OS X Server VPN not working

Question

OS X Server VPN not working

Hi

I have had a problem when trying to set up the vpn service on os x server. I use OS X Mountain Lion server. The problem is that when I set up the vpn service in the server app, it won't let me connect to the vpn using my public ip address or outside my network. It will work if I type in the IPV4 address of the server inside the network. It just won't work outside the network. I looked up the port number for OS X Server VPN and did the port-forwarding in the router. Unless i have the port wrong (which is doubt), why would this not be working. I am using L2TP to connect to the server but I have also tried PPTP and that did not work either. I think that the problem must be something with getting the vpn on the internet since it works perfectly fine inside the network.

Thanks for any help.

Michael

Posted on Apr 2, 2015 2:46 PM

Reply

Answer 1

Loner T

Level 9

59,471 points

Apr 2, 2015 3:06 PM in response to michaelsmithcomputers

Are you able trace the VPN packets from outside through your router and firewall(s)?

You may also want to post in Mac OS X Lion Server and macOS Server.

Please also see

OS X Server (Mavericks): Clients cannot connect to VPN service using L2TP - Apple Support

OS X Server: How to connect to VPN service from Windows - Apple Support

About the VPN Update for OS X Server - Apple Support

Reply

Answer 2

Apr 2, 2015 3:49 PM in response to Loner T

How would i trace the VPN packets?

Reply

Answer 3

Apr 2, 2015 4:04 PM in response to michaelsmithcomputers

The links did not help because I am using Mountain Lion server, not Mavericks server. The Mac i am trying to connect to the vpn is on Mavericks version 10.9.5.

Reply

Answer 4

Loner T

Level 9

59,471 points

Apr 2, 2015 4:36 PM in response to michaelsmithcomputers

If you have a port-mirroring switch (I use a Netgear GS105E), it is very handy.

This is the typical configuration for a VPN. Let us assume L2TP.

VPN Client (L2TP) -> WAN Router/Firewall (Outside) -> LAN Port Forwarding (inside) -> VPN Server (LNS = OS X server).

You may not be able decrypt packets, but you can see outer headers. If the WAN Router/Gateway has port mirroring functions, you can watch incoming packets at the WAN Interface. The Router/Gateway should just forward packets to the designated Port/IP.

If the packets make it past the Router/Gateway, the Server configuration should be checked. Temporarily, you can turn off the firewall and see if you can get to the OS X server. It will help in pinpointing where the issue might be. Shared secrets should also be checked.

If you are able to VPN from inside, it is a very strange configuration. Usually coming from inside to inside is not permitted.

If the clients and servers use the same intranet addresses, for example the client uses 192.168.x.x and the server is also on 192.168.x.x, you will run into issues. You may need to reserve address space for VPN clients.

Reply

Answer 5

Apr 2, 2015 5:42 PM in response to Loner T

I can't find anything with port mirroring in the router. I have no firewall installed or firewall/other security software installed or configured on the server. I am not sure what you mean by reserve address space. My computer has an ipv4 of 192.168.1.17 and the server had 192.168.1.16. If I type the ipv4 of the server into the server address field when trying to connect to the vpn in system preferences, it connects and works fine.

Reply

Answer 6

Loner T

Level 9

59,471 points

Apr 2, 2015 6:11 PM in response to michaelsmithcomputers

Are you certain you are connecting from inside to inside via a VPN? If the L2TP tunnel has IP addresses which are the same inside and outside the tunnel, routing can be very confusing, and with NAT/PAT, it can fail.

Reply