Trouble connecting to VPN while outside local network

Question

Level 1

1 points

Trouble connecting to VPN while outside local network

Hi,

I have setup a VPN on OS X Server and opened all the ports (Airport had this already put in for some reason) and I am using No-IP as the address and I can connect to the VPN within the local network using the No-IP address but when I go outside of the address and I have the ports point towards my Mac Mini running OS X Server (with Mavericks) but when I try to connect outside of the local network I get "The PPTP-VPN server did not repond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator." this also happens for L2TP-VPN aswell.

Any help would be greatly apreciated I need this setting up ASAP as I need to be able to have an external office connecting to here so I can back up their Mac's locally.

Thanks,

Bruce

Mac mini, OS X Mavericks (10.9.1), OS X Server

Posted on Feb 12, 2014 1:25 AM

Reply

Answer 1

keg55

Level 6

11,755 points

Feb 12, 2014 7:58 AM in response to bruce00j

Are you referencing the domain name you setup in No-IP.com on your devices in the Network settings for L2TP and/or PPTP? And in your VPN service address (VPN Host Name) in OS X Server?

For example, I use DynDNS.com for my dynamic IP address solution. So, in the L2TP connection setup (Server Address) the address I'm using is my DynDNS hosted domain name (e.g. MyDNS.dyndns-home.com) and I use my Mac Mini's admin account as the Account Name/password. I use the Shared Secret (Authentication Settings) I setup within OS X Server's VPN setup.

OS X Server View:

Configure VPN For: L2TP and PPTP

VPN Host Name: MyDNS.dyndns-home.com

Shared Secret: makeitwork

Mac client View:

Configuration: Default

Server Address: MyDNS.dyndns-home.com

Account Name: serveruser

Authentication Settings Button

Password: serveruser's password

Shared Secret: makeitwork

Reply

Answer 2

bruce00j Author

Level 1

1 points

Feb 12, 2014 8:18 AM in response to keg55

I have refferenced the domain name on No-IP.com both on the creation and connection to the VPN.

OS X Server Setup

L2TP and PPTP

mydomain.no-ip.org

mysharedsecret

My iPhone VPN Connection (Do not have regular accesses to a Mac outside of the network)

Type: L2TP

Server: mydomain.no-ip.org

Account: My Mac Account

RSA SecurID: Off

Password: Mac account password

Sectret: mysharedsecret

Result

Reply

Answer 3

keg55

Level 6

11,755 points

Feb 12, 2014 8:37 AM in response to bruce00j

That all looks good. Have you confirmed that your No-IP.com account shows your VPN server's ISP dynamic IP address resolved to your No-IP.com domain name?

I get that error and sometimes an authentication error before I actually connect to the VPN server. Sometimes it takes 3 or 4 tries. Have you kept trying, but never get connected?

What does the VPN log on the OS X Server Mac show? Does it just show something like, "listening for connections"?

Reply

Answer 4

keg55

Level 6

11,755 points

Feb 12, 2014 8:35 AM in response to keg55

On your screenshot, you're showing a WiFi connection which I'm assuming is outside of your LAN with the OS X Server. Have you tried using your phone carrier's data connection? I have Verizon so I always test outside connectivity with Verizon (LTE).

Reply

Answer 5

bruce00j Author

Level 1

1 points

Feb 14, 2014 5:37 AM in response to keg55

Yeah its on an EE satalite dongle I have tried on my mobile data as well and I have also left it on over night so i can test it while im at home on an iMac (it's going to be left on alot anyway) and it still can't connect :s

Heres a layout of the network if it can prove any help at all (we have satalite internet as well but not provided by EE)

Satalite Dish Reciever --> Satalite Router --> Airport --> Network Rack & Mac Mini --> Rest of network

I have also made sure that the No-IP domain redirects to the IP and I have repeatidly tried to reconect to it and it still fails and in the log of the VPN it does say Listening for connections.

Reply

Answer 6

keg55

Level 6

11,755 points

Feb 14, 2014 6:41 AM in response to bruce00j

The only other thing I can think of is to check your VPN port mapping settings in your Airport Extreme router. OS X Server should have automatically set these up if you allow Server to write to your Airport Extreme.

Reply

Answer 7

bruce00j Author

Level 1

1 points

Feb 17, 2014 12:55 AM in response to keg55

Hi sorry for the late reply, the airport does have those ports open so I'm not sure what is stopping it.

Reply

Answer 8

Feb 22, 2014 6:49 AM in response to bruce00j

Followed this thread because i have exactly the same problem. No connection possible withe the following entries in the systemlog of mac os server and exactly the same error on the iphone (no wlan connection active):

Feb 22 15:35:48 myserver.com racoon[86348]: Connecting.

Feb 22 15:35:48 myserver.com racoon[86348]: IPSec Phase 1 started (Initiated by peer).

Feb 22 15:35:48 myserver.com racoon[86348]: IKE Packet: receive success. (Responder, Main-Mode message 1).

Feb 22 15:35:48 myserver.com racoon[86348]: >>>>> phase change status = Phase 1 started by us

Feb 22 15:35:48 myserver.com racoon[86348]: IKE Packet: transmit success. (Responder, Main-Mode message 2).

Feb 22 15:35:49 myserver.com racoon[86348]: IKE Packet: receive success. (Responder, Main-Mode message 3).

Feb 22 15:35:49 myserver.com racoon[86348]: IKE Packet: transmit success. (Responder, Main-Mode message 4).

Feb 22 15:35:49 myserver.com racoon[86348]: Ignore INITIAL-CONTACT notification, because it is only accepted after Phase 1.

Feb 22 15:35:49 myserver.com racoon[86348]: IKEv1 Phase 1 AUTH: success. (Responder, Main-Mode Message 5).

Feb 22 15:35:49 myserver.com racoon[86348]: IKE Packet: receive success. (Responder, Main-Mode message 5).

Feb 22 15:35:49 myserver.com racoon[86348]: IKEv1 Phase 1 Responder: success. (Responder, Main-Mode).

Feb 22 15:35:49 myserver.com racoon[86348]: IKE Packet: transmit success. (Responder, Main-Mode message 6).

Feb 22 15:35:49 myserver.com racoon[86348]: IKE Packet: transmit success. (Information message).

Feb 22 15:35:49 myserver.com racoon[86348]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).

Feb 22 15:35:49 myserver.com racoon[86348]: IPSec Phase 1 established (Initiated by peer).

Feb 22 15:35:50 myserver.com racoon[86348]: IPSec Phase 2 started (Initiated by peer).

Feb 22 15:35:50 myserver.com racoon[86348]: IKE Packet: receive success. (Responder, Quick-Mode message 1).

Feb 22 15:35:50 myserver.com racoon[86348]: >>>>> phase change status = Phase 2 started

Feb 22 15:35:50 myserver.com racoon[86348]: IKE Packet: transmit success. (Responder, Quick-Mode message 2).

Feb 22 15:35:50 myserver.com racoon[86348]: IKE Packet: receive success. (Responder, Quick-Mode message 3).

Feb 22 15:35:50 myserver.com racoon[86348]: IKEv1 Phase 2 Responder: success. (Responder, Quick-Mode).

Feb 22 15:35:50 myserver.com racoon[86348]: IPSec Phase 2 established (Initiated by peer).

Feb 22 15:35:50 myserver.com racoon[86348]: >>>>> phase change status = Phase 2 established

Feb 22 15:35:50 myserver.com vpnd[45763]: Incoming call... Address given to client = 10.0.1.201

Feb 22 15:35:51 myserver.com vpnd[45763]: Incoming call... Address given to client = 10.0.1.200

Feb 22 15:35:53 myserver.com vpnd[45763]: Incoming call... Address given to client = 10.0.1.209

Feb 22 15:35:58 myserver.com vpnd[45763]: Incoming call... Address given to client = 10.0.1.208

Feb 22 15:36:02 myserver.com vpnd[45763]: Incoming call... Address given to client = 10.0.1.205

Feb 22 15:36:06 myserver.com vpnd[45763]: Incoming call... Address given to client = 10.0.1.204

Feb 22 15:36:10 myserver.com vpnd[45763]: Incoming call... Address given to client = 10.0.1.206

Feb 22 15:36:11 myserver.com racoon[86348]: IKE Packet: receive success. (Information message).

Feb 22 15:36:20 --- last message repeated 1 time ---

Feb 22 15:36:20 myserver.com pppd[46589]: invalid address parameter '2002:4d3a:7d1a::9284:dff:fed2:bd8' for ms-dns option

Feb 22 15:36:20 myserver.com vpnd[45763]: --> Client with address = 10.0.1.201 has hungup

Feb 22 15:36:22 myserver.com pppd[46593]: invalid address parameter '2002:4d3a:7d1a::9284:dff:fed2:bd8' for ms-dns option

Feb 22 15:36:22 myserver.com vpnd[45763]: --> Client with address = 10.0.1.200 has hungup

Feb 22 15:36:23 myserver.com pppd[46594]: invalid address parameter '2002:4d3a:7d1a::9284:dff:fed2:bd8' for ms-dns option

Feb 22 15:36:23 myserver.com vpnd[45763]: --> Client with address = 10.0.1.209 has hungup

Feb 22 15:36:28 myserver.com pppd[46599]: invalid address parameter '2002:4d3a:7d1a::9284:dff:fed2:bd8' for ms-dns option

Feb 22 15:36:28 myserver.com vpnd[45763]: --> Client with address = 10.0.1.208 has hungup

Feb 22 15:36:32 myserver.com pppd[46603]: invalid address parameter '2002:4d3a:7d1a::9284:dff:fed2:bd8' for ms-dns option

Feb 22 15:36:32 myserver.com vpnd[45763]: --> Client with address = 10.0.1.205 has hungup

Feb 22 15:36:36 myserver.com pppd[46607]: invalid address parameter '2002:4d3a:7d1a::9284:dff:fed2:bd8' for ms-dns option

Feb 22 15:36:36 myserver.com vpnd[45763]: --> Client with address = 10.0.1.204 has hungup

Feb 22 15:36:40 myserver.com pppd[46608]: invalid address parameter '2002:4d3a:7d1a::9284:dff:fed2:bd8' for ms-dns option

Feb 22 15:36:40 myserver.com vpnd[45763]: --> Client with address = 10.0.1.206 has hungup

myserver.com stands for my FQDN resolved in dyndns.com and entered in VPN-Panel on Server, all mentioned ports forwarded in Airport-extreme to Mac Server.

Any ideas?

Reply

Answer 9

bruce00j Author

Level 1

1 points

Feb 24, 2014 12:56 AM in response to Heinz Hegnauer

Unfortunatly I have not come accross a solution, but for the time being I am using LogMeIn Hamachi. although it's not the best when using it for free its a stabel placement until I can get this sorted out.

Reply

Answer 10

Feb 24, 2014 6:17 AM in response to bruce00j

It does not look like your particular problem but the following gotchas can apply.

You must use the shortname for your user account, not the full name e.g. jsmith not John Smith
Your VPN server must either be a or be connected to Open Directory
You must have enabled the desired accounts to be allowed to use the VPN service
If using Mavericks on your server you should upgrade to the latest 10.9.1 and Server.app and also the VPN bug fix, see http://support.apple.com/kb/DL1716

Reply

Answer 11

bruce00j Author

Level 1

1 points

Feb 24, 2014 6:47 AM in response to John Lockwood

1.I've got the name correct (the account is just under "Server" with the same shortname)

2. I'm not really sure what to do about open directories

3. I'm not sure what you mean by that all I want to do is for me to be able to connect to a seperate office use remote accsess and have their computers backed up to my computer.

4. I have already installed the patch and I am running 10.9.1

Reply

Answer 12

Feb 25, 2014 4:49 AM in response to bruce00j

@john: tip with open directory was new and made me hope...but even with OD activated the problem persists....

have now installed teamviewer as a intermediate solution. it's not what i wanted but better than nothing...

Reply

Answer 13

keg55

Level 6

11,755 points

Feb 25, 2014 7:53 AM in response to bruce00j

Boy, I wish I was sitting in front of your Server to help you with this. Not sure what's going on and why the difficulty using L2TP from your iPhone. You seem to have everything setup correctly.

Also, Open Directory has nothing to do with a VPN connection if you're using L2TP. If you use PPTP then it does as PPTP can only use network accounts.

Reply

Answer 14

Mar 14, 2014 1:24 PM in response to bruce00j

Hi Bruce

I had the same problem today. I'm using no-ip too. My mistake was that I added the hostname as the vpn hostname. For example:

My domain is mydomain.no-ip.biz

My machinerecord and hostname therfore server.mydomain.no-ip.biz

If I use this hostname as the VPN hostname it works great inside my network, but from outside I get the message domain not found.

I changed the VPN-Hostname to myserver.no-ip.biz (the indicator ligt turned RED) but now it works from outside.

If someone knows how to fix that, I wait for the answer. But I can use it now from outside my network.

Hope this helped a bit.

Marco

Reply

Answer 15

bruce00j Author

Level 1

1 points

Mar 17, 2014 3:08 AM in response to marcorobert

I'm not sure what you mean there,

Is it that your computer is named i.e. 1 then your server is 2.no-ip.biz and you tried 1.2.no-ip.biz and then you used 1.no-ip.biz?

If so I have just tried it and it didn't change anything sadley.

I've been on the phone to apple tech support and even they are a little stumped as to why its not working they said it could be something to do with the router before my airport but I've phoned the company who provided it and they should not be anything on the router to stop it at all so I'm at a loss here on what to do, hamachi did not prove a good enough substitute I was getting speeds of 8 bytes a second and that it useless for what I want to do which is back up sever MB/GB of files at the end of every week from another office.

Hope someone out there has an answer!

Reply

Quick Links

Trouble connecting to VPN while outside local network