2 Replies Latest reply: Dec 8, 2013 2:04 PM by ubanov
AlexS1974 Level 1 (0 points)

So, I decided to get Lion Server to run at home on my Mac Mini (used mostly as backup server and media server).  I was looking at options for setting up a VPN through other means, and realized with the price of Lion Server, it was a better option to go rather than the headaches.


However, I still had an issue.  As I saw with other people's posts, I could connect to the VPN successfully from within my network but not from outside.  Linksys router was configured correctly for ports 4500, 500, and 1701 UDP port forwarding.  After more banging my head against the wall and reading threads, I couldn't find out why it worked, bu many suggested there may be an issue with the Linksys firmware (of which I was on the latest).  So, I decided to install DD-WRT instead (which I wish I had dont LONG LONG ago now that I see it in action). 


The problem went away.... at first!   I was able to VPN into my network from outside with no issues.  But a little later, it stopped working.  I'd seen people mention this before. Back to My Mac sets up a UPnP port forward for 4500 and 5353.  But I had it disabled on all my Macs.  With DD-WRT, I was at least able to get more information about the UPnP status.  I confirmed that my Mac OS X Lion MacBook Pro was what was requesting port 4500 and 5353 udp via UPnP.


***???  Back to My Mac was disabled.  I verified this.  I turned of the "Find My Mac", just in case that was the issue.  Still didn't help.  Each time, I would manually remove the UPnP mappings from the router, and after a short time, they would come back.  So, I ran netstat on the Mac laptop to see that it was indeed an open udp port on my laptop.  I ran "lsof -Pi" to verify what process was actually associated to the port.  Port 4500 is tied to racoon (same thing that the VPN server on the Mac Mini uses, but I'm guessing regular OS X uses it for other things).  So, just to try and make sure...I manually killed (sudo kill PID) racoon.  I reset the router and test again... a short while later, AGAIN, UPnP shows a port map for 4500 and 5353 to my mac laptop.  ***?!?!  Port 4500 isn't even open on my Mac (I verified).


So, my question, how the heck do I keep whatever it is on my Mac laptop from screwing with my VPN setup?  I leave UPnP enabled because it's used for other things, and so I cannot disable that entirely.  But I couldn't find anyone pointing out that disabling Back to My Mac didn't result in not causing UPnP to map the port.






MacBook Pro (15-inch Late 2008), Mac OS X (10.7.3)
  • trocotronic Level 1 (0 points)

    Hi Alex,


    I have the same problem and it is very anoying. My NAT table is full of 4500 & 5353 UDP port entries. Did you ever solve it?



  • ubanov Level 1 (0 points)



    I had the same issue with this... I have at home 4 macs... and all of them use the same icloud account... all of them have the same back to home options and so on...


    What I have discovered it's that the first device that register in upnp router it's the "master", if this device it's conected and working, then I can connect to all my macs (when they are at home), but if this "master" it's not available, (and the upnp router has the redirected port already active), then I could not connect to any of my macs devices.


    At my home there is a server that it's allways on (a little mac mini near my tv), and the other three are laptops (that sometimes are conected, and sometimes no). Then I had a lot of problems... until...


    I configured in my router a static port forwarding rule for udp ports 4500&5353 to my server.


    Now all works ok for me


    I expect that this helps someone else




       Ubanov (http://ubanov.wordpress.com/)