I upgraded by Mac mini server to Mavericks (including the server update). Now the VPN has stopped working. Pre update I used the vpn for my MacBook Air, iPad and iPhone. Now nothing works. I've checked my router (Apple) and it appears to be set up appropriately to pass VPN traffic. Any ideas?
Mac Mini Server, Mac OS X (10.6.3)
It appears that if I use wi-fi on my internal network I can enable VPN using L2TP, but external access via iPhone on cell network does not work. I do see the racoon logs when I connect with the iPhone externally so something is getting through. See my previous post for logs.
When connecting successfully via wi-fi I see racoon logs followed by some pppd logs whereas connecting externally I only see the racoon retransmits before it times out.
I have UDP ports 500, 1701, and 4500 open on the router mapped to the server.
I'm using OS X Server at home so my needs are not critical and I have alternatives, but I cannot understand why Apple doesn't jump on this if they want to be taken even remotely seriously as a provider of server software. To let this kind of probem drag on is really inexcusable.
> … solution to the L2TP problem: http://support.apple.com/kb/TS5313
"Resolution
You can configure and use PPTP instead. Please note that PPTP requires Directory accounts."
This is *terrible* advice. PPTP has been completely broken for over a year and should be considered unencrypted. <https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/> <https://www.schneier.com/blog/archives/2012/08/breaking_micros.html>
Disable OS X Server's PPTP VPN now, whether PPTP "works" or not.
OpenVPN works fine with Mavericks, and its TLS-based authentication is much more secure than OS X Server's L2TP/Ipsec-PSK. <https://discussions.apple.com/thread/5538749?answerId=23898306022#23898306022>
"You can configure and use PPTP instead. "
Duuh, one can "configure" PPTP, however it does not work either.
Must be an intern who gave this advice...... ;-(
FYI, the latest Mavericks update (released on 12/17 or 18) replaces older versions of /usr/sbin/racoon. Restoring /sbin/racoon from a pre-Mavericks backup will once again fix the L2TP issue.
Looks like there is a VPN Update for OS X Server that just came out. It requires OS X 10.9.1. Installing it myself now.
Good luck to everyone.
Installed. Failed first few times I tried. Working OK now externally and on the LAN.
I don't know how Apple can think any I.T. admin would specify using OS X Server in a critical business solution when it takes them two months to fix something as important as VPN. This should have been fixed within a day or so of Mav being released October 22nd.
The VPN Update for OS X Server fixes L2TP for me....
Seems like a solution!!!! Finally Apple is doing something... but how long has my system been down?? Almost 3 months!!! I think it is too bad as for such critical flaw in the system.
still not working for me just listening for connections..
I assume it is the case, but can someone confirm that this update is just for the Server version of Mavericks? The same VPN bug is in the non-server version as well. (Thankfully, the ML racoon fix works in the non-server version too).
Installed update and still not able to connect
I am able to connect on the local network but not externally.
That sounds like your router is not set up correctly.
All 3 ports forwarded to my server ip. 1701, 500, 4500. Not sure what else I am missing?
Disable Universal Plug and Play (UPNP) on the router. Some routers are setting up UPNP connections for back to my mac that interfere with the port forwarding for NAT with vpn.
Post Mavericks (server) upgrade, vpn has stopped working. Any suggestions?
