25:453: PortTestSignalState: DeviceState = 0

    [9708] 10-11 14:13:25:453: PortClose: VPN0-1

    [9708] 10-11 14:13:25:453: No more ports opened for dialout on this line

    [9708] 10-11 14:13:25:453: Closing line

    [9708] 10-11 14:13:25:454: PortClose: Changing state for  VPN0-1 from 1 -> 0

    [9708] 10-11 14:13:25:454: 

     

     

    [4828] 10-11 15:00:32:034: PortOpen: VPN3-1

    [4828] 10-11 15:00:32:034: Opening line in monitor mode

    [4828] 10-11 15:00:32:034: PortOpen: successfully opened VPN3-1

    [4828] 10-11 15:00:32:034: 

    [7232] 10-11 15:00:32:159: DeviceConnect: DevSpecificInfo of 16 bytes available. Allocating new memory...

    [7232] 10-11 15:00:32:159: DeviceConnect: calling lineMakeCall with size 16 and offset 193

    [7232] 10-11 15:00:32:159: DeviceConnect: calling lineMakeCall for VPN3-1, address=[--deleted--]

    [7232] 10-11 15:00:32:159: DeviceConnect: Changing state for VPN3-1 from 1 -> 4

    [8640] 10-11 15:00:32:174: RasTapicallback: msg=12 , param1=65785l , param2=0l

    [8640] 10-11 15:00:32:174: LINE_REPLY. param1=0x100f9

    [8640] 10-11 15:00:32:174: RasTapicallback: msg=2 , param1=512l , param2=0l

    [8640] 10-11 15:00:32:174: RasTapicallback: linecallstate=0x200

    [8640] 10-11 15:00:34:109: RasTapicallback: msg=2 , param1=256l , param2=0l

    [8640] 10-11 15:00:34:109: RasTapicallback: linecallstate=0x100

    [8640] 10-11 15:00:34:109: DwGetConnectInfo

    [8640] 10-11 15:00:34:109: DwGetIDInformation

    [8640] 10-11 15:00:34:109: DwGetIDInformation. 0

    [8640] 10-11 15:00:34:109: SizeRequired for CallID=0

    [8640] 10-11 15:00:34:109: CallIDSize=ConnectResponseSize=0

    [8640] 10-11 15:00:34:109: DwGetConnectInfo. 0x0

    [8640] 10-11 15:00:34:109: RasTapiCallback: DwGetConnectInforeturned 0x0

    [8640] 10-11 15:00:34:109: RasTapiCallback: Connected on VPN3-1

    [8640] 10-11 15:00:34:109: RasTapiCallback: Outgoing call

    [1336] 10-11 15:00:34:109: DeviceWork: VPN3-1. State = 4

    [1336] 10-11 15:00:34:109: DeviceWork: Changing state for VPN3-1 from 4 -> 3

    [4828] 10-11 15:00:34:124: PortConnect: VPN3-1

    [4828] 10-11 15:00:34:124: 

    [8640] 10-11 15:01:04:320: RasTapicallback: msg=2 , param1=16384l , param2=0l

    [8640] 10-11 15:01:04:320: RasTapicallback: linecallstate=0x4000

    [8640] 10-11 15:01:04:320: RasTapiCallback: lineGetCallStatus for VPN3-1 returned 0x4000

    [8640] 10-11 15:01:04:320: RasTapiCallback: DisconnectReason mapped to 2

    [8640] 10-11 15:01:04:320: RasTapiCallback: LINECALLSTATE - initiating Port Disconnect

    [8640] 10-11 15:01:04:320: InitiatePortDisconnection: VPN3-1

    [8640] 10-11 15:01:04:320: InitiatePortDisconnection: Changing state for VPN3-1 from 3 -> 5, id=0x102a5

    [8640] 10-11 15:01:04:320: 

    [8640] 10-11 15:01:04:320: RasTapicallback: msg=2 , param1=1l , param2=0l

    [8640] 10-11 15:01:04:320: RasTapicallback: linecallstate=0x1

    [8640] 10-11 15:01:04:320: RasTapicallback: msg=12 , param1=66213l , param2=0l

    [8640] 10-11 15:01:04:320: LINE_REPLY. param1=0x102a5

    [8640] 10-11 15:01:04:320: RasTapiCallback: lineDropped. port VPN3-1, id=0xffffffff

    [8640] 10-11 15:01:04:320: RasTapiCallback: Idle Received for port VPN3-1

    [8640] 10-11 15:01:04:320: RasTapiCallback: changing state of VPN3-1. 5 -> 1

    [8640] 10-11 15:01:04:320: RasTapiCallback: lineDeallocateCall for VPN3-1,hcall = 0x100d7

    [1336] 10-11 15:01:04:320: PortTestSignalState: DisconnectReason = 2

    [1336] 10-11 15:01:04:320: PortDisconnect: VPN3-1

    [1336] 10-11 15:01:04:320: 

  • SnakeDog Level 1 Level 1 (0 points)

    Is the solution really to change the registry of the windows computer? That seems excessive!

     

    There has got to be an easier way, what if I want to hook up a dozen windows computers? Updating each registry is not very eloquent.

     

    Should the router for the Mac server perhaps have NAT disabled? Will that solve the problem?

  • Theviet Level 1 Level 1 (0 points)

    Thanks beejster,

     

    This worked for me immediately.

    But due to the fact that I'm only working with L2TP protocol I don't need al those ports open on my router.

     

    These are the only ports that need to be open when you use L2TP.

     

    Ports:

     

    500   (UDP)

    1701 (UDP)

    4500 (UDP)

     

    With only those 3 ports open your network will be a little more secure.

     

    Once the connection made through VPN it's a little more difficult than with MAC OS X to get to share folders but it works.

     

    I open (windows) explorer. At the top of the screen where you see >computer>

    vpn 1.JPG

     

    you click on the bar on computer, erase everything and type the ip address of your server which is sharing in your network.

    This has to be the internal IP address.

     

    An example: My server has 192.168.15.108 as IP address.

    So in the bar I have to type

    \\192.168.15.108\

    VPN2.png

     

    Be sure to use the both backslashes in front of your IP address!

     

     

     

    In the case of VNC is again different.

    With Mac OS X you can start screen sharing app or you just open safari and type: vnc://192.168.15.108 and you can remote desktop to your MAC server without 3rd party software, which I find awesome.

     

    For VNC from Windows  you're obliged to use 3rd party software.

    I use Real VNC which works pretty good.

     

     

    Good luck to all you VPN'ers

Previous 1 2 Next