denningsrogue

Q: Post Mavericks (server) upgrade, vpn has stopped working.  Any suggestions?

I upgraded by Mac mini server to Mavericks (including the server update). Now the VPN has stopped working.  Pre update I used the vpn for my MacBook Air, iPad and iPhone.  Now nothing works.  I've checked my router (Apple) and it appears to be set up appropriately to pass VPN traffic. Any ideas?

Mac Mini Server, Mac OS X (10.6.3)

Posted on Oct 23, 2013 12:52 AM

Close

Q: Post Mavericks (server) upgrade, vpn has stopped working.  Any suggestions?

  • All replies
  • Helpful answers

first Previous Page 6 of 8 last Next
  • by formerlyknownas,

    formerlyknownas formerlyknownas Nov 13, 2013 10:23 AM in response to Lime Mojito
    Level 1 (0 points)
    Nov 13, 2013 10:23 AM in response to Lime Mojito

    @ Lime Mojito

     

    My router is an Airport Extreme - No UPnP !

    It does have NAT-PMP but this is turned off - and always has been!

     

    Glad you're up and running though

     

    FKA

  • by formerlyknownas,

    formerlyknownas formerlyknownas Nov 13, 2013 10:45 AM in response to formerlyknownas
    Level 1 (0 points)
    Nov 13, 2013 10:45 AM in response to formerlyknownas

    Just had to laugh at Crapple's solution to the L2TP problem

     

    http://support.apple.com/kb/TS5313

     

    Reads - "hey moronic Crapple users! Yeh like dudes l2tp like doesn't work right now, but we've got like this awesome solution for you ... are you ready?"   **yup we're ready Crapple**   "Ok then loser, our solution is .... don't use it ! ... Great solution isnt it, do you like it?"

     

    **no crapple I think it's the worst solution I've ever seen to a major bug in a piece of software!**

  • by kellentat,

    kellentat kellentat Nov 13, 2013 11:40 AM in response to denningsrogue
    Level 1 (5 points)
    Nov 13, 2013 11:40 AM in response to denningsrogue

    @formerlyknownas- still working for me, try a repair of the permissions on the disk-mine complained a bunch about iBooks (an app I haven't opened on the server) and then a ton of racoon related stuff. So @kerryfung basically here's what I did- taking into account you need to back up this file and do this at your own risk!!!

     

    I created a VM of Mountain Lion Server in VMWare Fusion, ran any updates that it wanted. Then in Finder on the VM I needed the following file /usr/sbin/racoon as suggested by JoshuaOchs. To get this in Finder hit command + shift + g and enter /usr/sbin and then hit ok. This will open the correct folder, copy the racoon file onto the desktop of the Mavericks server.

     

    Now on the Mavericks server use the same finder command to open the /usr/sbin folder and copy the racoon file to somewhere safe (another folder).

     

    Then copy in the racoon file from the Mountain Lion server, it will ask you put in an admin login/password. At this point reboot. After rebooting open the log in the server and you should see if complaining about IP Sec Self Repair and cannot connect to racoon. Run repair disk permissions, reboot again and you should be good to go.

     

    I've rebooted several times no issues.

     

    If folks need a raccon file I can post one if I get scout's honor on not trying to mess with my server.

  • by Petterf,

    Petterf Petterf Nov 13, 2013 11:57 AM in response to formerlyknownas
    Level 2 (395 points)
    Nov 13, 2013 11:57 AM in response to formerlyknownas

    That was one poor and embarrassing solution to a pretty major problem.

  • by formerlyknownas,

    formerlyknownas formerlyknownas Nov 13, 2013 12:44 PM in response to kellentat
    Level 1 (0 points)
    Nov 13, 2013 12:44 PM in response to kellentat

    Hi kellentat

     

    I tried running permission repair but it didn't work for me. Edit - I also tried removing the extended attributes (@) from the permissions on the copied racoon file, but had no joy ..

     

    I'm wondering maybe if it's because my latest TM backup of ML is quite old (10.8.3 i think!).

     

    I'm presuming from your VM it will be 10.8.5 you've copied the file from?

     

    D

  • by kellentat,

    kellentat kellentat Nov 13, 2013 12:44 PM in response to formerlyknownas
    Level 1 (5 points)
    Nov 13, 2013 12:44 PM in response to formerlyknownas

    Yep- it was a fresh instance of ML and Server 2.2. Do you have a VM app? If you do you could download the ML installer and then from there follow what I did with a blank ML image and install server on top of that.

  • by formerlyknownas,

    formerlyknownas formerlyknownas Nov 13, 2013 12:45 PM in response to kellentat
    Level 1 (0 points)
    Nov 13, 2013 12:45 PM in response to kellentat

    Thanks mate .. I'm running Fusion 6, I'll give your method a try when I have time

     

  • by Paul van Asseldonk,

    Paul van Asseldonk Paul van Asseldonk Nov 14, 2013 1:45 AM in response to denningsrogue
    Level 1 (0 points)
    Nov 14, 2013 1:45 AM in response to denningsrogue

    I had the same problem. Yesterday I updated to Server 3.0.1, which seems to fix this!

  • by LondonServer,

    LondonServer LondonServer Nov 14, 2013 5:40 AM in response to denningsrogue
    Level 1 (0 points)
    Nov 14, 2013 5:40 AM in response to denningsrogue

    Upgrading to 3.0.1 has not resolved this problem here. I have updated the racoon file without a restart and it didn't work. Will restart at the end of the day and update..

  • by Tom Sheppard,

    Tom Sheppard Tom Sheppard Nov 14, 2013 8:23 AM in response to denningsrogue
    Level 1 (25 points)
    Mac OS X
    Nov 14, 2013 8:23 AM in response to denningsrogue

    The Server 3.0.1 update did fix external access to the calendar and contact services but VPN is still broken. I see these logs when trying to connect externally from my iPhone:

     

    2013-11-14 11:16:46.943 AM racoon[447]: Connecting.

    2013-11-14 11:16:46.943 AM racoon[447]: IPSec Phase 1 started (Initiated by peer).

    2013-11-14 11:16:46.943 AM racoon[447]: IKE Packet: receive success. (Responder, Main-Mode message 1).

    2013-11-14 11:16:46.943 AM racoon[447]: >>>>> phase change status = Phase 1 started by us

    2013-11-14 11:16:46.943 AM racoon[447]: IKE Packet: transmit success. (Responder, Main-Mode message 2).

    2013-11-14 11:16:47.046 AM racoon[447]: IKE Packet: receive success. (Responder, Main-Mode message 3).

    2013-11-14 11:16:47.068 AM racoon[447]: IKE Packet: transmit success. (Responder, Main-Mode message 4).

    2013-11-14 11:16:47.147 AM racoon[447]: Connecting.

    2013-11-14 11:16:50.242 AM racoon[447]: IKE Packet: transmit success. (Phase 1 Retransmit).

    … repeated multiple times …

    2013-11-14 11:19:28.027 AM racoon[447]: IKEv1 Phase 1: maximum retransmits. (Phase 1 Maximum Retransmits).

    2013-11-14 11:19:28.027 AM racoon[447]: Phase 1 negotiation failed due to time up. 2c03a5b1d53ee4a3:ec9effb974f18930

     

    The iPhone eventually times out and says, "The L2TP-VPN server did not respond."

     

    Apple has some more work to do.

  • by formerlyknownas,

    formerlyknownas formerlyknownas Nov 14, 2013 1:03 PM in response to Tom Sheppard
    Level 1 (0 points)
    Nov 14, 2013 1:03 PM in response to Tom Sheppard

    same same ..

     

    14/11/2013 20:40:38.193 racoon[198]: Connecting.

    14/11/2013 20:40:38.193 racoon[198]: IPSec Phase 1 started (Initiated by peer).

    14/11/2013 20:40:38.193 racoon[198]: IKE Packet: receive success. (Responder, Main-Mode message 1).

    14/11/2013 20:40:38.194 racoon[198]: >>>>> phase change status = Phase 1 started by us

    14/11/2013 20:40:38.194 racoon[198]: IKE Packet: transmit success. (Responder, Main-Mode message 2).

    14/11/2013 20:40:38.229 racoon[198]: IKE Packet: receive success. (Responder, Main-Mode message 3).

    14/11/2013 20:40:38.247 racoon[198]: IKE Packet: transmit success. (Responder, Main-Mode message 4).

    14/11/2013 20:40:38.283 racoon[198]: Connecting.

    14/11/2013 20:40:41.480 racoon[198]: IKE Packet: transmit success. (Phase 1 Retransmit).

    14/11/2013 20:40:44.778 racoon[198]: IKE Packet: transmit success. (Phase 1 Retransmit).

    14/11/2013 20:40:48.052 racoon[198]: IKE Packet: transmit success. (Phase 1 Retransmit).

    14/11/2013 20:41:01.209 racoon[198]: IKE Packet: transmit success. (Phase 1 Retransmit).

     

     

    However - If i connect the client to a 3rd party l2tp VPN  first, and then connect to my OS X server l2tp VPN, it connects ..

     

    14/11/2013 20:45:30.616 racoon[198]: Connecting.

    14/11/2013 20:45:30.616 racoon[198]: IPSec Phase 1 started (Initiated by peer).

    14/11/2013 20:45:30.616 racoon[198]: IKE Packet: receive success. (Responder, Main-Mode message 1).

    14/11/2013 20:45:30.617 racoon[198]: >>>>> phase change status = Phase 1 started by us

    14/11/2013 20:45:30.617 racoon[198]: IKE Packet: transmit success. (Responder, Main-Mode message 2).

    14/11/2013 20:45:30.644 racoon[198]: IKE Packet: receive success. (Responder, Main-Mode message 3).

    14/11/2013 20:45:30.661 racoon[198]: IKE Packet: transmit success. (Responder, Main-Mode message 4).

    14/11/2013 20:45:30.684 racoon[198]: Ignore INITIAL-CONTACT notification, because it is only accepted after Phase 1.

    14/11/2013 20:45:30.684 racoon[198]: IKEv1 Phase 1 AUTH: success. (Responder, Main-Mode Message 5).

    14/11/2013 20:45:30.684 racoon[198]: IKE Packet: receive success. (Responder, Main-Mode message 5).

    14/11/2013 20:45:30.684 racoon[198]: IKEv1 Phase 1 Responder: success. (Responder, Main-Mode).

    14/11/2013 20:45:30.684 racoon[198]: IKE Packet: transmit success. (Responder, Main-Mode message 6).

    14/11/2013 20:45:30.685 racoon[198]: IKE Packet: transmit success. (Information message).

    14/11/2013 20:45:30.685 racoon[198]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).

    14/11/2013 20:45:30.685 racoon[198]: IPSec Phase 1 established (Initiated by peer).

    14/11/2013 20:45:31.709 racoon[198]: IPSec Phase 2 started (Initiated by peer).

    14/11/2013 20:45:31.709 racoon[198]: IKE Packet: receive success. (Responder, Quick-Mode message 1).

    14/11/2013 20:45:31.709 racoon[198]: >>>>> phase change status = Phase 2 started

    14/11/2013 20:45:31.710 racoon[198]: IKE Packet: transmit success. (Responder, Quick-Mode message 2).

    14/11/2013 20:45:31.731 racoon[198]: IKE Packet: receive success. (Responder, Quick-Mode message 3).

    14/11/2013 20:45:31.731 racoon[198]: IKEv1 Phase 2 Responder: success. (Responder, Quick-Mode).

    14/11/2013 20:45:31.731 racoon[198]: IPSec Phase 2 established (Initiated by peer).

    14/11/2013 20:45:31.732 racoon[198]: >>>>> phase change status = Phase 2 established

     

    Closing the 3rd party VPN tunnel, obviously, closes both tunnels!

     

    There's clearly not a NAT or Firewall issue on the client network as the 3rd party l2tp VPN connection wouldn't work either!

    And there's not a clash of subnets. The client network is 10.20.101 ... and my home network where my OS X server lives is 192.168.60 .. and the 3rd party VPN service I connect to dishes out 192.168.80 ..  ..

     

    The 3rd party VPN connection is also NAT'd ........

     

    FKA

  • by Changren Yong,

    Changren Yong Changren Yong Nov 15, 2013 3:19 PM in response to Paul van Asseldonk
    Level 1 (108 points)
    Mac OS X
    Nov 15, 2013 3:19 PM in response to Paul van Asseldonk

    There is no update to the /usr/sbin/racoon file in Server 3.0.1 so if VPN was not working before 3.0.1, i doubt it's working now.

  • by JoshuaOchs,

    JoshuaOchs JoshuaOchs Nov 18, 2013 5:55 AM in response to formerlyknownas
    Level 1 (0 points)
    Nov 18, 2013 5:55 AM in response to formerlyknownas

    Agreed that their official support note leaves a LOT to be desired (and since when did PPTP require a directory account?), but the fact that they posted it at all means they're aware of the issue. They had a similar note up for the 13-inch Retina "loss of keyboard/trackpad" bug, and a couple weeks later it was fixed. Fingers crossed.

     

    I took a more drastic approach to fixing this - I loaded up a Linux VM in VirtualBox and configured Racoon myself (fortunately I spent a couple weeks on Linux VPN setup a few months back, so I knew what to do). Setting it up by hand worked perfectly, although attempting to use the same config file with the built-in racoon didn't work - rather annoying. At least I have a workaround for now.

  • by martinoroberto,

    martinoroberto martinoroberto Nov 24, 2013 4:06 AM in response to denningsrogue
    Level 1 (8 points)
    iPhone
    Nov 24, 2013 4:06 AM in response to denningsrogue

    Solved enabling l2tp and pptp option on Server app, creating a NAT of 1723 tcp port. Now, my L2TP vpn work from outside using my iphone or mac.

     

     

    (i don't understand why....)

  • by sangbo,

    sangbo sangbo Nov 27, 2013 6:00 PM in response to martinoroberto
    Level 1 (0 points)
    Nov 27, 2013 6:00 PM in response to martinoroberto

    I guess you use pptp. l2tp is not working with 1723 port.

first Previous Page 6 of 8 last Next