Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: 1applePhreak
1applePhreak Author
User level: Level 1
0 points

Issues with l2tp VPN

Tl;Dr Verizon fios router --> apple airport extreme --> Lion server. port 22 & 1701 forwarded correctly SSH works but VPN does not. VPN works locally.


Trying to set up a VPN from my mac server. In the past I had everything set up properly and it worked fine, however after we moved I have had some trouble with the setup. We changed to Verizon FiOS and had to use their router in conjunction with our own Airport Extreme. I have forwarded port 22 through the FiOS router to the Airport Extreme and then to the server, SSH works fine. After setting up the VPN and testing it locally I forwarded port 500,1701,4500 on both, but the VPN will not work externally.


Here is a summery:

Lion Server

Ports 22,500,1701,4500 all forwarded through routers

SSH works

VPN does not


syslog:

configd[54]: SCNC: start, triggered by System Preferen, type L2TP, status 0

pppd[49277]: pppd 2.4.2 (Apple version 596.13) started by [Redacted], uid 501

pppd[49277]: L2TP connecting to server '[Redacted]' ([Redacted])...

pppd[49277]: IPSec connection started

racoon[414]: Connecting.

racoon[414]: IPSec Phase1 started (Initiated by me).

racoon[414]: IKE Packet: transmit success. (Initiator, Main-Mode message 1)

racoon[414]: IKE Packet: transmit success. (Phase1 Retransmit).

--- last message repeated 2 times ---

pppd[49277]: IPSec connection failed

racoon[414]: IPSec disconnecting from server [Redacted]


What can I do to get this working properly again?

iMac, OS X Server

Posted on Jul 21, 2013 2:25 PM

Reply
3 replies
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,679 points

Jul 22, 2013 2:06 AM in response to 1applePhreak

It sounds like you have a double NAT configuration now, whereas previously you may have had a single NAT configuration. Any NAT is likely to make running a VPN server more complicated, double NAT doubly so 🙂


What type of VPN device are you using? If it is Windows then as standard the Windows VPN client is particularly less happy with VPN via NAT. See http://support.apple.com/kb/HT5078


I would first look at your network setup and see if you can get rid of one layer of NAT. Either by making the Verizon router only act as a bridge, or leave the Verizon router as the router and make the AirPort Extreme only act as a bridge.

Reply
User profile for user: John Lockwood
John Lockwood
User level: Level 6
13,679 points

Jul 22, 2013 9:04 AM in response to 1applePhreak

Something I keep forgetting, is that if your using 'Back to my Mac' then this will use the same ports as the VPN server and might prevent the VPN server working properly.


Note: The AirPort Extreme itself can also run 'Back to my Mac' so check its settings as well.


See http://support.apple.com/kb/ht3944


It would be worth testing with manually configured settings on a (remote) Mac, don't try everything at once, if you do manual settings to start with you avoid the possibility of the MobileConfig being incorrect.


Ideally think about removing the Double NAT setup, I agree it sounds like you have set port forwarding up correctly but double NAT is generally un-necessary and more trouble than its worth.

Reply

Issues with l2tp VPN

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up