5 Replies Latest reply: Jan 30, 2014 12:34 PM by schwartzki
cellcore Level 1 Level 1 (40 points)

I have a 10.8.2 Mountain Lion Server running, and everything is working great. However when I went to enable the VPN only PPTP is working for the users. L2TP is enabled. I've changed the shared secret multiple times and nothing seems to work.

 

This is the log from L2TP connections:

 

1/8/13 11:46:33.594 AM racoon[167]: Connecting.

1/8/13 11:46:33.595 AM racoon[167]: IPSec Phase1 started (Initiated by peer).

1/8/13 11:46:33.597 AM racoon[167]: IKE Packet: receive success. (Responder, Main-Mode message 1).

1/8/13 11:46:33.597 AM racoon[167]: IKE Packet: transmit success. (Responder, Main-Mode message 2).

1/8/13 11:46:33.640 AM racoon[167]: IKE Packet: receive success. (Responder, Main-Mode message 3).

1/8/13 11:46:33.656 AM racoon[167]: IKE Packet: transmit success. (Responder, Main-Mode message 4).

1/8/13 11:46:33.692 AM racoon[167]: IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).

1/8/13 11:46:33.692 AM racoon[167]: IKE Packet: receive success. (Responder, Main-Mode message 5).

1/8/13 11:46:33.693 AM racoon[167]: IKEv1 Phase1 Responder: success. (Responder, Main-Mode).

1/8/13 11:46:33.693 AM racoon[167]: IKE Packet: transmit success. (Responder, Main-Mode message 6).

1/8/13 11:46:33.693 AM racoon[167]: IKE Packet: transmit success. (Information message).

1/8/13 11:46:33.693 AM racoon[167]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).

1/8/13 11:46:33.694 AM racoon[167]: IPSec Phase1 established (Initiated by peer).

1/8/13 11:46:34.613 AM racoon[167]: IPSec Phase2 started (Initiated by peer).

1/8/13 11:46:34.614 AM racoon[167]: IKE Packet: receive success. (Responder, Quick-Mode message 1).

1/8/13 11:46:34.614 AM racoon[167]: IKE Packet: transmit success. (Responder, Quick-Mode message 2).

1/8/13 11:46:34.618 AM racoon[167]: IKE Packet: receive success. (Responder, Quick-Mode message 3).

1/8/13 11:46:34.619 AM racoon[167]: IKEv1 Phase2 Responder: success. (Responder, Quick-Mode).

1/8/13 11:46:34.619 AM racoon[167]: IPSec Phase2 established (Initiated by peer).

1/8/13 11:46:54.803 AM racoon[167]: IKE Packet: receive success. (Information message).

1/8/13 11:46:54.804 AM racoon[167]: IKE Packet: receive success. (Information message).

 

 

And that's it, nothing happens, and the client trying to connect gets an error "The L2TP-VPN server did not respond..."

 

This is from the local network as well as the internet. Worked fine on the Lion Server I just replaced.

This 10.8.2 server is not an upgrade from the Lion server. Migration failed and this is a clean install of 10.8.2 server.

Any help or insight to this problem is appreciated.

 

Thanks,

Cellcore


OS X Server
  • varanusus Level 1 Level 1 (0 points)

    Hey Cellcore,

     

    I am by no means an expert in this stuff so take my reply with a grain of salt but I stumbled onto your post when I had the same issue. After a bunch of troubleshooting, I determined much to my chagrin, that the shared secret I was using on the client machine was different than that on the server . So, while perhaps not your issue given that you have changed it multiple times (I assume on both the server and client(s)), as soon as I corrected that, my connectivity issues disappeared.

     

    Hope this helps and good luck!

    Varanusus

  • cellcore Level 1 Level 1 (40 points)

    Thanks for the reply varanusus.

     

    Unfortunately that is not the problem. The log shows success on every line, when the passwords didn't match it shows failed.

     

    PPTP works fine, just L2TP says its connecting and about 30 seconds go by and then it says the server didn't respond. I'm not sure if it's a permissions problem or something. I have run repair permissions on and nothing changed.

     

    Cellcore

  • cellcore Level 1 Level 1 (40 points)

    Upon further investigation Mountain Lion Server does not have port 500 open, in fact it is actively blocking attempts to connect to port 500. Which is why local and internet L2TP connections would not connect.

     

    This is not a router problem.

     

    Anyone know why port 500 would be blocked by Mountain Lion Server when VPN is enabled?

  • Jeff Cyr Level 1 Level 1 (45 points)

    I've been having this problem as well. Tonight I tried various things but kept getting the following message in the server system log IKE Packet: receive failed. (Responder, Main-Mode Message 5).

    On a whim I changed the shared secret and that fixed it for me. I've got server 3.0.2 with the VPN update installed.

    Don't know if this will solve it for any of you but it is easy enough to at least give it a try.

  • schwartzki Level 1 Level 1 (20 points)

    After I installed the patch I was also unable to get the L2TP VPN working from outside the network. Followed your suggestion on changing the shared secret and now it works once again. Thanks!