I've removed all the port forwarding in my AEBS and let Server recreate the port forwarding for VPN by itself inside of Server and I still can't connect.
Can anyone post their exact settings (without giving away any security info, obviously) to show us that it's working. Maybe there's a small detail that many of us are overlooking since it works for some of you but not for the rest of us.
I seem to be having this problem as well. I can make a L2TP VPN connection to the server on my local network but not from outside. I'm using a Time Capsule as my router and DHCP server. Server seems to be setting up the ports on the TC correctly but I'm unable to connect from outside. I did have iCloud/BackToMyMac turned on but have now turned BTMM off and logged off of iCloud on that machine and restarted but still no VPN connection. I do not have any routes set up as I'm happy to have all traffic go via the VPN when I'm connected but don't know if I need a route to make L2TP work. I don't believe I did under 10.8.
Hello there as well,
I've the same issue and I investigate the problem. The reason why it does not work is, that the racoon (IKE Daemon) does not accept connections on port 4500 (IKE for NAT-T) if the source port is random generated.
Since Mavericks and IOS7 the source port from the client is no longer 4500, this lead to this problem (except you have a old VPN connection already setup bevor you update to IOS7 on your Phone).
If you are in the same network like your server, the IKE NAT-T is not used. In this case the regular port 500 (IKE) is used, and this works as expected. At the moment we have to wait if the problem is fixed by Apple.
There are two possibilities, they can adjust the clients or the server configuration. However if you want to use VPN with OS X native methods, use PPTP. This is not affected but of course it provides no Layer 2 Tunneling.
I was working with ML Server 2.2.2 and all was fine! After upgrade to Mavericks, VPN is not working any more, when I try to connect from outside my network. Local all is still working as well as before.
Because I want to solve the issue, I did multiple Tests. Nothing helps me to connect vis L2TP with my Mac Server 3 - VPN.
Here is something new: I tried to connect with an iPod touch 4. Generation, running iOS 6.1.3. The iPod couldn't connect with the Server, not from intern the local network, and still not from the outside.
So it seems Apple has to do somethung, not the user !!
For those that are having VPN issues outside the local network and is connecting VPN locally fine on OS 10.9 Server,
Has anyone tried turning off the built-in Adaptive Firewall of OS 10.9? If it works., then I suggest deleting the prefs file of the adaptive firewall
I know when I moved up to Mavericks Server form 10.8.5 Server it generated
I know I did not have any issues with my VPN, but one of my clients who has a 10.8.5 Server had some adaptive firewall issues and was do to a corrupted com.apple.alf.plist
try turning off the adaptive firewall if you are using it.. delete the prefs and turn it on again so it can create a new prefs. check out the options to make sure correct options are there.
Ok, I'm a little confused.. What firewall is the one you can turn on at Security and Privacy?
oh I guess I got confused with past articles that I read... oh welll.....
anyway for those that upgraded from 10.6.8 server or before and kept ipfw settings I wonder if that's an issue?
Same here, but I found something new today,
the l2tp vpn can connect when i am in local network, AS WELL AS when I am in SOME of the external network. today I tried to connect the vpn server which locate at home from a wifi network in the univeristy, and it worked.
the network I tried and failed before include the 4G cellular network of my iphone and most wifi.
seems the network in my university uses some kind of cisco-related system.
what I am sure is, this is not related to any DNS (as ssh worked properly) nor firewall (as it worked on some networks).
should it be some configurations about how packets are treated? I have no knowledge on this..