9 Replies Latest reply: Sep 5, 2014 6:00 PM by Cidy Long
SofIa_R Level 1 Level 1 (0 points)

A few days ago when I upgraded from ML + Server 2.2.2 to Mavericks + Server 3.0 the VPN didnt work, as for many others as I saw in the blogs.

 

Today I erased one of the two MacMini disks and I did a clean install of Mavericks and Server 3.0.1.

DNS is fine as well as FileSharing, but VPN still not working.

 

When I run the Server app, from the System Log i get the following message:

Nov 13 23:10:29 myserver.private servermgrd[1126]: servermgr_postgres_server: missing postgres config file: /Library/Server/PostgreSQL For Server Services/Config/com.apple.postgres.plist

 

Anyone has a clue ?

Thank you


Mac mini, OS X Mavericks (10.9)
  • elgringito Level 1 Level 1 (20 points)

    Hello SofIa_R,

     

    I don't think that the problem you are experiencing with the vpn has anything to do with the postgres error. As far as I know, the vpn server does not rely on the postgres database.

     

    Could you please post the result of the following command:

     

    sudo serveradmin fullstatus vpn

     

    The log would be helpful too. You should find them here: "/var/log/ppp/vpnd.log".

     

    Look carefully at the lines written at the time you attempt to create a vpn communication. This might give you a clue of what is happening.

     

    Also, when I got problem with the vpn server under ML, this article was helpful:

     

    http://support.apple.com/kb/HT4748

     

    Note that although the article says that this is limited to PPTP, it actually also works with L2TP.

     

    Good luck!

  • SofIa_R Level 1 Level 1 (0 points)

    Hello Elgringito,

    thank you for your replay.

    I rebooted from the Maveriks server disk (during the day we use the ML server since it works with mo problems).

    I started Server 3.0.1 app

    I entered Terminal and did the command you suggested: sudo serveradmin fullstatus vpn

    Here is the full Terminal answer:


    vpn:servicePortsAreRestricted = "NO"

    vpn:readWriteSettingsVersion = 1

    vpn:servers:com.apple.ppp.pptp:AuthenticationProtocol = "MSCHAP2"

    vpn:servers:com.apple.ppp.pptp:CurrentConnections = 0

    vpn:servers:com.apple.ppp.pptp:enabled = no

    vpn:servers:com.apple.ppp.pptp:MPPEKeySize = "MPPEKeySize128"

    vpn:servers:com.apple.ppp.pptp:Type = "PPP"

    vpn:servers:com.apple.ppp.pptp:SubType = "PPTP"

    vpn:servers:com.apple.ppp.pptp:AuthenticatorPlugins = "DSAuth"

    vpn:servers:com.apple.ppp.l2tp:AuthenticationProtocol = "MSCHAP2"

    vpn:servers:com.apple.ppp.l2tp:CurrentConnections = 0

    vpn:servers:com.apple.ppp.l2tp:enabled = yes

    vpn:servers:com.apple.ppp.l2tp:startedTime = "2013-11-14 20:16:38 +0000"

    vpn:servers:com.apple.ppp.l2tp:Type = "PPP"

    vpn:servers:com.apple.ppp.l2tp:SubType = "L2TP"

    vpn:servers:com.apple.ppp.l2tp:AuthenticatorPlugins = "DSAuth"

    vpn:servers:com.apple.ppp.l2tp:pid = 158

    vpn:servicePortsRestrictionInfo = _empty_array

    vpn:health = _empty_dictionary

    vpn:logPaths:vpnLog = "/var/log/ppp/vpnd.log"

    vpn:configured = yes

    vpn:state = "RUNNING"

    vpn:setStateVersion = 1

     

    Honestly I can't gest clues of what wrong, but maybe you do :-)

    Thanks again for your feedback !

  • TripleBoot Level 1 Level 1 (0 points)

    I just wanted to point out that the L2TP issues with Mavericks have been addressed by Apple, even though they don't offer much of a solution.

     

    http://support.apple.com/kb/TS5313

     

    It seems like the 3.0.1 update made things worse.  Before I could at least connect from my local network, now that doesn't even work.

  • Wictor Level 1 Level 1 (10 points)

    Yes I agree, Server 3.0.1 didn't solve any VPN issue. I had an Apple computer expert working on our system. He did setup a huge number of Apple Servers in the past but he couldn't come into a solution with Mavericks Server.

    VPN for a Server is a critical aspect not an minor option.

    It is very sad that behind Apple fireworks about every new products they present thare are quite evident bugs that supposed to be solved BEFORE they release a new operating system or a new professional software like Server.

    I am wondering how come all the developers who had the pre-release of Server did not discover that VPN didn't work.

  • elgringito Level 1 Level 1 (20 points)

    Thank you for the pointer TripleBoot. And sorry for you SofIa_R. It seems that you will have to wait until Apple decides to actually suggest a real solution. Suggesting to replace L2TP by PPTP is definitely not what I call a solution, PPTP being *much* weaker than L2TP.

     

    As Wictor says, it is indeed very strange that this hasn't been spotted before.

  • elgringito Level 1 Level 1 (20 points)

    By the way, your configuration looks exactly like mine. It works under Mountain Lion....

  • Doug MtView Level 1 Level 1 (0 points)

    Agreed.  It seems that when it failed, waiting about 15 minutes offered fair odds it might then work.  So far, no luck. It works well with direct access to the server on a local link.  It fails going through Mac OS X Server VPN - NAT Traversal on an Airport Extreme.  PPTP is not an acceptable option since it can be quickly compromised.

    Purchasing a new router and OS X Server in the hope of getting a "free" OS update to work has not offered any bargain.

  • SofIa_R Level 1 Level 1 (0 points)

    I am not sure it is L2TP.

    If I try to connect to Mavericks Server 3.0.1 from iPad 3G using L2TP protocol it works fine.

    Therefore it must be a Mavericks client to Mavericks Server the issue.

  • Cidy Long Level 1 Level 1 (0 points)

    Hi, here.

     

    Do you find out the solution for it? I have same problem with my VPN server. Seams VPN is working right and I can connect to it from LAN, but I can't connect to it over Internet. I figure it out as L2TP requests port 500 and 4500 in their negotiation stage, but those port were occupied by "Back to My Mac" service. which means there is port conflict in new mavericks.

     

    If I stopped "Back to my mac" service and enable 500 & 4500 ports on my airport extreme firewall, I found there is an other issue raised, all mavericks' network accounts disappear from the server, then VPN service will not work.

     

    I am still waiting for Apple to do some thing on the conflict as VPN is critical in my daily working.