Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: 10.9 VPN behind Airport Extreme no longer works

I have OS X Server 10.9 running, migrated from 10.8. My server is behind an Airport Extreme and worked on 10.8. No when I try to connect from my iPhone I get server not found. Any Ideas. Access to web pages and VNC still works.

Posted on

Reply
Question marked as Solved
Answer:
Answer:

If you replace use/slib/racoon with the server 2.2 version it works again (be sure to reboot after replacing as the file is in use).

Posted on

Oct 22, 2013 11:44 PM in response to Merchon Cottrell In response to Merchon Cottrell

I am having the same issue, my VPN worked fine on Mountain Lion earlier today and since I upgraded to Mavericks tonight. I have been racking my brain on this issue since updating, all of my other services like Messaging, Profile Manager, and my Website can be accessed either inside or outside of my network. It has to be some type of software problem with the Server.app itself, as I should not have been able to connect with my other services if it was some type of Port forwarding or blocking issue. I will continue to reasearch and try and find an answer for this major issue. Merchon have you tried to connect using your external IP address instead of your VPN host name? I have tried but it does not seem to help me but I would give it a try if you have not yet.

Oct 22, 2013 11:44 PM

Reply Helpful

Oct 23, 2013 6:43 AM in response to Merchon Cottrell In response to Merchon Cottrell

Same problem here. My VPN does not work now from external (LTE) network on mobile devices (iPhone 5S & iPad Mini). No problems before Mavericks and Server 3.


VPN works fine when on the same WiFi network...but that is kind of pointless.


Right now, I'm upset that I paid $19.99 for Server 3 and unwittingly joined the Mavericks beta program.


All that I got from this upgrade is a broken VPN...

Oct 23, 2013 6:43 AM

Reply Helpful

Oct 23, 2013 9:47 AM in response to volman69 In response to volman69

It is seeming more and more that Apple is relasing Beta software as release canadates to an unespecting audience. But that does not mean that we cant find some sort of work around. I work on Mac Servers all day and I am at a loss for what to start with at VPN has been a solid rock on previous verisons of the Server app.

Oct 23, 2013 9:47 AM

Reply Helpful

Oct 23, 2013 12:02 PM in response to volman69 In response to volman69

flacojo32's log seems to indicate that there was no connection made, so perhaps there is a firewall issue or port routing issue.


For those of you seeing the problem, do your servers have public IP addresses, or are they on a private LAN behind an Airport? I'm wondering if maybe there is an issue with the Airport's port forwarding for L2TP. Do any of you see incoming connections?

Oct 23, 2013 12:02 PM

Reply Helpful

Oct 23, 2013 12:20 PM in response to jeremyhu In response to jeremyhu

I'm not using an Airport. The firewall on the network is running DD-WRT and no settings have changed since it was working with ML Server. I did test the problem with an Airport Express, though, and was able to reproduce it with that equipment as well.


My server does not have a public address. VPN traffic is forwarded from the firewall. I do see activity when the connection attempt begins, but it never succeeds.


Oct 23 00:31:47 servername racoon[14219]: accepted connection on vpn control socket.

Oct 23 00:32:02 servername racoon[14219]: Connecting.

Oct 23 00:32:02 servername racoon[14219]: IPSec Phase 1 started (Initiated by peer).

Oct 23 00:32:02 servername racoon[14219]: IKE Packet: receive success. (Responder, Main-Mode message 1).

Oct 23 00:32:02 servername racoon[14219]: >>>>> phase change status = Phase 1 started by us

Oct 23 00:32:02 servername racoon[14219]: IKE Packet: transmit success. (Responder, Main-Mode message 2).

Oct 23 00:32:03 servername racoon[14219]: IKE Packet: receive success. (Responder, Main-Mode message 3).

Oct 23 00:32:03 servername racoon[14219]: IKE Packet: transmit success. (Responder, Main-Mode message 4).

Oct 23 00:32:03 servername racoon[14219]: Connecting.

Oct 23 00:32:06 servername racoon[14219]: IKE Packet: transmit success. (Phase 1 Retransmit).

Oct 23 00:32:24 --- last message repeated 3 times ---

Oct 23 00:32:24 servername com.apple.launchd.peruser.502[4494] (com.apple.KerberosHelper.LKDCHelper[47084]): Exited with code: 1

Oct 23 00:32:41 servername racoon[14219]: IKE Packet: transmit success. (Phase 1 Retransmit).


Yep, that's all of it. No real indication of failure even.

Oct 23, 2013 12:20 PM

Reply Helpful

Oct 23, 2013 12:16 PM in response to jeremyhu In response to jeremyhu

What ports would be the issue? I have 500, 1701, 1723, and 4500 all forwarrded to my server from my Time Capsule and nothing. I do not see the clients trying to connect to my VPN server from the logs it appears the service starts and just stits listening for connections. Anyone have any ideas what to try?

Oct 23, 2013 12:16 PM

Reply Helpful

Oct 23, 2013 3:24 PM in response to flacojo32 In response to flacojo32

flacojo32 wrote:


It is seeming more and more that Apple is relasing Beta software as release canadates to an unespecting audience.

Problem being, developers use OS X previews to develop their apps, but there are not enough folks testing Server. Another problem being, you never know, is it really a bug or did you do a mistake configuring your server. 😐

Oct 23, 2013 3:24 PM

Reply Helpful

Oct 23, 2013 3:38 PM in response to Semmelrocc In response to Semmelrocc

The server preview was released very late compared to Mavericks proper and the GM release (which is really when a lot of developer-adjacent testers come on board) didn't come out until about a week ago.


I spent almost two weeks rebuilding this system repeatedly, checking it again and again against settings on ML servers I have that still run the VPN service. It is always possible that the problem lies with my settings, of course, but they are absolutely settings that worked under ML Server. If there are differences in server behavior, Apple needs to do a better job of providing documentation for them.


When Apple replaced a $1,000 unlimited license for SL Server with a $30 license for Lion Server, I knew the trouble we were in for. You spend a thousand bucks, Apple has to make it work. You spend $30 bucks ($20 now) Apple says "what do you expect for $30?". Still, it's great when you need to run very small networks that don't need more than it offers.

Oct 23, 2013 3:38 PM

Reply Helpful

Oct 24, 2013 10:03 AM in response to Semmelrocc In response to Semmelrocc

Well my config worked on Mountain Lion but a direct update to Mavericks wont work? That proves that my configuration was fine and I changed nothing during the update.

So this is not a config problem this is a Server 3.0 problem.

So my point again that its Beta software.

Oct 24, 2013 10:03 AM

Reply Helpful
User profile for user: Merchon Cottrell

Question: 10.9 VPN behind Airport Extreme no longer works