I am having the same problem with VPN after upgrading from Snow Leopard server to Mountain Lion Server but I have no idea about certificates. I don't seem to have one for the VPN and following the steps above only brings up:
In both of these Access Control is already set to 'Allow all applications to access this item'.
I would be grateful for any guidance. Mountain Lion Server is definitely not a server for the rest of us!
I hope tat Apple would try to listen to its end clients and be honest with them. It is clear that OSX Mountain Lion's VPN built-in module IS NOT WORKING. To restore my VPN functionality, I had to do a fall back to OSX Lion. Note that for VPN I use only apple's built in Client, no other third party app what so ever. Apple's tech guy says on the phone, VPN is not supported by Apple!!! Hearing this, I chose to end the call. Briefly, any one that uses VPN L2TP over IPSEC should avoid UPGRADING TO MOUNTAIN LION.
As some mentioned prviously, with Mountain lion, racoon halts at the below and do not go into othentication phase.
PM racoon: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
Sure, Racoon go into retransmission cycle.
With OSX lion, all is working fine.
I upgraded to Mountain Lion in July 2012 and the built-in VPN client worked fine for a couple months. Then, suddenly in October or November 2012 (I don't remember which), it stopped working. I'm trying to use the built-in CISCO IPSec with a shared secret on Mountain Lion 10.8.2. I've deleted and added the VPN, double-checked the configurations, and followed a number of 'solutions' in this thread that did not help me.
Curiously, my partner's MacBook Pro also running Mountain Lion 10.8.2 has no problems using the same VPN configuration that fails on my MacBook Air. Does this make any sense? Is there some interaction of the MacBook Air hardware and a Mountain Lion software update that has 'broken' my built-in VPN client?
I'm desperate for a solution. Any ideas?
This is very odd indeed and just goes to show that there is something majorly wrong with the in-built VPN client. What we found worked in our company is actually installing the Cisco AnyConnect VPN Client but it's not as straightforward as one would think (as I have found out, nothing with Macs are...). This is what we had to do to get it to work:
Before you can install it, you have to modify the security permissions to allow the app to be installed.
I combined the steps from various emails below to document the full process.
1) System Preferences->Personal->Security & Privacy.
2) Launch the Security and Privacy applet.
3) Click on the General tab to highlight it.
4) Click on the lock icon to allow changes.
5) Under the heading "Allow applications downloaded from:" click on the "Anywhere" radio button.
Next, you will need to download and install the Cisco AnyConnect VPN Client.
6) Connect (browse) to https://220.127.116.11
7) Login using usual with whatever username and passwords/tokens or pins you use
8) Accept every popup, clicking yes. Ensure the browser is not blocking popups from the site.
9) It likely won't be able to install automatcially, so you will need to download the VPN install image: vpnsetup.dmg
10) Double click on vpnsetup.dmg which will create vpn-2.5.3046.
11) Double click on vpn-2.5.3046, where you'll see vpn.pkg.
12) Double click on vpn.pkg which will install the Cisco AnyConnect VPN Client.
13) Enter the following Server Address: 18.104.22.168
14) Login using usual username and password/tokens or pins you use
15) Verify connection to the network.
16) Disconnect and can change the Security & Privacy settings back to the previous state: "Allow applications downloaded from:" Mac App Store.
After this experience I really have to ask why do people pay 2-3 times as much for a mac vs a PC with/laptop with the same specs and then have to go through this pain staking process to get anything to work? Not to mention the limitations that Apple puts on it's users which virtually forces people to buy only Apple products...
(sorry Mac users don't get angry, but I really don't get it...)
I discovered the following when experimenting with this. There are two modes when connecting with IPSec, "Main mode" and "Agressive mode". Most L2TP/IPSec servers will be set to only accept incoming requests for "Main mode" as this is the safer option.
In MacOSX Mountain Lion, it seems that Racoon (the built in VPN client) only makes a request to make a connection with "Agressive mode", which again the L2TP/IPSec server might not be set up to accept. The racoon config file on the mac is here, /etc/racoon/racoon.conf. In it you can see that racoon is configured to connect with Agrressive mode (a line saying "exchange_mode aggressive,main;" which means connect with aggresive mode first. But even changing the order of "aggressive" and "main" in this config file does not help.
Based on this, I think that something is wrong in the way racoon is set up in MaxOSX Mountain Lion, and someone should alert Apple to this. I would myself if I just knew how. This is really not good for Apple.
The only solution right now is to convince your system administator to change the setting on the L2TP/IPSec server to accept incoming connections in Agrresive mode. If they will agree to that.
Yeah, doesn't seem good that the built in VPN client (originally created by Cisco) appears to be broken;
In your workaround, most of the difficulty/complexity you describe has to do with allowing the MAC to use apps not in app store; a relativly new wrinkle due to risk of malware but of course, also "encourages" software developers to join the app store.
Funny I had an opposite complaint with MS/Win7:
I just got a new HP printer and set up my work PC (Win7) and two home MACs to use it.
On the first MAC, I skipped the CD/DVD supplied and just clicked on Printer preferences and clicked + to add a printer; the system said it had located software on apple.com and would I like to download it; I did and everything was set up perfectly in a few minutes.
On my PC, I tried adding a printer to "Devices" and Windows went to search for drivers / software; after several minutes, the computer informed me that Windows could not find software (surprise!!!--it almost never does and this printer model is over a year old); I put in the supplied CD/DVD and tried to let install complete- NO! I opened the CD and click on the HP installer which worked fine. Would be confusing to typical users, but a tech could figure out. (This could be have been caused by HP I suppose.)
On a second MAC, again added the printer and in a matter of seconds it was ready to go (faster than first one).
I guess point being thatin either environment there is good and bad software/ software that is easy to install and software that is confusing. The platform is only part of the issue; having a valid libray of plug & play drivers and other software is very important; also it irks me when the 7th version of an OS has such basic issues with plug & play. I would have the same complaint of OS X, but most of my experience is better with OS X (again depends on SW vendor).