Apple Event: May 7th at 7 am PT

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Lion Server VPN

After setting up lion server vpn i can not mae a connection. Here is my error log. any help is appreciated

2011-08-31 14:40:54 CDT Incoming call... Address given to client = 192.168.1.240

Wed Aug 31 14:40:54 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:40:54 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:40:54 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:40:54 2011 : L2TP received SCCRQ

Wed Aug 31 14:40:54 2011 : L2TP sent SCCRP

2011-08-31 14:40:55 CDT Incoming call... Address given to client = 192.168.1.241

Wed Aug 31 14:40:55 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:40:55 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:40:55 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:40:55 2011 : L2TP received SCCRQ

Wed Aug 31 14:40:55 2011 : L2TP sent SCCRP

2011-08-31 14:40:57 CDT Incoming call... Address given to client = 192.168.1.242

Wed Aug 31 14:40:57 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:40:57 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:40:57 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:40:57 2011 : L2TP received SCCRQ

Wed Aug 31 14:40:57 2011 : L2TP sent SCCRP

2011-08-31 14:41:01 CDT Incoming call... Address given to client = 192.168.1.243

Wed Aug 31 14:41:01 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:41:01 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:41:01 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:41:01 2011 : L2TP received SCCRQ

Wed Aug 31 14:41:01 2011 : L2TP sent SCCRP

2011-08-31 14:41:05 CDT Incoming call... Address given to client = 192.168.1.244

Wed Aug 31 14:41:05 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:41:05 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:41:05 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:41:05 2011 : L2TP received SCCRQ

Wed Aug 31 14:41:05 2011 : L2TP sent SCCRP

2011-08-31 14:41:09 CDT Incoming call... Address given to client = 192.168.1.245

Wed Aug 31 14:41:09 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:41:09 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:41:09 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:41:09 2011 : L2TP received SCCRQ

Wed Aug 31 14:41:09 2011 : L2TP sent SCCRP

2011-08-31 14:41:13 CDT Incoming call... Address given to client = 192.168.1.246

Wed Aug 31 14:41:13 2011 : Directory Services Authentication plugin initialized

Wed Aug 31 14:41:13 2011 : Directory Services Authorization plugin initialized

Wed Aug 31 14:41:13 2011 : L2TP incoming call in progress from '199.184.205.109'...

Wed Aug 31 14:41:13 2011 : L2TP received SCCRQ

Wed Aug 31 14:41:13 2011 : L2TP sent SCCRP

2011-08-31 14:41:14 CDT --> Client with address = 192.168.1.240 has hungup

2011-08-31 14:41:15 CDT --> Client with address = 192.168.1.241 has hungup

2011-08-31 14:41:17 CDT --> Client with address = 192.168.1.242 has hungup

2011-08-31 14:41:21 CDT --> Client with address = 192.168.1.243 has hungup

2011-08-31 14:41:25 CDT --> Client with address = 192.168.1.244 has hungup

2011-08-31 14:41:29 CDT --> Client with address = 192.168.1.245 has hungup

Posted on Aug 31, 2011 12:42 PM

23 replies

Sep 12, 2011 10:16 AM in response to LinkNS

yeah tried all that and no go. Now i did some manual edits to the vpn configuration so i might have messed it up.

collinssolutions.local

ns1.collinssolutions.local 192.168.1.96

LinkNS

Level 1

0 points

Sep 12, 2011 4:09 PM in response to collinssolutions

Hmm. I would delete the zone and start from scratch. Don't forget to restart your DNS and VPN services.

edljedi

Level 1

0 points

Sep 12, 2011 5:27 PM in response to LinkNS

Hrm. For me I had imported my settings from my 10.4 Server disk. Perhaps there was some residual junk causing issues but I would hope that the importer would have brought everything in ok. Does anyone know of a tool that would validate the DNS settings and potentially catch issues with DNS that could cause VPN issues/

SvenWHD

Level 1

0 points

Sep 18, 2011 1:42 PM in response to collinssolutions

I have no idea if this might be the same problem on 10.7, but anyway:

I had the same problem in 10.6 Server and I solved it by switching IP addresses between the real interface and the virtual/alias interface I created specifically for the VPN. When trying to connect to the IP of the real interface, everything worked without a problem.

Sep 19, 2011 12:07 PM in response to LinkNS

Hi I am new to setting up servers and only do it for fun with alot of trial and error. Can you tell me if it is necessary to setup the DNS server under services in order to use the VPN function?

MAkahane

Level 1

25 points

Sep 19, 2011 1:34 PM in response to egbertfromkingston

egbert, simply you should is an easy answer.

First of all, read Hoffman, on DNS server setup:

http://labs.hoffmanlabs.com/node/1436

Then view some Lynda video, google "lynda mac os x dns"

Simplify things as much as possible to test the functionality.

Briefly:

Server DNS

yourzone.com

vpn A local IP of VPN server (ie whatever internal IP xxx.xxx.xxx.xxx)

(other stuff, etc.) For example, if your server's name is server.yourzone.com you should have the same here:

server A local IP of server

Domain (provider?) DNS

yourzone.com

vpn A public static IP to your server

In this, you should be able to use the same server name vpn.yourzone.com in the VPN client to reach the same place, internally and externally. Your DNS will let your client know the easiest direction to go.

Additionally, your firewall/router/gateway should have passthrough or the necessary ports NATing to the server for outside connections. Hopefully internal IP is also static (just in case the server fails to maintain it as well, which it should). Your VPN is either doing PPTP or L2TP/IPSec. The range of IP is really not that important (as long as it is free). The VPN service is reliant on the directory services (user management) to have some understanding of the username/password it will be given by your client to server. This can be OD or a standalone, but this needs to be there. If there are issues (some accounts are okay, some are not) please look at the logs for VPN and the OD logs for clues. Many typical problems have been well documented from previous versions.

Mark23

Level 4

994 points

Mar 12, 2012 6:12 AM in response to collinssolutions

To get VPN working on Lion Server, please follow this guide:

http://macminicolo.net/lionservervpn

LLange

Level 1

4 points

Jun 12, 2012 4:05 AM in response to edljedi

Using existing Open Directory instances

Open Directory instances created prior to Lion Server v10.7.3 will need their password policy modified to allow PPTP connections. Use the following command:

pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"

Replace "(vpn_idname)" with the short name of the VPN key agent user, found in Server.app or WorkGroup Manager. Choose View > Show System Accounts/Records to make that record visible.
Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" is the default name the system uses.

http://support.apple.com/kb/HT4748

Lion Server VPN