Yosemite VPN (PPTP) issue

Hello all,

only to bump this post once again. I own latest, to date, Yosemite update: 10.10.4

I can not connect to a - working and correct - VPN network. People can successfully connect via a PC.

I connect via default PPP configuration. Both WiFi and Ethernet does not work.

In the top bar the VPN status connection indicates I am connected, but there is no way I can access the VPN network and resources, or ping anything.

Here are my connect and disconnect Console log. Hope they can be of some help:

*** [CONNECT]

Aug 1 11:40:37 Mac-Mini-Matteo kernel[0]: ppp0: is now delegating bridge0 (type 0xd1, family 2, sub-family 0)

Aug 1 11:40:41 Mac-Mini-Matteo.local networkd[186]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache

Aug 1 11:40:41 Mac-Mini-Matteo.local configd[47]: network changed: v4(ppp0+:192.168.1.92, bridge0) DNS! Proxy! SMB

Aug 1 11:40:42 Mac-Mini-Matteo.local apsd[70]: Illegal subject name missing 'courier.push.apple.com' (2.5.4.3): ({

label = "2.5.4.6";

"localized label" = "2.5.4.6";

type = string;

value = US;

}, {

label = "2.5.4.8";

"localized label" = "2.5.4.8";

type = string;

value = California;

}, {

label = "2.5.4.7";

"localized label" = "2.5.4.7";

type = string;

value = Cupertino;

}, {

label = "2.5.4.10";

"localized label" = "2.5.4.10";

type = string;

value = "Apple Inc.";

}, {

label = "2.5.4.3";

"localized label" = "2.5.4.3";

type = string;

value = "courier.sandbox.push.apple.com";

})

*** [DISCONNECT]

Aug 1 11:41:16 Mac-Mini-Matteo.local mDNSResponder[84]: getExtendedFlags: SIOCGIFEFLAGS failed, errno = 6 (Device not configured)

Aug 1 11:41:16 Mac-Mini-Matteo.local configd[47]: network changed: v4(bridge0:192.168.1.81, ppp0-:192.168.1.92) DNS! Proxy! SMB

Aug 1 11:41:16 Mac-Mini-Matteo.local networkd[186]: +[NETLedBelly stopFastFail] Clearing ledbelly failure cache

Aug 1 11:41:16 Mac-Mini-Matteo.local configd[47]: network changed: v4(bridge0:192.168.1.81) DNS* Proxy SMB

Aug 1 11:41:18 Mac-Mini-Matteo.local apsd[70]: Illegal subject name missing 'courier.push.apple.com' (2.5.4.3): ({

label = "2.5.4.6";

"localized label" = "2.5.4.6";

type = string;

value = US;

}, {

label = "2.5.4.8";

"localized label" = "2.5.4.8";

type = string;

value = California;

}, {

label = "2.5.4.7";

"localized label" = "2.5.4.7";

type = string;

value = Cupertino;

}, {

label = "2.5.4.10";

"localized label" = "2.5.4.10";

type = string;

value = "Apple Inc.";

}, {

label = "2.5.4.3";

"localized label" = "2.5.4.3";

type = string;

value = "courier.sandbox.push.apple.com";

})

Hope Apple can soon fix it.

Thank you.

Matteo

OK, after a very frustrating couple of days, Apple enterprise support was very helpful!

I will admit it was a dumb move on my part.

PPTP requires two things that L2TP does not:

1) The accounts have to be "Local Network Users"

2) Open Directory has to be running.

Hope this helps!

Thanks garyfromarcmac for help.

The solution you suggested is rather impossible for me, working outside of an Open Directory network. Am I wrong?

The issue remains unsolved in my case.

Well open directory just has to be running as a service on the server that is hosting the VPN. It is easy to configure if you don't need it to tie to any other services. In Yosemite server it is in the advanced tab. Once you turn it in it will walk you through the setup. Good luck!

Well, I hope somebody at Apple will fix the issue also in case of a connection to a Windows network with PPPT VPN.

I saw in many posts over the internet that the problem is still there, even after several months, and it is affecting many users.

I have same issue can not connect to vpn I have to boot up to the linux to make connection...

I could be wrong, but I think you are running a 192.168.1.X network at home and you are trying to connect to a 192.168.1.X IP range at work. That won't work. If you can confirm the remote site and your site are both using the same range, change your home location (I doubt you'll get the office to change, although using the default range of most home routers in an office environment will forever cause issues like this) to something different such as 192.168.168.X in your AirPort/Internet Router. (Note, if you have a lot of devices configured, this can be a big change. Wifi or Ethernet printers will need to be update to the new range, as will any other network sharing devices you use. Devices such as game consoles or TVs should pull a new DHCP assigned address once you update the router you are using). The below list is the allowed non-routable IP ranges one should use when NAT'd behind a firewall.

IPv4 Private Address Space and Filtering

• 10.0.0.0/8 IP addresses: 10.0.0.0 -- 10.255.255.255
• 172.16.0.0/12 IP addresses: 172.16.0.0 -- 172.31.255.255
• 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255

It is always advisable that an office or any other environment that will be supporting multiple users, pick a range that is not common to consumer devices. Most consumer home routers will use 10.0.0.X or 192.168.1.X. Using something like 172.16.10.X for your office will reduce the chance of having both ends with the same IP range.

Thanks dfollis for the good reply first of all.

Yes I can confirm you my IP NAT range is 192.168.1.x.

I got the point about mismatch IP range between home/office network, but there is still something that confuses me.

How is it possible that I can successfully connect with my PC?

Talking about network interfaces, as far as I understood, they should be operating system agnostic.

So what's the difference between a Mac and a PC, in this case?

I then searched for docs about changes subnet mask, well my ISP router (Telecom Italia in my case) - does not - allow me to change the subnet.

At least, with the device I am using.

The IP address space I can only work with is 192.168.1.x.

For the moment, I can't see for a solution that works.

Thank you

Has the VPN problem solved in EI Capitan? I am in China, this is an important problem for me. Without a VPN, I cannot use google or gmail.

Same problem here, I just upgrade my macbook pro this morning and everything works EXCEPT GlobalProtect VPN,

I noticed that the service is not running

Efrain Collect $ netstat -an | grep 4767

Efrain Collect $

And in the logs the logs I have

P 338-T5643 Oct 05 19:00:31:835903 Info ( 66): ####################### Start PanGPS service (ver: 1.1.5-5) #######################

P 338-T5643 Oct 05 19:00:31:835915 Info ( 67): Debug level is 5

P 338-T6919 Oct 05 19:00:31:835929 Info ( 620): debug thread starts

P 338-T5643 Oct 05 19:00:31:835960 Debug( 439): cannot open /var/run/PanGPS.pid, assume no old instance running

P 338-T5643 Oct 05 19:00:31:858673 Info ( 33): Mac OSX (Version 10.11.0)

/Applications/GlobalProtect.app/Contents/Resources/pangpd.kext failed to load - (libkern/kext) not loadable (reason unspecified); check the system/kernel logs for errors or try kextutil(8).

P 338-T5643 Oct 05 19:00:33:504104 Error( 111): install driver failed

P 338-T5643 Oct 05 19:01:18:831896 Info ( 124): receive sig 15

P 338-T5643 Oct 05 19:01:18:831906 Info ( 93): Stop PanGPS

P 338-T6919 Oct 05 19:01:19:194293 Info ( 626): debug thread ends

P 338-T5643 Oct 05 19:01:19:348214 Debug( 377): event signaled

P 338-T5643 Oct 05 19:01:19:348268 Info ( 242): killServiceEvent is signaled

I tried to relax the kernel with

sudo nvram boot-args="kext-dev-mode=1"

and even after rebooting, the same behavior with the VPN client.

Does anyone have an idea/suggestion?

Regards

My vpn do work in El capitan. So if one has problem with his vpn in Yosemite, I suggest him to update the mac OS.

Thank you! Creating a new location & then adding the VPN connection, fresh, seemed to do the magic... Thank you for sharing your experiences!!