Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: L2TP VPN not working over internet

Hello Mac Community,


It is pretty clear to me that even though I have forwarded the required ports for L2TP, that Mavericks and Server 3 break the L2TP VPN capabilites I was actively using in Mountain Lion.


I can connect locally, but when done from an external network via port forwarding, L2TP fails to connect. Before you query me on port forwarding and router make and model, let me assure you, I have been successfully doing L2TP VPN with Mountain Lion and Server 2.x.x with no issue. Pretty clear to me that Mavericks broke something.


Suggestions specific to the OS platform are appreciated! (The network is in good working order.)

OSX Server-OTHER

Posted on

Reply
Question marked as Helpful

Oct 30, 2013 2:30 AM in response to TonyPHX_623 In response to TonyPHX_623

Hello there as well,


I've the same issue and I investigate the problem. The reason why it does not work is, that the racoon (IKE Daemon) does not accept connections on port 4500 (IKE for NAT-T) if the source port is random generated.


Since Mavericks and IOS7 the source port from the client is no longer 4500, this lead to this problem (except you have a old VPN connection already setup bevor you update to IOS7 on your Phone).


If you are in the same network like your server, the IKE NAT-T is not used. In this case the regular port 500 (IKE) is used, and this works as expected. At the moment we have to wait if the problem is fixed by Apple.


There are two possibilities, they can adjust the clients or the server configuration. However if you want to use VPN with OS X native methods, use PPTP. This is not affected but of course it provides no Layer 2 Tunneling.


Regards,

Daniel

There’s more to the conversation

Read all replies

Oct 30, 2013 2:16 AM in response to TonyPHX_623 In response to TonyPHX_623

Hello there,

I have the same problem. Some other threads I've found, are talking about it as an iOS-Problem, cause it seems, that you can connect with an Mac running new Mac OS X Mavericks as well. I couldn't test that 'til now.


Why do we allways have to buy a new Version of OS X Server, when upgrading the System?? Software should ever be downwards compatible.... So Apple: Do something to fix your bugs in Mavericks!!


Since Steve Jobe died, the Quality of Mac Software is going down more and more!!


Regards,

Heiner

Oct 30, 2013 2:16 AM

Reply Helpful
Question marked as Helpful

Oct 30, 2013 2:30 AM in response to TonyPHX_623 In response to TonyPHX_623

Hello there as well,


I've the same issue and I investigate the problem. The reason why it does not work is, that the racoon (IKE Daemon) does not accept connections on port 4500 (IKE for NAT-T) if the source port is random generated.


Since Mavericks and IOS7 the source port from the client is no longer 4500, this lead to this problem (except you have a old VPN connection already setup bevor you update to IOS7 on your Phone).


If you are in the same network like your server, the IKE NAT-T is not used. In this case the regular port 500 (IKE) is used, and this works as expected. At the moment we have to wait if the problem is fixed by Apple.


There are two possibilities, they can adjust the clients or the server configuration. However if you want to use VPN with OS X native methods, use PPTP. This is not affected but of course it provides no Layer 2 Tunneling.


Regards,

Daniel

Oct 30, 2013 2:30 AM

Reply Helpful (2)

Oct 31, 2013 8:34 AM in response to TonyPHX_623 In response to TonyPHX_623

I'm a bit confused between the use of vpnd and racoon, but I think that vpnd uses racoon for IKE. The fun bit is that racoon can do NATT, but I can't seem to make it work. I'm not convinced that we have to wait for Apple to fix this.

Oct 31, 2013 8:34 AM

Reply Helpful

Oct 31, 2013 8:43 AM in response to JonThompson In response to JonThompson

I like your enthusiasm! I wish I had more time to tackle making racoon work then, but if you find a solution Jon, please share. Or if you write a stable and reliable VPN server, please sell. I will be first in line. : )

Oct 31, 2013 8:43 AM

Reply Helpful

Oct 31, 2013 1:52 PM in response to TonyPHX_623 In response to TonyPHX_623

I just made post with my observations with Verizon FIOS Router at this other link but still uncomfortable with

this being unresolved definatively in so many years of discussion.

My link asks about bad rule in IPSec definition.


UDP Source in IPSec is 500 as well as destination.

What will this do ?

I was Live chatting on Actiontec when tech disconected after an hour without notice.

Oct 31, 2013 1:52 PM

Reply Helpful

Apr 11, 2015 7:12 AM in response to powercore In response to powercore

Hello - I seem to be having the same problem but on OSX 10.10.3 Yosemite with Server 4.0.3.


Is there any fix available for this or workaround? Screenshot below show the log connecting from outside my Airport express (where it does not work) and then over the LAN (where it does work).

User uploaded file

Apr 11, 2015 7:12 AM

Reply Helpful
User profile for user: TonyPHX_623

Question: L2TP VPN not working over internet