VPN Problems - The L2TP-VPN server did not respond

Question

VPN Problems - The L2TP-VPN server did not respond

Okay, so I read quite a few threads about this and can't really figure it out. Would be great if I can get some handholding.

I'm a complete newbie, trying to set up Server for home use. The VPN service seems to be running fine, but I just can't connect from the clients, it just keeps saying "The L2TP-VPN server did not respond". Here is a glimpse at my settings:

- I have opened up all the relevant ports for UDP (500,1701,4500) and TCP (1723). But this is only required for the Server, right?

- I don't have a domain name yet so just using my external IP. This is what I put in under VPN Host name in the Server and Client settings.

- I login with username and password credentials for one of my network users as created in the Server. Format is username@108.27.xx.xxx and the password is the same as the login password.

** I seem to get a 'authentication failed' error if I just use my local IP address... Not sure whats happening their, but before that I need to be able to connect to Server with the external IP!

Am I missing something? Why won't my client connect and that too when I'm at home?

iPhone 5, iOS 6.1.4

Posted on Mar 8, 2014 4:02 PM

Reply

Answer 1

Mar 8, 2014 4:05 PM in response to CorporateHippy

This is what my console shows, if that helps!

3/8/14 7:04:45.145 PM racoon[209]: IKE Packet: transmit success. (Phase 1 Retransmit).

3/8/14 7:04:48.426 PM racoon[209]: IKE Packet: transmit success. (Phase 1 Retransmit).

3/8/14 7:04:51.704 PM racoon[209]: IKE Packet: transmit success. (Phase 1 Retransmit).

3/8/14 7:04:51.951 PM pppd[13530]: IPSec connection failed

3/8/14 7:04:51.953 PM racoon[209]: IPSec disconnecting from server 108.27.48.129

3/8/14 7:04:52.120 PM UserNotificationCenter[13532]: *** WARNING: Method userSpaceScaleFactor in class NSWindow is deprecated on 10.7 and later. It should not be used in new applications. Use convertRectToBacking: instead.

Reply

Answer 2

Linc Davis

Level 10

209,739 points

Mar 8, 2014 5:07 PM in response to CorporateHippy

To run a public VPN server behind an NAT gateway, you need to do the following:

1. Give the gateway either a static external address or a dynamic DNS name. The latter must be a DNS record on a public DNS registrar, not on the server itself. Also in the latter case, you must run a background process to keep the DNS record up to date when your IP address changes.

2. Give the VPN server a static address on the local network, and a hostname that is not in the top-level domain "local" (which is reserved for Bonjour.)

3. Forward external UDP ports 500, 1701, and 4500 (for L2TP) and TCP port 1723 (for PPTP) to the corresponding ports on the VPN server.

If your router is an Apple device, select the Network tab in AirPort Utility and click Network Options. In the sheet that opens, check the box marked

Allow incoming IPSec authentication

if it's not already checked, and save the change.

With a third-party router, there may be a similar setting.

4. Configure any firewall in use to pass this traffic.

5. Each client must have an address on a netblock that doesn't overlap the one assigned by the VPN endpoint. For example, if the endpoint assigns addresses in the 10.0.0.0/24 range, and the client has an address on a local network in the 10.0.1.0/24 range, that's OK, but if the local network is 10.0.1.0/16, there will be a conflict. To lessen the chance of such conflicts, it's best to assign addresses in a random sub-block of 10.0.0.0./0 with a 24-bit netmask.

6. "Back to My Mac" on the server is incompatible with the VPN service.

If the server is directly connected to the Internet, see this blog post.

Reply

Answer 3

Mar 8, 2014 5:21 PM in response to Linc Davis

Thanks so much Linc! To be honest quite a bit of those instructions went above my head, but let me start with this - can I not have a VPN running without a domain name? I can just use my external IP instead, right?

I think I have achieved almost all of those things, except checking whether my router is enabled for IPSec, which I'm not sure how to do on a Verizon Fios router.

Strange thing is I can't even connect to the VPN locally, it fails to authenticate - which makes me question if I have configured the settings right. This is what I do:

- I login with username and password credentials for one of my network users as created in the Server. Format is username@108.27.xx.xxx and the password is the same as the login password.

Reply