VPN not working after upgrading to Mavericks

The VPN update works ... except if you run a pf firewall. I can't turn off the firewall just to get VPN through.

Here are the pf.conf rules I'm using, at the top of the pf.conf file. These break OS X Server's L2TP, but I don't see why.

vpn_udp_services = "{ 500, 1701, 4500 }"

vpn_tcp_services = "{ 1723 }" # PPTP port, which should be disabled

pass log quick proto udp from any to any port $vpn_udp_services

pass log quick proto tcp from any to any port $vpn_tcp_services

I see the incoming connects with tcpdump, so this should work, but does not. VPN doesn't connect through the server's pf firewall.

$ sudo ifconfig pflog0 create

$ sudo tcpdump -n -e -ttt -i pflog0

00:00:11.571839 rule 2/0(match): pass in on en0: 193.28.195.240.37857 > 10.0.1.3.500: isakmp: phase 1 I ident

00:00:01.279990 rule 4/0(match): pass in on en0: 193.208.95.240.49286 > 10.0.1.3.4500: NONESP-encap: isakmp: phase 1 I ident[E]

Does anyone have OS X Server's VPN service working with a pf firewall? What are your pf.conf rules?

It appears that OS X Server's VPN technology continues to be problematic compared to TLS-based VPN.

I have it running with IceFloor. Rules are a basic setup- only ports forwarded at the router are the ones for VPN and the only thing allowed into the server are the same ports. I can pull the actual rules later today if you want/it would be helpful.

Thanks -- I had a look at my test IceFloor setup and learned that my nat rules cause the problem, Changing the nat command to this directive allows both L2TP and OpenVPN connections:

int_if = "en0"

nat on $int_if inet from 10.8.0/24 to any -> ($int_if)

Is there an IOS equivalent?

FYI the new update seems to work only if Universal plug and play (UPNP) is disabled on your router.

Hello davedavedave.h,

Could you repost that mavericks-vpn-fix.tar,gz? I've been struggling with VPN issues since upgrading to 10.9, both the native VPN and the Cisco VPN client being broken on my macbook pro.

Hello I have answered to this problem here: https://discussions.apple.com/thread/5482110?answerId=24376499022#24376499022

I have Mavericks 10.9.1 installed and the issue is still not fixed for PPTP VPN type. The "fix" by Tsirakis does not work.

Hello, my solution works for sure for Cisco IPSEC VPN with OSX 10.9.1. In the configuration file I have used:

IKE Authmode psk

Just thought I'd put my two cents in. I've had this issue since first installing Mavericks and finally after trying a few of the fixes people have put forward in this thread, this is the one that finally worked for me:

Running in Terminal: sudo sysctl -w kern.ipc.maxsockbuf=6291456

Create the file /etc/ppp/options (it didn't exist on my disk) and enter this one line: refuse-chap

So the VPN works for me but I lose my connection very often. During the day I have to connect and disconnect like 10 times to get one connection that would last more than 10 minutes. I have used a fix where you go to Open Network Preferences, create a new location and clean all the connections like ethernet, firewire and etc, leaving only Wi-fi. It worked in the first moment and sometimes it works if I keep changing between automatic and a configured new location.

My problem is that it is still not perfect as it was before the update. I still 'get kicked' from internet access. Sometimes I even lose the connection once I disconnect from the VPN. Then I have to restart the PC. Please if anyone know if there's a fix for this kind of problem let me know.

Just to weigh-in, and I realize you are not having success, but we are running the vpn (in Mavericks clients and Mavericks server) for full business days (like 8-10 hours) without issue. Here and there something might happen, but it is likely from the internet provider on either end. It really has been pretty good for us since the fix came out.

Finally I found the solution to this problem. At leat it's a workaround that has proven to be working for my customers.

The problem :

Once the customer connects via Network Connect (SSL VPN), and launches a citrix session or a remote amin or a remote desktop session, he is disconnected after seconds or at most after 2 minutes.

Solution/Workaround: using the Junos Pulse version 4.0R6 has solved the problem for all customers with this problem.

N.B. Junos Pulse version 4.0R6 is downloadable from Juniper support download page - you have to have an account linked to ans SA series

I hope it does the same for you guys.

I have a huge problem with my 27" iMac and VPN, since Mavericks.

I always used it and it worked perfectly for years. Since Mavs, when I am connected to VPN, I will get a little snitch message come up asking if any one of many apple processes (icloud helper, assistand just examples). No matter what I click, allow or deny, the machine instantly crashes and power recycles. It comes up with the white screen "your computer restarted because of a problem" and then boots up.

It is losing me a lot of data each time, and is very worrying to see the machine just die in an heartbeat like that.

Anyone know if this is the same issue you are speaking about on this thread? I need a fix, basically VPN is off limits to me now as i can't risk data loss and corruptions. It happens every time i get the LS message pop up. any advice greatly appreciated.

can you guys give me some idea in what to do about this VPN trough PPTP ? it was not working on Mountain Lion, now on Mavericks same crap, no VPN i tried everything i could find and could think of, the last chance is to try and make a fresh install of OSX. here is my log

Wed Feb 26 00:32:56 2014 : publish_entry SCDSet() failed: Success!

Wed Feb 26 00:32:56 2014 : publish_entry SCDSet() failed: Success!

Wed Feb 26 00:32:56 2014 : PPTP connecting to server 'vmyserver.com' (ip adress)...

Wed Feb 26 00:32:56 2014 : PPTP connection established.

Wed Feb 26 00:32:56 2014 : PPTP set port-mapping for en1, interface: 5, protocol: 0, privatePort: 0

Wed Feb 26 00:32:56 2014 : using link 0

Wed Feb 26 00:32:56 2014 : Using interface ppp0

Wed Feb 26 00:32:56 2014 : Connect: ppp0 <--> socket[34:17]

Wed Feb 26 00:32:56 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x289ea2ec> <pcomp> <accomp>]

Wed Feb 26 00:32:57 2014 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x289ea2ec> <pcomp> <accomp>]

Wed Feb 26 00:32:59 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x289ea2ec> <pcomp> <accomp>]

Wed Feb 26 00:32:59 2014 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xeffd4177> <pcomp> <accomp>]

Wed Feb 26 00:32:59 2014 : lcp_reqci: returning CONFACK.

Wed Feb 26 00:32:59 2014 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xeffd4177> <pcomp> <accomp>]

Wed Feb 26 00:32:59 2014 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x289ea2ec> <pcomp> <accomp>]

Wed Feb 26 00:32:59 2014 : sent [LCP EchoReq id=0x0 magic=0x289ea2ec]

Wed Feb 26 00:32:59 2014 : rcvd [CHAP Challenge id=0x8c <e9c19740ed70264946884ef93ec3df35>, name = "pptpd"]

Wed Feb 26 00:32:59 2014 : sent [CHAP Response id=0x8c <2c1c49b3e9d190000000000000000961e5ed11130fec8e125cba9791916d144ed4a7f5925bc1f0 0>, name = "testtest0"]

Wed Feb 26 00:32:59 2014 : rcvd [LCP EchoRep id=0x0 magic=0xeffd4177]

Wed Feb 26 00:32:59 2014 : rcvd [CHAP Success id=0x8c "S=9C50F90715369F2F66B2127BD96266FA451C3E7B M=Access granted"]

Wed Feb 26 00:32:59 2014 : sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]

Wed Feb 26 00:32:59 2014 : rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]

Wed Feb 26 00:32:59 2014 : sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]

Wed Feb 26 00:33:00 2014 : rcvd [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>]

Wed Feb 26 00:33:00 2014 : sent [CCP ConfReq id=0x2 <mppe +H -M +S -L -D -C>]

Wed Feb 26 00:33:00 2014 : rcvd [CCP ConfAck id=0x2 <mppe +H -M +S -L -D -C>]

Wed Feb 26 00:33:00 2014 : MPPE 128-bit stateless compression enabled

Wed Feb 26 00:33:00 2014 : sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]

Wed Feb 26 00:33:00 2014 : sent [IPV6CP ConfReq id=0x1 <addr fxxxxxxxxxxxa:a492>]

Wed Feb 26 00:33:00 2014 : rcvd [IPCP ConfReq id=0x1 <addrxxxxxxxxx

Wed Feb 26 00:33:00 2014 : ipcp: returning Configure-ACK

Wed Feb 26 00:33:00 2014 : sent [IPCP ConfAck id=0x1 <addr xxxxxxxxx

Wed Feb 26 00:33:00 2014 : PPTP port-mapping for en1, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 0, Public Port: 0, TTL: 0.

Wed Feb 26 00:33:00 2014 : PPTP port-mapping for en1 inconsistent. is Connected: 1, Previous interface: 5, Current interface 0

Wed Feb 26 00:33:00 2014 : rcvd [IPCP ConfNak id=0x1 <addr xxxxx> <ms-dns1 8.xxx> <ms-dns3 8.xxxx>]

Wed Feb 26 00:33:00 2014 : sent [IPCP ConfReq id=0x2 <addr xxxxxx> <ms-dns1 xxxxx> <ms-dns3 xxxxx>]

Wed Feb 26 00:33:00 2014 : rcvd [LCP ProtRej id=0x2 80 57 01 01 0xxxxxxxxxxxxxxxx]

Wed Feb 26 00:33:00 2014 : rcvd [IPCP ConfAck id=0x2 <addr xxxxxxxx> <ms-dnsxxxxxxx8> <ms-dnsxxxxxx>]

Wed Feb 26 00:33:00 2014 : ipcp: up

Wed Feb 26 00:33:00 2014 : local IP address xxxxxxxx

Wed Feb 26 00:33:00 2014 : remote IP address xxxxxxx

Wed Feb 26 00:33:00 2014 : primary DNS address 8888

Wed Feb 26 00:33:00 2014 : secondary DNS address xxxxxs

Wed Feb 26 00:33:00 2014 : Received protocol dictionaries

Wed Feb 26 00:33:00 2014 : Committed PPP store

Wed Feb 26 00:33:00 2014 : pptp_wait_input: Address added. previous interface setting (name: en1, address: 192.168.43.107), current interface setting (name: ppp0, family: PPP, address: xxxxxxxx, subnet: 255.255.0.0, destination: 9xxxxxxxxx0).

Wed Feb 26 00:33:00 2014 : PPTP port-mapping update for en1 ignored: VPN is the Primary interface. Public Address: ac0d3df1, Protocol: None, Private Port: 0, Public Port: 0

Wed Feb 26 00:33:00 2014 : PPTP clearing port-mapping for en1

Wed Feb 26 00:33:58 2014 : [DISCONNECT]

Wed Feb 26 00:33:58 2014 : Hangup (SIGHUP)

Wed Feb 26 00:33:58 2014 : ipcp: down

Wed Feb 26 00:33:58 2014 : MPPE disabled

Wed Feb 26 00:33:58 2014 : sent [LCP TermReq id=0x2 "MPPE disabled"]

Wed Feb 26 00:33:58 2014 : Connection terminated.

Wed Feb 26 00:33:58 2014 : sent [LCP TermReq id=0x3 "MPPE disabled"]

Wed Feb 26 00:33:58 2014 : Connect time 1.1 minutes.

Wed Feb 26 00:33:58 2014 : Sent 51643 bytes, received 0 bytes.

Wed Feb 26 00:33:58 2014 : PPTP disconnecting...

Wed Feb 26 00:33:58 2014 : PPTP clearing port-mapping for en1

Wed Feb 26 00:33:58 2014 : PPTP disconnected