You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: googe
googe Author
User level: Level 1
10 points

PPTP VPN is broken on Yosemite

Does anyone have a fix for PPTP VPN. Works great on another Mac running Mavericks right next to the Mac running Yosemite.


Created a PPTP VPN network setting same as the Mavericks computer, connecting to the same server at work (running Watchguard PPTP) and it never connects.

Posted on Oct 18, 2014 12:39 AM

Reply
Question marked as Top-ranking reply
User profile for user: BW Martin
BW Martin
User level: Level 1
40 points

Posted on Oct 19, 2014 8:48 AM

When using a static IP address and manual entries for subnet and router in the network settings, Yosemite VPN fails to stay connected. This is probably a bug or an error that Apple needs to fix.


When having the client computer (the one you are using) network settings configured to either just use DHCP or DHCP with manual address, the VPN connections (both L2TP and PPTP) work. If using ARD to access computers on the local network, the results are better if you select "Send all traffic over VPN connection" under advanced options for the VPN connection.

View in context
25 replies
User profile for user: googe
googe Author
User level: Level 1
10 points

Dec 22, 2014 10:07 AM in response to googe

Yosemite (Public Beta) 10.10.2 does fix the VPN problem (you will need to reboot your VPN server if possible, I needed to reboot mine).


I was able to establish a VPN if my client has static IP or DHCP IP locally.


With previous versions of Yosemite, you could only start a VPN if the client had a local DHCP IP address.

Reply
User profile for user: mimiveg
mimiveg
User level: Level 1
0 points

Jan 5, 2015 3:11 AM in response to mkbrogers

Did you manage to fix this ? I have the same issue following upgrade to Yosemite. Previously established VPN set up with Mavericks connect ok and the network pref screen for the VPN shows sent/received traffic but none of the previously mapped server drives will parse (and they can't be pinged either). I have tried all the other fixes here except installing the beta........

Reply
User profile for user: dmltv
dmltv
User level: Level 1
10 points

Oct 13, 2015 5:27 AM in response to BW Martin

Do you mean using a static IP on the VPN server? it's not completely clear from your answer.


At the office:

  • I have a server behind a router with a static IP.
  • The server runs Yosemite 10.10.5 with server 5.0.4.
  • I have OD set up with all users able to access VPN.
  • I have a domain mapped to the WAN address of the router.
  • I have checked port forwarding settings on the router, all VPN port entries have been entered correctly a year ago, and have functioned up until last week.
  • Our internet connection was recently blocked by the ISP because of an open UDP 53 port. This has since been closed. Could it be they are blocking VPN traffic and other insecure services?


On Home-Office locations I have:

  • Clients with dynamic DHCP IP's
  • VPN is configured using a profile generated by the server
  • The VPN profile is unsigned, no idea how to sign it, i checked the box at profile manager setting.
  • I have tried setting the "Send all traffic" checkbox, and this did not change behaviour
  • I have tried changing the wi-fi service order as suggested here: Re: PPTP VPN is broken on Yosemite
  • nmap has trouble finding ports:
nmap server.com -Pn

Starting Nmap 6.47 ( http://nmap.org ) at 2015-10-13 13:41 CEST
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0

SSH connections timing out to the server


The crew recently added a new computer to the mix, I believe that has El Capitan installed. That one used to work fine up until a week ago, using the new profile, before that was installed we had renewed our certificates.


I've found the following log message repeated a few times earlier today:

server.com racoon[]: failed to bind to address fdb6:7c16:9c8f:47eb:78e0:df69:89a8:edcd[500]: because interface address is/was not ready (flags 2)


and it seems to be related to this topic as well:

VPN fails when rebooted

And this:

Re: PPTP VPN is broken on Yosemite


So my question is, is 5.0.4 the culprit, and should I file a bug report?

Or are the new certificates the problem? We downloaded the new trust profiles and reinstalled profiles after the certificate renewal, so should not be the problem imo.

Or should I contact the ISP? which of these is the likely culprit? Is it a mix of the two?

Reply
User profile for user: dmltv
dmltv
User level: Level 1
10 points

Oct 13, 2015 6:17 AM in response to dmltv

Ok so I've found my own solution.

The VPN works fine if I use the "Exposed host" feature of the modem. Of course this is completely insecure, but the regular port forwarding settings don't do jack!


Also the VPN server survives the reboot, so the startup script isn't needed 🙂 Of to bicker with the ISP!

Reply

PPTP VPN is broken on Yosemite

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up