VPN port 1701 not open?

Question

VPN port 1701 not open?

I run Server 4.0.3, Yosemite behind a AEBS latest version. All software up to date.

I cannot make VPN to work. It works from within the network but not from outside.

It has to do with, that the server is not listening on port 1701, which in my understanding is responsible for L2TP connections.

If I connect from within the LAN the log reads

Tue Feb 3 16:33:30 2015 : publish_entry SCDSet() failed: Success!

Tue Feb 3 16:33:36 2015 : l2tp_get_router_address

Tue Feb 3 16:33:36 2015 : l2tp_get_router_address 10.0.117.1 from dict 1

Tue Feb 3 16:33:37 2015 : L2TP connecting to server 'access.embatek.com.br' (201.6.116.2)...

Tue Feb 3 16:33:37 2015 : IPSec connection started

Tue Feb 3 16:33:38 2015 : IPSec connection established

Tue Feb 3 16:33:38 2015 : L2TP connection established.

Tue Feb 3 16:33:38 2015 : L2TP set port-mapping for en1, interface: 5, protocol: 0, privatePort: 0

Tue Feb 3 16:33:38 2015 : Using interface ppp0

Tue Feb 3 16:33:38 2015 : Connect: ppp0 <--> socket[34:18]

Tue Feb 3 16:33:38 2015 : L2TP port-mapping for en1, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: c9067402, Public Port: 0, TTL: 0.

from Outside

ue Feb 3 16:37:12 2015 : publish_entry SCDSet() failed: Success!

Tue Feb 3 16:37:12 2015 : publish_entry SCDSet() failed: Success!

Tue Feb 3 16:37:12 2015 : l2tp_get_router_address

Tue Feb 3 16:37:12 2015 : l2tp_get_router_address 172.20.10.1 from dict 1

Tue Feb 3 16:37:12 2015 : L2TP connecting to server 'access.embatek.com.br' (201.6.116.2)...

Tue Feb 3 16:37:12 2015 : IPSec connection started

Tue Feb 3 16:37:12 2015 : IPSec phase 1 client started

Tue Feb 3 16:37:22 2015 : IPSec connection failed

Any hints where I should start mingling ..

Yours P

Mac mini Server (Mid 2010), OS X Server

Posted on Feb 3, 2015 10:48 AM

Reply

Answer 1

jepping

Level 3

785 points

Feb 3, 2015 11:46 AM in response to Pierre Froelicher1

Hi Pierre,

You need ports 500, 1701 en 4500 for VPN L2TP to work. Those need to be set to UDP not TCP.

Depending on your setup either enable port forwarding on your AEBS or your internet-router.

Point those ports towards your server, which has a static IP address, then test again.

Goodluck

Jeffrey

Reply

Answer 2

Feb 17, 2015 4:52 PM in response to jepping

Jeffrey,

Thank you a lot. I have opened the port for VPN LPT on my AEBS.. but somehow I still cannot make VPN to work.

Testing from home it says

17/02/15 22:46:50,276 nesessionmanager[2637]: NESMLegacySession[VPN (access.embatek.com.br):D8B7EDFB-ACCA-423B-AD05-1239A4A282F5]: status changed to disconnected, last stop reason 0

Last stop reason ()... haha.

I have really no clue where to look from here.

I am pretty sure that it is a problem of my provider. I had problems with port 80, which after many, many phonecalls they resolved.. always after saying:" No.. we do not block anything.

Any more hints..?

Yours

P

Reply

Answer 3

jepping

Level 3

785 points

Feb 18, 2015 12:09 AM in response to Pierre Froelicher1

Hi,

Well that is kind of cryptic indeed. I would suggest changing your VPN setup to support PPTP as well and forward port 1723. That can be tested with this website: http://www.yougetsignal.com/tools/open-ports/

That will give you a good idea what is going on.

Forward port 1723 from your AEBS towards your server, then test access from a PPTP connection, which is less secure than L2TP due to a missing shared secret. When it does work, create a specific user for that connection with a strong password.

Ports might be blocked or not accessible by your provider, this would be the next step to verify whether this is the case or not.

Goodluck

Jeffrey

Reply