Lion server VPN not working away from network

Similar Messages

• OSX server - Comment on Wiki (Mountain Lion Server) does not work

  OSX server - Comment on Wiki (Mountain Lion Server) does not work - it always give an error "Comment could not be saved, please try again" eitheir upgrade from Lion Server or fresh install.

  sorry, I had been allowed anyone to comment, and use wiki owner user also.

• OS X Server VPN not working

  Hi
  I have had a problem when trying to set up the vpn service on os x server.  I use OS X Mountain Lion server.  The problem is that when I set up the vpn service in the server app, it won't let me connect to the vpn using my public ip address or outside my network.  It will work if I type in the IPV4 address of the server inside the network.  It just won't work outside the network.  I looked up the port number for OS X Server VPN and did the port-forwarding in the router.  Unless i have the port wrong (which is doubt),  why would this not be working.  I am using L2TP to connect to the server but I have also tried PPTP and that did not work either.  I think that the problem must be something with getting the vpn on the internet since it works perfectly fine inside the network. 
  Thanks for any help. 
  Michael

  If you have a port-mirroring switch (I use a Netgear GS105E), it is very handy.
  This is the typical configuration for a VPN. Let us assume L2TP.
  VPN Client (L2TP) -> WAN Router/Firewall (Outside) -> LAN Port Forwarding (inside) -> VPN Server (LNS = OS X server).
  You may not be able decrypt packets, but you can see outer headers. If the WAN Router/Gateway has port mirroring functions, you can watch incoming packets at the WAN Interface. The Router/Gateway should just forward packets to the designated Port/IP.
  If the packets make it past the Router/Gateway,  the Server configuration should be checked. Temporarily, you can turn off the firewall and see if you can get to the OS X server. It will help in pinpointing where the issue might be. Shared secrets should also be checked.
  If you are able to VPN from inside, it is a very strange configuration. Usually coming from inside to inside is not permitted.
  If the clients and servers use the same intranet addresses, for example the client uses 192.168.x.x and the server is also on 192.168.x.x, you will run into issues. You may need to reserve address space for VPN clients.

• Revoking push certificate for lion server does not work

  After reinstalling my Lion Server - based on a Mac Mini Server - I generated also a new Push Certificate since I changed a lot of names/config. Now I found that an older Push Certificate is shown as active althoug I allready revoked it. When I hit the Revoke Button besides that Certificate (that is shown as valid and active until 9-12) I get an error - allready revoked!? Does this harm my configuration and can I do anything to solve this problem?
  Thanks for any help/suggestions.
  Best,
  Torsten

  The truth is, I shouldn't have posted this. Sorry. Late. Frustrated. I really just want it to work. I got Lion in hopes of learning how it worked. Now that I know it doesn't, I know not to recommend to my clients.
  Apple should give up trying to "make believe" you can manage an Enterprise Network Server using a GUI. They have successfully proven it over and over. Lion is their coup d' gras of "Don't try this at home".
  Now, I will search the forum for the answer, sure to discover that after a long, long, session in Terminal, using cryptic unix commands, I'll solve my problem.
  That's all. It will be doubly frustrating, as I'll have to turn off the Server so I can even see the internet, to find answers, create pdf's of web pages, turn the server back on, and try to fix.
  It is simply unacceptable. That's all.

• Lion Server Webmail not working

  Honestly, where to begin.
  Put succinctly, I cannot receive or send email to anyone from any identity on my Lion Server webmail. I'm running 10.7.4. and using dyn.com as a dynamic IP address (I chose dyn-o-saur.com because my daughter loves dinosaurs) so my server name appears as "[servername].dyn-o-saur.com".
  Yes, I can log in as different users, and they can send mail to each other.
  But anyone else? No dice. And even curiouser, there is no "message delivery failed" message returning to outside senders, and if I send email from the server webmail to anybody on the outside, the server says "Message sent successfully". But emails don't seem to show up anywhere.
  Things I have done:
  • shut down and restarted server
  • shut down Mail within Server app, restarted
  • shut down Mail within Server Admin app, restarted
  • shut down Mail within Server Admin app, reconfigured using the setup wizard, restarted
  • checked all ports on my router (late 2011 Time Capsule), all are open according to canyouseeme.org
  • the SSL certificate is Intermediate, and valid from namecheap.com (PositiveSSL CA 2) for POP, IMAP and STMP
  • created an MX record for my server in Server Admin per general instructions
  I've dug around for days, and apparently this might be a DNS Zone problem, but I'm not sure what else I can do. I've got 4 active zones, two of which are primary (one for the server, and one for the local computer), so maybe there's a problem there? I've included this screenshot (my server ID blurred for privacy):
  I've had too many SSL Certificate problems to count - and wiped my hard drive clean and re-installed Lion Server three times, and STILL I can't get my Trust Profile on any of the devices to appear as "signed" (despite buying two entirely different SSLs from namecheap and godaddy) but maybe I'll save that question for another day, unless it somehow is also webmail-related.
  Any help or advice would be so, so appreciated. Thanks!

  So I found the culprit... dyn.com had not updated my dynamic IP address, so I had to do it on their website manually. Then everything started working again.
  Also, the previously untrusted/unsigned SSL certificates for my mobile devices suddenly became signed and verified again once I deleted them (via the Profiles tab in Settings) and signed them up again, installing the Trust Profile first (via the /mydevices page on the server).
  I was also able to verify my laptop's SSL certificate by re-installing the Trust Profile ON TOP of the old one. I did not delete it first, as the last time I did that, I was unable to install any of the server profiles.
  So in a way, the question is answered. Until the next issue.

• Mac OSX Server VPN Not Working

  Heres how my setup is: I have an ATT DHCP Server/Router That assigns my public ip.
  I have an Apple AirPort Extreme in Bridge Mode Which hosts the main wifi connection.
  I have my Mac OSX Server connected to the AirPort Extreme
  On my ATT Router DHCP Server's Firewall I have my computer set to DMZ Plus mode which forwards all ports on the network to my mac.
  I am trying to connect to the vpn network via my MacBook Pro and iPhone5 and I cannot. However I can connect to the online wiki page on my server by going to server.djswirkmke.com if you would like to see it. My host name is server.local on the network but on the internet it is server.djswirkmke.com I also have a mail domain setup as mail.djswirkmke.com. My problem is I am not able to connect to the vpn on the client computers can you please help?

  In a moment of random frustration, I tried listing the DNS server in VPN settings three times, and it somehow fixed the problem. Even though it is the same IP all three times, it works when it is listed three times but not when it is listed just once.
  In other words, in VPN > Settings > Client Information > DNS Servers, I have:
  192.168.100.64
  192.168.100.64
  192.168.100.64
  Hope this helps someone having the same problem.

• Mail, iCal Server and iChat server will not work over VPN

  I have an Airport Extreme Base Station at the office running the network. Behind it sits a Mac Mini Snow Leopard server running 10.6.3. The ports necessary for Mail, iCal Server and iChat work fine through that external connection. I can also connect with VPN from my 10.6.3 clients.
  HOWEVER, when I connect with the VPN clients, I am suddenly unable to access the Mail, iCal Server, Wiki server and iChat server. All connections time out. I can ping the server and I can do other things that do NOT work on the public Airport like ssh or VNC. ssh and VNC are closed at the airport extreme.
  So it's pretty odd. When I'm connected via the VPN, all ports that are forwarded to the Snow Leopard server time out over the VPN.
  I've tried various and sundry configurations with the VPN client. This includes trying to send all traffic over the VPN, moving it up in the service order, etc. etc. Nothing fixes it. DNS resolution is working fine, however when I do a wireshark capture of ppp0 traffic, I notice that SSL and TLSv1 handshakes appear to occur on the public IP address instead of the private network IP address... and they're all resets.
  Has anyone gotten this to work successfully? Like I said, all ports that are NOT forwarded through the Airport work fine over the VPN, but will not work when connected to the VPN. It's really bizarre.

  New data: any ports that are normally forwarded on the Airport Extreme to the Mac Mini server will not work when connected to the VPN.
  For instance, if I have imaps/993 forwarded from the Airport Extreme to the Mac Mini, it works fine over the Internet. If I connect to the VPN, I can connect to all OTHER services on the Mac Mini, but Mail, for instance, will not work.

• Wifi works at home but not when away from home

  My Wifi works at home but not when away from home, what is wrong?  I thought with a phone plan I didn't need to have a wifi connection.

  You either need WiFi or Cellular (or both). If you have neither, you can't connect to the internet.
  Most people use WiFi at home and Cellular while away from home, or connect to public WiFi networks where there are some.

• I have tried to reinstall CS3 extended student version to my new comuter from the dvd and also from the web download but it does not work - I get the information that the server does not work- why. How should I do?

  I have tried to reinstall CS3 extended student version to my new comuter from the dvd and also from the web download but it does not work - I get the information that the server does not work- why. How should I do?

  Well the error message is in Swedish but says: The installation program database is damaged. Please contact the Adobe support (which is a hard thing to do!!). I use Windows 7 Home Premium with service pack 1.
  Från: Mylenium 
  Skickat: den 29 december 2014 16:48
  Till: Tony Bohman
  Ämne:  I have tried to reinstall CS3 extended student version to my new comuter from the dvd and also from the web download but it does not work - I get the information that the server does not work- why. How should I do?
  I have tried to reinstall CS3 extended student version to my new comuter from the dvd and also from the web download but it does not work - I get the information that the server does not work- why. How should I do?
  created by Mylenium <https://forums.adobe.com/people/Mylenium>  in Downloading, Installing, Setting Up - View the full discussion <https://forums.adobe.com/message/7050595#7050595>

• After installing Mountain Lion, why screen server does not detect photos from iPhoto?

  After installing Mountain Lion, why the screen server does not detect photos from iPhoto?

  I had the same problem and found the solution here:
  https://discussions.apple.com/thread/3189272

• Mountain Lion server VPN configuration problem

  I'm having a problem connecting to my Mountain Lion server VPN even on my home local network.  The configuration is so simple but I can't figure out what I need to do to get it to connect.  Trying from my iphone and also ipad going directly to the ip address of the server and have the user account name, password and secret filled out as I have it set on the server but the connection fails.  I was at first thinking it might be a DNS issue, but then dismissed that since it's happening on the local network.  It seems to be an authentication issue, however I'm using the same settings as on the server. I have other services working such as file server, DNS and SUS so the product itself is fine, just the VPN service.
  Any ideas?
  - Chris

  I had the same "No CHAP secret found for authenticating username" issue. I've been at this VPN thing for many many hours over many days. Desperately want OS X Server to work.
  Finally I just bought iVPN to see if that would work somehow--- AND IT TOTALLY DID.
  So, forget Mac OS X Server VPN. Just forget it. There are definitely many problems out there facing VPN access. But if you're at the point I was, where it's connecting just not authenticating, then forget Mac OS X Server.
  http://macserve.org.uk/projects/ivpn/

• VPN not working after upgrading to Mavericks

  After upgrading to OS X 10.9 Mavericks - VPN not working. I am able to connect to VPN server fron inside local network, but can't do the same from outside through the router (1. I have statis external IP 2. NAT port forwarding is OK 3. Other services on my server work fine through router & NAT using external IP).
  Tried:
  1. Downgrading JAVA from 7.0: https://discussions.apple.com/message/23673943#23673943  - doesn't help
  2. kern.ipc.maxsockbuf is big enough: https://discussions.apple.com/message/23525980#23525980
  Also, IMHO, Apple periodically delete messages from forum about this problem, does anyone else has teh same feeling?
  Any thoughts?

  After upgrading to OS X 10.9 Mavericks - VPN not working. I am able to connect to VPN server fron inside local network, but can't do the same from outside through the router (1. I have statis external IP 2. NAT port forwarding is OK 3. Other services on my server work fine through router & NAT using external IP).
  Tried:
  1. Downgrading JAVA from 7.0: https://discussions.apple.com/message/23673943#23673943  - doesn't help
  2. kern.ipc.maxsockbuf is big enough: https://discussions.apple.com/message/23525980#23525980
  Also, IMHO, Apple periodically delete messages from forum about this problem, does anyone else has teh same feeling?
  Any thoughts?

• Lion Server VPN error

  I am trying to use the Lion Server VPN function and have all the firewall port opens (500, 1701, 1723, 4500) and cannot get anything to connect either inside or outside of the network.  I keep getting "The L2TP-VPN server did not respond.  Try reconnecting.  If the problem continues, verify your settings and contact your admin".  I checked the log on the server and here is what I find under system log
  Oct 27 21:03:56 www racoon[3529]: Connecting.
  Oct 27 21:03:56 www racoon[3529]: IPSec Phase1 started (Initiated by peer).
  Oct 27 21:03:56 www racoon[3529]: IKE Packet: receive success. (Responder, Main-Mode message 1).
  Oct 27 21:03:56 www racoon[3529]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
  Oct 27 21:03:56 www racoon[3529]: IKE Packet: receive success. (Responder, Main-Mode message 3).
  Oct 27 21:03:56 www racoon[3529]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
  Oct 27 21:03:59 www racoon[3529]: IKE Packet: transmit success. (Phase1 Retransmit).
  Oct 27 21:04:29: --- last message repeated 3 times ---
  Oct 27 21:04:32 www racoon[3529]: IKE Packet: transmit success. (Phase1 Retransmit).
  Then I get the error on the other machine (i.e. iPhone 4S, IMac)
  Have I done searches on google for everything I can think of and can not find a answer, or at least not one that helps me.
  Any help would be greatly appreciated
  Sodak

  If you are using iCloud "Back to my mac", then disable it.
  These services are incompatible.

• How do I access my iMac remotely when working away from the office?

  I work away from the office for much of the time.  How can I access my iMac remotely?

  Unless this is critcal for some reason I would not do this.  Unless you understand all the techinolticcal pit falls you can leave your computer dangerusly exposed doing this.  If you are not technical your best bet is going to be to get a wireless router with built in VPN support ($200 - $500) to give you a secure connection home.  And then you will need the Apple Remote Desktop app ($90 I think) and even then it will only work if your work compute is also a Mac.  There are probably other comerial apps that will let you remote into your Mac desktop on windows but will probably be in the $200 price range. 

• I updated iTunes to 10.5 and now in my Netgear Stora iTunes server is not working anymore

  I updated iTunes to 10.5 and now in my Netgear Stora iTunes server is not working anymore.
  Configuration: OSX Lion with Server, iTunes 10.5, latest firmware for the Stora.
  Can this be confirmed to be a bug introduced with 10.5 ?
  I also saw some people mentioning the same problem on Synology NAS.
  Seems like the 10.5 uodate broke something.

  Definitely seems to be a cross-platform bug in iTunes 10.5 concerning all NAS disks. Shared libraries on network drives worked fine under 10.4.1, but now there is just an endless loading cycle with no error message or time-out. There is a bit more about it in this thread.
  Martin