Lion 10.7.2 VPN service not working

Hi,
I have a clean installation of 10.7.2 on a Mac Pro which is not able to provide VPN service.  Here's what is configured:
*OD Master - users and groups in place
*firewall active with allow rules for all necessary VPN ports (500, 1701, 4500)
*port forwarding on router to server IP address of 500, 1701 and 4500
*pre-shared key in place
*VPN server turned on
I spent over an hour on the phone with Apple Enterprise Support and they finally conceded "the engineers have informed us that there is a bug with the VPN service and that it is being looked at currently. It will hopefully be addressed in the pending OS update." 
Steps to reproduce:
1. client is configured with approprate IP address, username, password and PSK
2. client attempts to connect
3. server's VPN log which should be in /var/log/ppp/vpnd.log is not populating with any new data, but the top-level "all messages" in console is showing a slew of information.  Here is what is displaying:
12/4/11 8:42:41.340 PM          racoon          Connecting.
12/4/11 8:42:41.340 PM          racoon          IPSec Phase1 started (Initiated by peer).
12/4/11 8:42:41.340 PM          racoon          IKE Packet: receive success. (Responder, Main-Mode message 1).
12/4/11 8:42:41.341 PM          racoon          IKE Packet: transmit success. (Responder, Main-Mode message 2).
12/4/11 8:42:41.400 PM          racoon          IKE Packet: receive success. (Responder, Main-Mode message 3).
12/4/11 8:42:41.423 PM          racoon          IKE Packet: transmit success. (Responder, Main-Mode message 4).
12/4/11 8:42:44.297 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:42:47.300 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:42:50.303 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:43:02.316 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:43:17.332 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:43:35.350 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:43:56.373 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:44:20.399 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
12/4/11 8:44:47.428 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
All that is displaying in the /var/log/ppp/vpnd.log is:
2011-12-04 19:39:29 EST          Loading plugin /System/Library/Extensions/L2TP.ppp
2011-12-04 19:39:29 EST          Listening for connections...
2011-12-04 19:49:36 EST          terminating on signal 15
#End-Date: 2011-12-04 19:49:36 EST
#Start-Date: 2011-12-04 19:49:38 EST
#Fields: date time s-comment
2011-12-04 19:49:38 EST          Loading plugin /System/Library/Extensions/L2TP.ppp
2011-12-04 19:49:38 EST          Listening for connections...
2011-12-04 20:04:13 EST          terminating on signal 15
#End-Date: 2011-12-04 20:04:13 EST
#Start-Date: 2011-12-04 20:04:30 EST
#Fields: date time s-comment
2011-12-04 20:04:30 EST          Loading plugin /System/Library/Extensions/L2TP.ppp
2011-12-04 20:04:30 EST          Listening for connections...
I am hoping that this comes down to a bad port forwarding issue.  Does anything seen in the above logs indicate that to you?
What would my next step be for trying to repair the VPN service?  I want to avoid a reinstall if possible.
Thanks
Pete

Ok, so, the best FIRST test is to try from the local lan, same lan as the Lion server. L2TP works fine for me, PPTP definitely has a bug. You can configure the VPN connection in your network system preferences on the client machine. Just put in your local server IP.
The idea here is to first make sure VPN works on the LAN (which is useless of course but great for troubleshooting), once it does, THEN you can go to the next step and troubleshoot the remote connection.

Similar Messages

  • Lion Server DNS service not working for locally created zones. Caching working fine.

    OS Lion Server DNS service not working for local zones. Was fine under Snow leopard server but Lion server upgrade has severely broken my DNS and web sites. Zones look fine under Server Admin but keep getting "query failed (SERVFAIL) for xxxx at /SourceCache/bind9/bind9-42/bind9/bin/named/query.c:3921" in the logs. BTW - Server Admin cant seem to see the log file either.
    Surely someone actually tested that DNS still worked on Lion?

    I upgraded from Snow Leopard Server to Lion Server on day 01.  I hit the same issue where, after the upgrade, my Lion Server stopped serving names for my private local domain.
    I finally took a few minutes to figure out what was wrong.  After turning on debug logging and looking through the logs, I found my particular issue, now resolved.
    The issue I had was, when the domain initially was setup when I installed Snow Leopard Server, for some reason it created a zone just for the server (in my case, something like zone "s-01.mydomain.priv"), and a separate zone for all the other machines (zone "mydomain.priv", containing all the private IPs for my local domain).  I never messed with it because it worked, but generally I would have put all of them in the same zone.
    My zone "mydomain.priv" had a nameserver and mail exchanger entry for my server, s-01.mydomain.priv.  I could see this in the Server Admin app on the DNS bubble, Zones tab, mydomain.priv selected, and the General Info panel.  This was fine in Snow Leopard.  This was failing the zone load in the updated bind for Lion Server, though.  The issue was that the "mydomain.priv" zone was referencing the s-01.mydomain.priv server, which was not defined in the "mydomain.priv" zone but rather in the "s-01.mydomain.priv" zone.
    My fix:
    1. In Server Admin, add the server to the zone "mydomain.priv".  I put an A record (Add Machine) in the "mydomain.priv" zone for my server named s-01.mydomain.priv.
    2. shut down DNS on the OS X Lion Server (hit the Stop DNS button on Server Admin).
    3. edit /etc/named.conf by hand, removing the specialized zones that contianed just the server.  In this case, it would be the section titled 'zone "s-01.mydomain.priv"' and the section titled 'zone "3.10.1.10.in-addr.arpa"'.  Your in-addr.arpa zone name will change based on whatever your server IP address was.  My internal one happened to have s-01.mydomain.priv mapped to 10.1.10.3.
    4. Once the specialized zones for just the server were removed, I started the DNS up again.  Instead of serving four zones as it had in OS X Snow Leopard Server, it now servers two zones.  And, now, it is resolving my local machines for the mydomain.priv zone.
    YMMV.  I did note that it wasn't totally necessary to do step 3, but I never really understood the need for the specialized domain, and keeping it around would have a copy of data that would just confuse things.
    Hope that helps.  That's been the only hiccup I've noticed updating to OS X Lion Server thus far.

  • Scniwall 2400 GVC (vpn) is not working after FIPS Enable

    Hi ,Yesterday i have enabled FIPS Mode on my Sonicwall 2400 after that globle vpn is not working i i am getting following error which connecting:2015/07/10 16:17:52:918 Information x.x.x.x Phase 1 has completed.2015/07/10 16:17:52:918 Error x.x.x.x Failed to validate incoming ISAKMP payload after decryption.2015/07/10 16:17:52:918 Information An incoming ISAKMP packet from x.x.x.x was ignored.2015/07/10 16:17:52:933 Warning x.x.x.x Received an unencrypted packet but encryption keys have already been established.2015/07/10 16:17:52:933 Error x.x.x.x Failed to decrypt buffer.2015/07/10 16:17:52:933 Information An incoming ISAKMP packet from x.x.x.x was ignored.
    I have change the VPN policy as well according to FIPS requirement but still same issue.
    Can any one help me to find out the issue.
    Regards,Zohaib
    This topic first appeared in the Spiceworks Community

    Hi ,Yesterday i have enabled FIPS Mode on my Sonicwall 2400 after that globle vpn is not working i i am getting following error which connecting:2015/07/10 16:17:52:918 Information x.x.x.x Phase 1 has completed.2015/07/10 16:17:52:918 Error x.x.x.x Failed to validate incoming ISAKMP payload after decryption.2015/07/10 16:17:52:918 Information An incoming ISAKMP packet from x.x.x.x was ignored.2015/07/10 16:17:52:933 Warning x.x.x.x Received an unencrypted packet but encryption keys have already been established.2015/07/10 16:17:52:933 Error x.x.x.x Failed to decrypt buffer.2015/07/10 16:17:52:933 Information An incoming ISAKMP packet from x.x.x.x was ignored.
    I have change the VPN policy as well according to FIPS requirement but still same issue.
    Can any one help me to find out the issue.
    Regards,Zohaib
    This topic first appeared in the Spiceworks Community

  • I am a windows user that has converted to Mac and loving it but when I updated to Lion my wireless internet dongle would not work anymore and the Macbook Pro does not recognise the device at all so I am unable to reinstall it again. Any ideas

    I am a windows user that has converted to Mac and loving it but when I updated to Lion my wireless internet dongle would not work anymore and the Macbook Pro does not recognise the device at all so I am unable to reinstall it again. Any ideas would be greatly appreciated.

    Go to Finder > Preferences then select the General tab
    Make sure External disks is selected.

  • "no serializer is registered..." error with a web service not working

    I'm using JDeveloper 10.1.3
    EJB 3.0
    I'm having issues with the web service not working after I create a client for it. The web service works fine up until I generate the proxy on the other side.
    ERROR An error occurred for port: {http://buslogic/}MyWebService1SoapHttpPort: no serializer is registered for (class buslogic.runtime.....
    I saved the file before I added the proxy and the wsdl looks the same between the working one and the non working one. I can not pin point the when the change to the web service is occuring. It seemed to work once all the way up until I had a ADF page trying to retrieve data, another time it failed when the proxy was created.
    I can get the version that I saved to work immediately after the version that does not fails.
    Any help would be greatly appreciated,
    Dan

    I'm using JDeveloper 10.1.3
    EJB 3.0
    I'm having issues with the web service not working after I create a client for it. The web service works fine up until I generate the proxy on the other side.
    ERROR An error occurred for port: {http://buslogic/}MyWebService1SoapHttpPort: no serializer is registered for (class buslogic.runtime.....
    I saved the file before I added the proxy and the wsdl looks the same between the working one and the non working one. I can not pin point the when the change to the web service is occuring. It seemed to work once all the way up until I had a ADF page trying to retrieve data, another time it failed when the proxy was created.
    I can get the version that I saved to work immediately after the version that does not fails.
    Any help would be greatly appreciated,
    Dan

  • I have problems with my macbook pro ... I recently bought "OS X Lion Mountain" but complete installation did not work ... purchases every time when I look biem appstore is still installed ... so now I have OS X version 10.8.3 ...

    I have problems with my macbook pro ... I recently bought "OS X Lion Mountain" but complete installation did not work ... purchases every time when I look biem appstore is still installed ... so now I have OS X version 10.8.3 ...

    does it say not installed or does it say "download" in app store purchases?
    if it say's download,  then it's there for future use if you need to download it again.
    see image below - i'm running Mountain Lion and it say's download in my App Store.

  • [svn] 4226: Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working.

    Revision: 4226<br />Author:   [email protected]<br />Date:     2008-12-03 15:25:17 -0800 (Wed, 03 Dec 2008)<br /><br />Log Message:<br />-----------<br />Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working. <br />QA: Yes<br />Doc: No<br />Checkintests Pass: Yes<br /><br />Details:<br />* Make sure the <reliable/> option is treated as a nested element rather than an attribute of its parent <network> element.<br /><br />Ticket Links:<br />------------<br />    http://bugs.adobe.com/jira/browse/LCDS-517<br /><br />Modified Paths:<br />--------------<br />    blazeds/trunk/modules/core/src/flex/messaging/Destination.java

    Revision: 4226<br />Author:   [email protected]<br />Date:     2008-12-03 15:25:17 -0800 (Wed, 03 Dec 2008)<br /><br />Log Message:<br />-----------<br />Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working. <br />QA: Yes<br />Doc: No<br />Checkintests Pass: Yes<br /><br />Details:<br />* Make sure the <reliable/> option is treated as a nested element rather than an attribute of its parent <network> element.<br /><br />Ticket Links:<br />------------<br />    http://bugs.adobe.com/jira/browse/LCDS-517<br /><br />Modified Paths:<br />--------------<br />    blazeds/trunk/modules/core/src/flex/messaging/Destination.java

  • [svn] 4195: Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working.

    Revision: 4195
    Author: [email protected]
    Date: 2008-11-26 13:08:23 -0800 (Wed, 26 Nov 2008)
    Log Message:
    Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working.
    QA: Yes
    Doc: No
    Checkintests Pass: Yes
    Ticket Links:
    http://bugs.adobe.com/jira/browse/LCDS-517
    Modified Paths:
    flex/sdk/trunk/frameworks/projects/rpc/src/mx/messaging/config/ServerConfig.as

    Revision: 4195
    Author: [email protected]
    Date: 2008-11-26 13:08:23 -0800 (Wed, 26 Nov 2008)
    Log Message:
    Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working.
    QA: Yes
    Doc: No
    Checkintests Pass: Yes
    Ticket Links:
    http://bugs.adobe.com/jira/browse/LCDS-517
    Modified Paths:
    flex/sdk/trunk/frameworks/projects/rpc/src/mx/messaging/config/ServerConfig.as

  • [svn] 4193: Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working.

    Revision: 4193
    Author: [email protected]
    Date: 2008-11-26 11:40:05 -0800 (Wed, 26 Nov 2008)
    Log Message:
    Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working.
    QA: Yes
    Doc: No
    Checkintests Pass: Yes
    Details:
    * Foundational update to include destination config in what we collect for runtime config exchange with new clients for destinations with network/reliable=true (LCDS only).
    * Also typo in comment in AbstractConnectionAwareSession fixed.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/LCDS-517
    Modified Paths:
    blazeds/trunk/modules/core/src/flex/messaging/AbstractConnectionAwareSession.java
    blazeds/trunk/modules/core/src/flex/messaging/Destination.java
    blazeds/trunk/modules/core/src/flex/messaging/services/AbstractService.java

    Revision: 4193
    Author: [email protected]
    Date: 2008-11-26 11:40:05 -0800 (Wed, 26 Nov 2008)
    Log Message:
    Bug: LCDS-517 - Reliable messaging destinations created using runtime configuration (bootstrap service) not working.
    QA: Yes
    Doc: No
    Checkintests Pass: Yes
    Details:
    * Foundational update to include destination config in what we collect for runtime config exchange with new clients for destinations with network/reliable=true (LCDS only).
    * Also typo in comment in AbstractConnectionAwareSession fixed.
    Ticket Links:
    http://bugs.adobe.com/jira/browse/LCDS-517
    Modified Paths:
    blazeds/trunk/modules/core/src/flex/messaging/AbstractConnectionAwareSession.java
    blazeds/trunk/modules/core/src/flex/messaging/Destination.java
    blazeds/trunk/modules/core/src/flex/messaging/services/AbstractService.java

  • Since I installed lion, my SxS Card reader is not working any more. Some advise?

    since I installed lion, my SxS Card reader is not working any more. Some advise?

    Try resetting the PRAM https://support.apple.com/kb/HT1379

  • I upgraded from leopard to lion and my epson printer will not work. I get a communication error

    I upgraded from leopard to lion and my Epson printer will not work. I get a error message comunication error. What can Ido to fix this I bought a new USB cord and it did no good.

    I suddenly had the same thing happen. I've had my new iMac for 3 months and at first my Epson Artisan 50 worked okay then yesterday I started getting the same error message other people on this support site have gotten. I tried ALL the advice given (deleating the Epson files from the library folder, etc. reinstalling older software) and nothing worked. With the newest iMac (and operating system) you cannot pick and choose which version of Epson software you want. You must use the 10.8 version or it simply will not open when you've downloaded it. Finally I found the comment above by den.thed and tried the OS X Mountain Lion: Reset the printing system suggested. As much as I hated to lose all my printing presets that took a lot of expiermentation to set up, I was desperate. I tried it and it worked. Now I just have to consult my old computer and try to recreate all my printing set ups.  So to others with Epson / Apple 10.8 issues this may help when everything else fails. Thanks den.thed for your advice.

  • I experience issue with my Verizon iPhone5s cellular service not working on 3G.

    I'm experiencing issue with my Verizon iPhone5s cellular service not working on 3G but LTE works great. I tried resetting network setting, new SIM card, reset iPhone to new too. I'm have the latest carrier code of 16.0. Iphone firmware 7.1.2.
    I started experiencing this when verizon started advertising XLTE.
    It is very frustrating when internet does not work when I'm in 3G area. Phone calls does work though. Signal is good too.
    Thank you in advance.

    I would agree w you but this only happens on Iphone5S.
    Iphone5 works fine.  I tested this with other Iphone 5 and 5s.
    To test this, go to setting/celluar/turn off "Enable LTE"

  • Lion Server 10.7.4 VPN service not using my Active Directory domain for authentication

    I have Lion Server 10.7.4 setup on a Mac Mini and I have enabled the VPN service for both L2TP and PPTP. The Mac Mini is joined to my Windows Domain at a functional level of Server 2008 R2. I have set the authentication paths to point to my domain in Directory Utility.
    What I would like to have happen is for my laptop to be able to VPN into my office network remotely using domain credentials and not local account credentials on the Mac Mini itself. This is a process I have done numerous times on Windows boxes, but for some reason the only way I can get the VPN to work on this instance of Lion Server 10.7.4 is by authenticating using local accounts only.
    Does Lion Server 10.7.4 only authenticate VPN users based on it's local account schema? Or can it truly authenticate against an active directory domain?
    Any suggestions or help is greatly appreciated. Thanks,

    Hi g-pirtle,
    Yes, I had already done that a few days ago. I was able to add the desired AD group to the allowed users/groups for the VPN service. Thats exactly what is so weird about this...it allows me to search for and add an AD user or group to the list of allowed users/groups, but then when I actually try to use a domain account to authenticate to the VPN is just gives me the "cannot authenticate" error. Very strange.
    I wondered if for some reason Apple is only allowing local accounts to be authenticated against. Sounds crazy, but I cannot for the life of me get this to work. I also wondered if Kerberizing the server would help, but when I go to join a Kerberos realm in Open Directory inside of Server Admin, it just has no realm listed in the drop down menu.
    Other than that, all other aspects of the Mac Mini being joined to the AD domain seems to be good. I'm really stumped here...
    Thanks again,

  • Location services not working on Mountain Lion

    I am running OS X Mountain Lion and ever since I have updated location services haven't been working how they were in Lion. I have location services on in System Prefrences. When ever I encounter this problem I am using Wi-Fi.
    Please Help!

    HI
    i having problem :
    location servics enables (nothing in list)(no app in list which accesses location),
    icloud "find my mac" enabled,
    and WHEN I TRY TO FIND MY MACBOOK ON icloud or "find my iphone app" on iphone.
    it says:
    "ONLINE,LOCATION UNAVAILABLE"
    and one more thing, when i set "time & date" to "set automactic according to my location"
    then the result is "unable to determine location at this time."
    CAN ANYONE TELL, HOW TO MAKE LOCATIONS ACCESSED? IS IT WIFI SETTINGS? OR IS IT OTHER SETTINGS BEYOND MAC .???

  • VPN does not work on WRT54G v6

    Hi,
    Just bought a new wireless router (WRT54G v6) to replace my old one who just died after 4 years of loyal services (WRT54G v1) but VPN does not go through even though all the VPN passthrough options are enabled.
    I'm using a VPN connection created through the Network connection wizard of Windows XP.  This same connection worked fine with my previous router (WRT54G v1) but not with the new one (WRT54G v6).  What can I possibly try to check or do.
    I also upgraded to the latest firmware 1.00.9 to no avail.
    Also, if it can help, when I connect my cable modem directly in my computer the VPN goes through.  Through the router, nothing, wired and wireless connections the same.

    I changed the flash and it still doesn't work.

Maybe you are looking for

  • Suddenly I can't open a PDF! I get a prompt to enter a serial number. What is this about?

    Also, myt Adobe Audition application won't open! I need to fix this fast. Is this a result of moving from purchased applications to CC?

  • Nexus 2K to Cisco 2960 IOS Switch

    Hi, I am trying to connect Nexus 2K FEX to Cisco 2960 IOS Switch (Trunk config) and causing spanning tree loop having issues. I am aware that I should't be connecting non host port to 2K FEX but it's corner case. I have done similar setup with Access

  • FMW 11G with 12c database

    Our DBA's are looking into upgrading our database to 12c (probably 12.1.3).The Oracle Fusion Middleware 11g Release 1 (11.1.1.x) Certification Matrix says "Oracle DB 12.1.0.1+ certification is available only with WLS 10.3.6+/FMW 11.1.1.7+". Does that

  • Run time menu for row headers

    Is there any way to have run time menu only for the row headers and not the whole of the table? Thanks, Ritesh

  • Need help with ipod second generation (please)

    i just came across my ipod second generation... the real second generation, circa 2002 (approximately).  i can't find the cable.  kicking myself!  is there any way to get a cable, and subsequently, move my old school tunes onto my imac or ibook?