Q: VPN not working after upgrading to Mavericks

hmm.....no /etc/sysctl.conf on my system, but bumping it up by hand allowed me to connect:

bash-3.2# sysctl -a|grep maxsockbuf

kern.ipc.maxsockbuf: 262144

bash-3.2# sysctl -w kern.ipc.maxsockbuf=500000

kern.ipc.maxsockbuf: 262144 -> 500000

bash-3.2# sysctl -w kern.ipc.maxsockbuf=1000000

kern.ipc.maxsockbuf: 500000 -> 1000000

500000 wasn't enough, but 1000000 was.

I'd love to know what the "correct" value is from someone who this works for instead of my guessing various large numbers.

No luck for me.  Tried the maxsockbuf change, and still unable to connect remotely.  Using local IP works fine. 

I just followed the advise of jbNco, and i am now back with VPN, which for sure was getting scary, as i might have been forced back on to my company provided PC!!!

This is related to Safari 6.1 and not specific to Mavericks.  I'm building a 10.8.5 image and put Safari 6.1 and ran into the same issue.  They have sandboxed off Java which doesn't give access for java based VPN solutions the access it needs to install the required components.

If you go into Safari Prefs, select security, and then select manage website settings.  Select Java from the left side and then change "when visiting other websites" to run in unsafe mode, I was able to get further with accessing VPN using Safari 6.1.  Can others test this and see if it helps with getting connected?

Exactly the same problem as Matti_A and Erwin1987. Can connect locally with iMac & iPhone but not from outside. Router and VPN Service configured properly.

so...once upon a time I evaluated a package called Cocktail (http://www.maintain.se/cocktail).  It "disabled' itself at the end of  the evaluation period, but disabling does not mean uninstalling and all it's "tuning" was still in place.

I have no memory of doing this, but it was apparently in mid-2011.

If you have this junkware, find all folders that start with "Cocktail" and blow them away.

DeepEddy wrote:

 

hmm.....no /etc/sysctl.conf on my system, but bumping it up by hand allowed me to connect:

 

bash-3.2# sysctl -a|grep maxsockbuf

kern.ipc.maxsockbuf: 262144

bash-3.2# sysctl -w kern.ipc.maxsockbuf=500000

kern.ipc.maxsockbuf: 262144 -> 500000

bash-3.2# sysctl -w kern.ipc.maxsockbuf=1000000

kern.ipc.maxsockbuf: 500000 -> 1000000

 

 

500000 wasn't enough, but 1000000 was.

 

I'd love to know what the "correct" value is from someone who this works for instead of my guessing various large numbers.

kern.ipc.maxsockbuf: 6291456

I am/was having the same problem with the same error messages as the OP and others. For sh1t and giggles I just tried turning off encryption on the (PPTP) connection and it connected immediately.

This was working with encryption prior to Mavericks (connecting from a MacBook to a remote LAN with the server running on a DD-WRT router) and only with no encryption now.

I am no mega-tech so I have no idea if this is a clue, or totally useless information!

MNX

Spoke to Apple Enterprise Support this morning and they are aware of the issue now. We spent about 2 hours troubleshooting and trying everything the tech could think of, in the end he gathered logs from my server. At this point they are leaning towards an issues with NAT and Mavericks Server. They're working on it, most likely be addressed in an update to the Server app. Just wanted to share.

^^^This is obviously for the Server issues some of us are seeing.

Thats nice to hear.

I have the same L2TP-problem as everyone else with one exception.

I'm unable to connect from outside the LAN with a Mac running 10.7.5

I'm unable to connect from outside the LAN with my iphone 3Gs running iOS 6.1.3

But...

I'm able to connect from outside the LAN with my iphone 4 running iOS 7.0.3.

I have found that ip-up script file in etc/ppp is missing after update, restoring it solved my problem whith native mac osx client.

Dvicente,

My /etc/ppp directory is empty. Is there any chance you could post the contents of the ip-up script file?

Thanks!

Try select "send all traffic over VPN" in the advanced prefs pane and start connection.

If it works,(I think)you have to contact sysadmin of the server for the script, mine looks like

#!/bin/sh

COUNT=1

while [ $COUNT -lt '255' ] ; do

          if [ "${5:-}" = "10.1.15.$COUNT" ]

          then

                    /sbin/route add 192.168.10.0/24 $5

                    /sbin/route add 192.168.11.0/24 $5

                    /sbin/route add 192.168.12.0/24 $5

                    /sbin/route add 192.168.13.0/24 $5

                    /sbin/route add 192.168.14.0/24 $5

                    /sbin/route add 192.168.15.0/24 $5

                    /sbin/route add 10.1.11.0/24 $5

          fi

          COUNT="$(expr "$COUNT" '+' '1')"

done

and in the /private/etc/hosts file, added lines for the servers, ie

192.168.10.6 svr-xx.xxx.local

Also struggling to make VPN (Cisco IPsec) work again.

This is my log:

30/10/13 11:02:03,113 configd[18]: IPSec connecting to server vpn.url.nl

30/10/13 11:02:03,113 configd[18]: SCNC: start, triggered by (307) com.apple.prefe, type IPSec, status 0, trafficClass 0

30/10/13 11:02:03,118 configd[18]: network changed: v4(en0:192.168.1.223) DNS Proxy SMB

30/10/13 11:02:03,123 configd[18]: IPSec Phase1 starting.

30/10/13 11:02:03,123 mDNSResponder[56]: Double NAT (external NAT gateway address 192.168.0.11 is also a private RFC 1918 address)

30/10/13 11:02:03,189 racoon[328]: accepted connection on vpn control socket.

30/10/13 11:02:03,189 racoon[328]: IPSec connecting to server x.x.x.x

30/10/13 11:02:03,190 racoon[328]: Connecting.

30/10/13 11:02:03,190 racoon[328]: IPSec Phase 1 started (Initiated by me).

30/10/13 11:02:03,196 racoon[328]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).

30/10/13 11:02:03,196 racoon[328]: >>>>> phase change status = Phase 1 started by us

30/10/13 11:02:03,199 configd[18]: network changed.

30/10/13 11:02:03,874 mDNSResponder[56]: handleLNTPortMappingResponse too many conflict retries 0 0

30/10/13 11:02:04,771 configd[18]: IPSec failed to set port-mapping for en0, errorCode: -65564.

30/10/13 11:02:04,771 configd[18]: IPSec port-mapping for en0 became invalid. is Connected: 1, Protocol: None, Private Port: 0, Previous publicAddress: (c0a8000b), Previous publicPort: (0).

30/10/13 11:02:04,772 configd[18]: IPSec public port-mapping for en0 changed... starting faster probe.

30/10/13 11:02:06,495 racoon[328]: IKE Packet: transmit success. (Phase 1 Retransmit).

30/10/13 11:02:09,791 racoon[328]: IKE Packet: transmit success. (Phase 1 Retransmit).

30/10/13 11:02:13,086 racoon[328]: IKE Packet: transmit success. (Phase 1 Retransmit).

30/10/13 11:02:13,198 configd[18]: IPSec disconnecting from server x.x.x.x

30/10/13 11:02:13,198 racoon[328]: IPSec disconnecting from server x.x.x.x

30/10/13 11:02:13,199 racoon[328]: failed to send vpn_control message: Broken pipe

30/10/13 11:02:13,200 racoon[328]: glob found no matches for path "/var/run/racoon/*.conf"

30/10/13 11:02:13,201 racoon[328]: IPSec disconnecting from server x.x.x.x

 

 

Don't have any *.conf file in my var/run/racoon/ folder.

Also don't have the /etc/sysctl.conf file. Don't know what's meant by:

no /etc/sysctl.conf on my system, but bumping it up by hand allowed me to connect:

I have no clue what to try next.

Did you get an answer for this?  My ppp folder is also empty and would like a copy of what is supposed to be in there

I found a solution for this problem, first you need 3 files from your os x Mountain backup:

1. /usr/sbin/racoon
2. /System/Library/LaunchDaemons/com.apple.racoon.plist
3. /System/Library/Sandbox/Profiles/racoon.sb

Then just put those mountain files in your mavericks folder and restart your mac, please make  a backup of the 3 files. have fun