aconfer

Q: VPN Problems in Lion Server

So my company just bought a new mac mini server. We are all iPhone and Mac based. Before even attempting to migrate over from our old snow leopard install, we wanted to test run Lion server. Fresh out of the box VPN does not work. We are on install 5 and have never gotten VPN to work reliably. I'm about to lose it. We've already decided to move over the exchange but I want to use Lion Server to run VPN, Time Machine, and some other internal software. I'm about ready to dump it all and use Linux or windows server. Does anyone have any idea why VPN would not work? Heres the VPN log file on the server side:

 

2011-09-04 20:23:58 EDT          Incoming call... Address given to client = 192.168.7.227

Sun Sep  4 20:23:58 2011 : Directory Services Authentication plugin initialized

Sun Sep  4 20:23:58 2011 : Directory Services Authorization plugin initialized

Sun Sep  4 20:23:58 2011 : L2TP incoming call in progress from '184.91.147.105'...

Sun Sep  4 20:23:58 2011 : L2TP received SCCRQ

Sun Sep  4 20:23:58 2011 : L2TP sent SCCRP

Sun Sep  4 20:23:58 2011 : L2TP received SCCCN

Sun Sep  4 20:23:58 2011 : L2TP received ICRQ

Sun Sep  4 20:23:58 2011 : L2TP sent ICRP

Sun Sep  4 20:23:58 2011 : L2TP received ICCN

Sun Sep  4 20:23:58 2011 : L2TP connection established.

Sun Sep  4 20:23:58 2011 : using link 0

Sun Sep  4 20:23:58 2011 : Using interface ppp0

Sun Sep  4 20:23:58 2011 : Connect: ppp0 <--> socket[34:18]

Sun Sep  4 20:23:58 2011 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x40c7b27> <pcomp> <accomp>]

Sun Sep  4 20:23:58 2011 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x26eea0a0> <pcomp> <accomp>]

Sun Sep  4 20:23:58 2011 : lcp_reqci: returning CONFACK.

Sun Sep  4 20:23:58 2011 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x26eea0a0> <pcomp> <accomp>]

Sun Sep  4 20:23:58 2011 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x40c7b27> <pcomp> <accomp>]

Sun Sep  4 20:23:58 2011 : sent [LCP EchoReq id=0x0 magic=0x40c7b27]

Sun Sep  4 20:23:58 2011 : sent [CHAP Challenge id=0x49 <2234681a7445094642275978305f6157>, name = "connect.4rsmokehouse.com"]

Sun Sep  4 20:23:58 2011 : rcvd [LCP EchoReq id=0x0 magic=0x26eea0a0]

Sun Sep  4 20:23:58 2011 : sent [LCP EchoRep id=0x0 magic=0x40c7b27]

Sun Sep  4 20:23:58 2011 : rcvd [LCP EchoRep id=0x0 magic=0x26eea0a0]

Sun Sep  4 20:23:58 2011 : rcvd [CHAP Response id=0x49 <ca8af909e1bf23ca756066d586d4cdfa0000000000000000e43bfd3dd22511b6a20072b3dfb070 d2cd69124e4fec073a00>, name = "Tech Admin"]

Sun Sep  4 20:23:58 2011 : sent [CHAP Failure id=0x49 ""]

Sun Sep  4 20:23:58 2011 : CHAP peer authentication failed for Tech Admin

Sun Sep  4 20:23:58 2011 : sent [LCP TermReq id=0x2 "Authentication failed"]

Sun Sep  4 20:23:58 2011 : Connection terminated.

Sun Sep  4 20:23:58 2011 : L2TP disconnecting...

Sun Sep  4 20:23:58 2011 : L2TP sent CDN

Sun Sep  4 20:23:58 2011 : L2TP sent StopCCN

Sun Sep  4 20:23:58 2011 : L2TP disconnected

2011-09-04 20:23:58 EDT             --> Client with address = 192.168.7.227 has hungup

 

 

 

Thanks for any help! Don't let a Mac guy fall away!

Posted on Sep 4, 2011 5:33 PM

Close

Q: VPN Problems in Lion Server

  • All replies
  • Helpful answers

  • by ghosty87,

    ghosty87 ghosty87 Sep 26, 2011 5:31 PM in response to aconfer
    Level 1 (0 points)
    Sep 26, 2011 5:31 PM in response to aconfer

    I have a similar problem. I have a Mac mini server running Lion server OS running a L2TP VPN server. I use a No-IP DUC for a Dynamic IP address so I can access the VPN outside my home wifi since i dont have a static ip. I got the thing working randomly after sliding the on/off bar like 50x, opening ports, and some other things. My main problem is after I reboot the Mini server its almsot impossible to get the VPN to turn on again. After an hour turning it on and off, it randomly will work! I am not a mac head so I do not know how to view a VPN log file for my mini. I am using the built in L2TP VPN service on the Mac mini server. Strangely I have gotten the VPN on a few times and able to connect and then it will continue to work if left on for as long as the connection/power is on the mini.On my windows 7 PC, PPTP works no problem on wifi, 3g, and wifi in other countries with no problems.  If anyone can figure out how to get the Mac Mini server running Lion OS L2TP VPN server service to start up stable let me know.

     

     

    Not sure any of my info will help you but maybe you can use it to figure your problem out Aconfer.

  • by Stress Test,

    Stress Test Stress Test Sep 27, 2011 4:40 AM in response to ghosty87
    Level 4 (1,265 points)
    Sep 27, 2011 4:40 AM in response to ghosty87

    Sun Sep  4 20:23:58 2011 : rcvd [CHAP Response id=0x49 <ca8af909e1bf23ca756066d586d4cdfa0000000000000000e43bfd3dd22511b6a20072b3dfb070 d2cd69124e4fec073a00>, name = "Tech Admin"]

    Sun Sep  4 20:23:58 2011 : sent [CHAP Failure id=0x49 ""]

    Sun Sep  4 20:23:58 2011 : CHAP peer authentication failed for Tech Admin

    Sun Sep  4 20:23:58 2011 : sent [LCP TermReq id=0x2 "Authentication failed"]

     

    Looks like the user authentication failed!

     

    Have a look at the Workgroup Manager: Is there really a user "Tech Admin"? Have you tried connection with the shortname (with any spaces) are you sure the password for Tech Admin is inserted correctly in the device which wants to connect? Could you connect locally with that username and password to the server?

  • by gumsie,

    gumsie gumsie Dec 11, 2011 6:42 AM in response to Stress Test
    Level 4 (2,174 points)
    Dec 11, 2011 6:42 AM in response to Stress Test

    Stress Test wrote:

     

    Sun Sep  4 20:23:58 2011 : rcvd [CHAP Response id=0x49 <ca8af909e1bf23ca756066d586d4cdfa0000000000000000e43bfd3dd22511b6a20072b3dfb070 d2cd69124e4fec073a00>, name = "Tech Admin"]

    Sun Sep  4 20:23:58 2011 : sent [CHAP Failure id=0x49 ""]

    Sun Sep  4 20:23:58 2011 : CHAP peer authentication failed for Tech Admin

    Sun Sep  4 20:23:58 2011 : sent [LCP TermReq id=0x2 "Authentication failed"]

     

    Looks like the user authentication failed!

     

    Have a look at the Workgroup Manager: Is there really a user "Tech Admin"? Have you tried connection with the shortname (with any spaces) are you sure the password for Tech Admin is inserted correctly in the device which wants to connect? Could you connect locally with that username and password to the server?

    Wow, as a novice to administering a server I was just about ready to throw this software in the bin! That short name, (without spaces), is the only thing that worked for me. Is now pretty reliable from both inside and outside my local network.

    Having said that there is still one step I need to beat. I can't access internet pages through the VPN. Also does anybody know why I get the exclamation mark as per the below, (seems to happen regardless of the IP range I choose)?

    Screen Shot 2011-12-11 at 13.55.21.png

     

    THANKYOU!

     

    Only problems now are, Profile Manager - Error reading settings and Wiki - Error reading settings!

    Seems to be quite common, and linked perhaps.

  • by Stress Test,

    Stress Test Stress Test Dec 13, 2011 12:30 AM in response to gumsie
    Level 4 (1,265 points)
    Dec 13, 2011 12:30 AM in response to gumsie

    The exclamation mark looks like something is wrong with the range of ip adresses.

     

    Which IP address, Subnet and Router address does the server has? Is DHCP configured on the server? Which range?

  • by gumsie,

    gumsie gumsie Dec 13, 2011 12:54 AM in response to Stress Test
    Level 4 (2,174 points)
    Dec 13, 2011 12:54 AM in response to Stress Test

    Hey Stress Test, thanks for coming back to me.

    Right a little about my network set up;

    Internet>Netgear Modem/Router>Time Capsule>Mac Pro + Mac Mini + Etc + Etc.

     

    The Netgear box is set up as the NAT enabled DHCP server using Open DNS info, the IP addresses, (static), and everything else. My DHCP range is 192.168.0.2-254, so I'm prety sure it's not a conflict there.

    Subnet is 255.255.255.0

     

    Changed it to a few things but still get the warning.

     

    One positive so far though. I had a problem whilst messing arond with PostGresql so decided to reinstall the system as it was easier than troubleshooting. Profile Manager and Wiki now work.

     

    Had a closer look, the server has 127.0.01 as the DNS address.

  • by gumsie,

    gumsie gumsie Dec 18, 2011 3:18 AM in response to gumsie
    Level 4 (2,174 points)
    Dec 18, 2011 3:18 AM in response to gumsie

    Just as an update, I have now reinstalled Lion Server and the VPN works flawlessly, there are none of the exclamation marks over IP addresses as before and I can connect to the internet through my Mac. (I found a tip from Intelligencer in his post here).

  • by DG4444,

    DG4444 DG4444 Jan 27, 2012 2:05 PM in response to ghosty87
    Level 1 (5 points)
    Jan 27, 2012 2:05 PM in response to ghosty87

    Hi ghosty87,

     

    Re:"If anyone can figure out how to get the Mac Mini server running Lion OS L2TP VPN server service to start up stable let me know."

     

    I have the same problem. Did you ever find a solution for this problem?

  • by John-NJ,

    John-NJ John-NJ Mar 8, 2012 12:53 PM in response to aconfer
    Level 1 (0 points)
    Mar 8, 2012 12:53 PM in response to aconfer

    I was having a problem with Lion Server VPN not authenticating. Worked successfully initially, then just stopped. I was getting the message: the ppp server could not be authenticated.

     

    I found this post in an archived thread, tried it and it worked for me:

     

    You could try running this command [in Terminal] which rebuilds the authentication key that the VPN server uses.

     

    sudo vpnaddkeyagentuser /LDAPv3/127.0.0.1

     

    It will ask for the Directory admin username and password, so you just enter those and then users should be able to authenticate again.

     

     

    This worked like a charm and haven't had a problem since. Thanks to Stephen Moran1

  • by YUZA-Tom,

    YUZA-Tom YUZA-Tom Jun 20, 2013 9:04 AM in response to aconfer
    Level 1 (0 points)
    Jun 20, 2013 9:04 AM in response to aconfer

    I believe I have a fix for this issue — details here: https://discussions.apple.com/thread/5117337