VPN Status: Available - Reachability unknown

Hi, I just want to chime in because my problem is so similar:

You write: “the VPN seemed to periodically stop working unless I reset the software (always when I was out and needed access!)“

The only thing: I never used 3rd party software, only Server (Currently 5.3.1) and the problem has been there from day one.

I really feel like the ‘3600seconds timeout bug’ in older OS X versions.

That had to do with PPTP I remember and there was a workaround altering a .conf file in /var/racoon or something.

Haven’t figured it out yet. Have you?

To run a public VPN server behind an NAT gateway, you need to do the following:

1. Give the gateway either a static external address or a dynamic DNS name. The latter must be a DNS record on a public DNS registrar, not on the server itself. Also in the latter case, you must run a background process to keep the DNS record up to date when your IP address changes.

2. Give the VPN server a static address on the local network, and a hostname that is not in the top-level domain "local" (which is reserved for Bonjour.)

3. Forward external UDP ports 500, 1701, and 4500 (for L2TP) and TCP port 1723 (for PPTP) to the corresponding ports on the VPN server. The Server app can set this up for you if you have an Apple router.

If your router is an Apple device, select the Network tab in AirPort Utility and click Network Options. In the sheet that opens, check the box marked

Allow incoming IPSec authentication

if it's not already checked, and save the change.

There may be a similar setting on a third-party router.

4. Configure any firewall in use to pass this traffic.

5. Each client must have an address on a netblock that doesn't overlap the one assigned by the VPN endpoint. For example, if the endpoint assigns addresses in the 10.0.0.0/24 range, and the client has an address on a local network in the 10.0.1.0/24 range, that's OK, but if the local network is 10.0.1.0/16, there will be a conflict. To lessen the chance of such conflicts, it's best to assign addresses in a random sub-block of 10.0.0.0./0 with a 24-bit netmask.

6. "Back to My Mac" is incompatible with the VPN service. It must be disabled both on the server and on an AirPort router, if applicable.

7. Bonjour will not work over an L2TP or PPTP VPN. To make services accessible through the tunnel, you need a working DNS service.

Where applicable, services such as Mail must be configured to listen on the netblock assigned to VPN clients.

8. If the server is directly connected to the Internet, rather than being behind NAT, see this blog post.

I have the very same problem, although I suspect I may be partially responsible. Initially I had a VPN server setup using 3rd party software (VPNEnabler) which worked OK. However, the VPN seemed to periodically stop working unless I reset the software (always when I was out and needed access!), so I purchased Server. I deleted VPN Enabler (but not sure I did this "cleanly") and proceeded to attempt to setup Server.

Bottom Line: I can't connect from anywhere externally (I have verified all of the relevant steps in your helpful reply above) and I get the same error message as the same post in the Server-Services-VPN tab. The most odd thing is that I don't seem to be able to turn the VPN off either. When I move the slider, it simply comes back on. I have also tried command line tools to stop the VPN, but that doesn't work either. This leads me to suspect that I have corrupted something, somehow.

Any advice would be gratefully received and I'm happy to post further screen shots as required