Mountain Lion Server VPN won't startc

Similar Messages

• Mountain Lion server VPN configuration problem

  I'm having a problem connecting to my Mountain Lion server VPN even on my home local network.  The configuration is so simple but I can't figure out what I need to do to get it to connect.  Trying from my iphone and also ipad going directly to the ip address of the server and have the user account name, password and secret filled out as I have it set on the server but the connection fails.  I was at first thinking it might be a DNS issue, but then dismissed that since it's happening on the local network.  It seems to be an authentication issue, however I'm using the same settings as on the server. I have other services working such as file server, DNS and SUS so the product itself is fine, just the VPN service.
  Any ideas?
  - Chris

  I had the same "No CHAP secret found for authenticating username" issue. I've been at this VPN thing for many many hours over many days. Desperately want OS X Server to work.
  Finally I just bought iVPN to see if that would work somehow--- AND IT TOTALLY DID.
  So, forget Mac OS X Server VPN. Just forget it. There are definitely many problems out there facing VPN access. But if you're at the point I was, where it's connecting just not authenticating, then forget Mac OS X Server.
  http://macserve.org.uk/projects/ivpn/

• Mountain Lion Server VPN unable to route internet traffic

  Hi! I have set up a VPN server on my home network specifically so that I could connect via a VPN client remotely and tunnel all internet traffic through my home network (It is a long story but I need to be able to access services that are specific to my home IP . . . ) I have been tearing my hair out trying to get it work but can not. The VPN connection happens OK and I can set up the remote client to send all traffic via VPN but any internet traffic just times out . . . In other words I can not get the server to share my home network via the VPN connection.

  Hi and thanks for taking the time to answer.
  As I am sure you have guessed I don't have much experience or knowledge with this. So I will try to clarify what I am trying to do.
  I do not need a VPN server for the conventional reasons of being able to access a private network (i.e my home network) remotely, although this is a nice additional benefit. I need the VPN server so that I can log in remotely (when I am using my mobile broadband or when I am overseas for example) and make it look like the machine I am using is on my home network.
  The reason for this is that I have access to web services that are IP specific. That is I can ONLY log in if I am logging in from my registered home IP (which is static for this exact reason).
  I have been told on similar support sites that if I route ALL traffic through the VPN, then when I use my browser on the remote machine all web traffic will go through the VPN as well and it will look like the traffic is coming from the subnet of my home IP.
  I guess in other words I am trying to use my VPN as an "anonymous" proxy (anonymous in the sense that although the traffic is coming form somewhere else, it still looks like it is coming from my home IP).
  I know this will cripple the speed due to the narrow upstream bandwidth but I am willing to pay this price.
  Now as for your questions:
  I have the server set up on a machine on my home subnet and I have enabled VPN port forwarding on the ADSL router.
  I know the connection happens as when I connect the VPN either from my iPhone using 4G or my laptop using my mobile broadband I get the "connecting . . . authenticating . . . connected" messages and when I check in properties it shows it to be connected to my home IP as VPN server and has an IP address that looks like it is on my home subnet.
  By internet traffic timing out I meant web traffic.
  As I mentioned above, I need all web traffic to go through the VPN. So indeed not ALL traffic but definitely ALL web traffic. The only way I could find to do this is to enable the "Send all traffic" option.
  Now I guess the obvious question is why am I not using a proxy. I have tried (and spent ages setting up Squid) but could never get it to "hide" the true origin of the traffic completely.
  Now having written all this, I reinstalled mountain lion and server yesterday (out of sheer frustration rather than anything else) and it seems to work this morning. So if I log in via VPN on my mobile or laptop and use an IP checker on the web it comes up with my home IP : ))
  The only thing I have now noticed is that if the VPN server stops working (which seems to be as soon as the computer I run it on goes to sleep) web traffic reverts to using the normal channels which is potentially problematic for me.
  So my questions now are -
  Any ideas what I was doing wrong in the first place?
  Any suggestions on how I could set this up better?
  Any way to set up the remote device so that it only allows web traffic via VPN (so that if the VPN connection drops, it is unable to use it's own internet connection for continuing web traffic)?
  Thanks for any suggestions : )
  Cheers

• Mountain Lion server vpn setup

  I have OSX Mountain Lion with server.  I use dynamic dns with dyndns.org.  I have a Virgin Media Router in modem only mode connected to a Time Capsule that provides DHCP and NAT.  I have all the correct ports open on the Time Capsule (500, 1701, 1723 and 4500).
  I have set up the Server VPN but every time I try to connect wither from within my LAN or externally I get the message:
  The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.
  I have tried everything I can think of (including trying VPN Configurator) but cannot get the VPN to work.  Any advice welcome.

  I had the same issue: 
  The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.
  PPTP was connecting from a PC without problem but trying to use L2TP (IPSec) from an iMac gave the above message.  I resolved this by:
  I went into Server > VPN and turned the service off for 30 seconds and turned it back on, all working.
  The wonder of OSX Server.  Lots of buggy problems.
  Steve H

• VPN to Mountain Lion Server issues

  Hi,
  I checked a lot of VPN threads here today, but I wasn't able to find a solution for my problem just now. I try to connect by VPN to my Mountain Lion Server, but I get an error message that the VPN server is not responding. I get this message from iPhone and Mac. The Mountain Lion Server is a new installation, no upgrade from an older server.
  Some informations on my setup:
  I installed the server with a hostname like myserver.mycompany.com and option 3 (internet access), as I want to use it for email at a later stage. All services are working fine (except VPN). DNS is active, but basically it only contains the adress myserver.mycompany.com and forwards everything else to our router.
  I changed the DNS settings of our domain ( hosted by an ISP - so not in the local DNS ! ). I created a subdomain vpn.mycompany.com which points to the static IP of our router.
  In the router I opened the UDP ports 500, 1701 and 4500, and for 1701 i made the same thing for TCP (I found this in a forum, but I think this is not necessary?), the ports are pointing to the ip of the os x server.
  In OS X Server I started VPN for L2TP using the vpn.mycompany.com hostname, and a shared secret.
  When I try to connect with I client from outside I try to connect using L2TP via vpn.mycompany.com using the shared secred and user-id and password. The user-id is created in OS X Mountain Lion server and is configured to use VPN service. When trying to connect I get the error message "L2TP-VPN server is not repsonding...".
  In the log file of the server I see some entries for each connect:
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: Connecting.
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IPSec Phase1 started (Initiated by peer).
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: receive success. (Responder, Main-Mode message 1).
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: receive success. (Responder, Main-Mode message 3).
  Oct 10 20:21:45 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
  Oct 10 20:21:48 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Phase1 Retransmit).
  Oct 10 20:22:06 --- last message repeated 2 times ---
  Oct 10 20:22:06 myserver.mycompany.com com.apple.SecurityServer[17]: Succeeded authorizing right 'system.privilege.admin' by client '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] (2,0)
  Oct 10 20:22:06 myserver.mycompany.com com.apple.SecurityServer[17]: Succeeded authorizing right 'system.privilege.admin' by client '/Library/PrivilegedHelperTools/com.apple.serverd' [1716] for authorization created by '/Applications/Server.app/Contents/ServerRoot/usr/libexec/ServerEventAgent' [2967] (100000,0)
  Oct 10 20:22:06 myserver.mycompany.com racoon[13873]: IKE Packet: transmit success. (Phase1 Retransmit).
  No more entries in log file now. Anyone any ideas what's going wrong. Might there be a problem as I use another servername outside as inside (vpn... instead of myserver...)?
  Thanks!

  Solved, first of all we tested to establish the VPN connection locally by adding the ip address of the server to /etc/hosts for vpn.mycompany.com. The VPN connected without problems then, so it was clear that it is a firewall/router problem, and not a server problem.
  After that we studied some more documentations and found that we don't have to open port 50, but ip protocoll 50 (ESP) on the firewall. After that was done, the connection was working from the internet as well.

• Mountain lion server won't take my password for install

  I have never run a server version of apple software.  I am wanting web sharing to host a small website.  This option was removed from sharing preferences in mountain lion. 
  I purchased server to avoid the need to use the command line interface.  It was requiring a password and I don't use a password on my system and it wouldn't take a null.  I am finding a similar problem with attempting to install server on mountain lion.
  When I run the mountain lion server installer it prompts for an administrator password.  I hit return as I set up the system without an administrator password.  This fails, but works with all other admin password requests for software installation.
  Any assistance would be appreciated.
  Best Regards,
  David Finell

  I just decided to setup passwords.  I just wanted to avoid the pain.  It worked.  Now to figure out how to share folders over the web in server.

• Regarding mountain lion server: clients experience intermittent service connections. the server system log has the following error- Client handshake failed (6):113: Server not accepting client connections (any ideas???)

  regarding mountain lion server: clients experience intermittent service connections. the server system log has the following error- Client handshake failed (6):113: Server not accepting client connections. any suggestions would be greatly appreciated - thank you

  Hi Jason
  I was getting the same behavior after Apple support had me delete some plist files to get Airplay going. I was also getting the following error:
  the error occurred while processing a command of type 'writesettings' in the plug-in 'server vpn'
  I went into ~/Library/Preferences/ and /Library/Preferences/ and deleted every plist contating the word server. I had to re-set up my server (meaning walk through some intial steps) but all of my settings were still there after that and everything started working again.
  Just a thought, obviously try at your own risk but it worked for me.
  Kellen

• Mountain Lion Server 10.8 DNS ERROR READING SETTINGS

  Hi! Well I changed from windows 2008 server to Mountain Lion Server. So far, I have been able to set up website hosting for one website, and I must say works better than windows server 2008, maybe thats because the mac keeps the drive spun up, while in windows server it was an external drive, whatever the issue mac serves up the site much faster that it comes exploding onto the screen of the searcher.. Then I went to try to set up email, I was totally excited, but I think I did a no no in the dns settings, and now, I cant even see them, I just get "Error Reading Settings" Of course I see things in the log that I should undo, but I cant access the DNS settings at all. Any ideas how I can get to the dns settings so I can undo my booboo? Now it has streched its error self into the file sharing, and I cant access those settings anymore either, so that means I cant set up other websites because I cant give permission to view those folders. I also just got another err saying "Multiple errors occured on this server while processing commands. Just exactly what the heck did I do? I must have REALLY SCREWED THIS THING UP! Also strangely Safari browser no longer acceses the web from the server computer. I THINK I KILLED IT.
  Any Ideas?
  Thanks I really appreciate any tips, I havent got to calendar or vpn, or any fun stuff yet.. Or maybe it might not be fun at all? hahahahahaa!
  Thanks

  I've gotten into this mess as well and Apple solved it for me.
  The Server should be able too lookup itself so running DNS is a good thing, actually the server sets up DNS at install time if it can't find a server to serve it's DNS so it can lookup itself.
  The main error in my case was that there wasn't a NS record pointing the machine itself and that there were some firewall rules preventing DNS lookups. Since there is no way to edit the firewall rules via GUI the engineer manually changed some stuff, but wasn't sure where the problem lies exactly, so he passed it on to another engineer.
  At this point I was already forced to switch to Google Apps for Business and my website was already running at GoDaddy, at much lesser costs and to much lesser frustration I might add.
  Let's face it, Apple has to deliver a better product with the old Server Admin back into place for those who want it for the extra control.
  My servers were running great with Lion (eventually), but Apple just had to remove Server Admin from OS X Server... #their_loss

• Mountain Lion Server bond support?

  After migration to new Mountain Lion Server from Snow Leopard Server, the Server App don't recognize the Ethernet aggregation of my Mac Pro! The services that was active in Snow Leopard Server are active, but if I try to stop the service of net install I don't try to restar the services because there isn't no interface!!!!! it's Possible? And probably it's the same for the other services!!!

  Yea, I actually run our current SUS on an older Mac Pro. It provides both Apple software updates and Adobe software updates (for our Adobe deployments) and is dedicated to these two services. My primary server (running Mountain Lion—capable of Mavericks, but again, because of the File Sharing issues in Mavericks Server, we're sticking with ML Server for the time being) is a loaded 2009 Xserve—which I don't run "secondary services" (my term <G>), like SUS, on.
  Unfortunately, the current SUS box won't do Mavericks Server (though, I have tested running a VM of Mavericks Server, just for SUS and Caching, inside the physical OS, and it worked fine, but seemed like a waste of system resources and just really didn't make much sense—and a bare metal install doesn't work because of RAID, etc.), so I was considering the Caching Service in ML as an alternative (if it did, in fact, feed Mavericks clients). I realize I could just "turn it on" and see what happens, but would rather look into first (as I assumed others would have ML Caching Service on, and probably had Mavericks clients on the network, so would have the info I was looking for).
  Anyway, at this point, unless ML Server Caching Service will do the trick, Reposado it is.
  k.

• Update to Mountain Lion Server kills Time Machine Backups

  Okay, here's the scenario:
  Client: 
  MacBook Pro running Mountain Lion
  Server: 
  Mac Mini running Mountain Lion Server using an SSD boot and Promise Pegasus Thunderbolt RAID
  Prior to updating the Mac Mini to Mountain Lion Server (previously just using regular Mountain Lion) I was happily backing up using Time Machine over AFP.  Since the update to Server I get the Time Machine message:
  "The network backup disk does not support the required AFP features."
  The network drive is also no longer available for selection within Time Machine (once it's been deselected).
  Any easy ideas on a fix?

  Time Machine won't back up to Mountain...: Apple Support Communities

• Will Mountain Lion Server be slower that Lion Server on my 2009 Mac Mini?

  I have a 2009 Mac Mini running Lion Server. Specs are: 2.0 GHz 8 GB ram.
  As always, I'm wanting to reap the benefits of the latest OS without upgrading my hardware. I know mirroring won't be supported, but who cares about that on a server.
  Does anybody have Mountain Lion on a similar setup?

  We've found Mountain Lion Server to run just as fast as Lion.  MLS boots a bit slower on our Mac minis, but it's
  neglegable.
  Also have had trouble migrating from Lion and 10.6.8 server to Mountain Lion Server.  Issues with Open Directory and Mail.
  Hope Apple puts out a .1 release to address the issues soon.

• Mountain Lion Server with Network User

  I have a Mountain Lion Server with a network user. The whole system has been redone from Lion Server and on top of that I moved location, ISP, hardware and a few other things. The way I used the setup on Lion was to bind my MBP to the server and login from the MBP login window with the network account. If for whatever reason I wanted to look at the network account on the server, I could fast user swtich and everything that was open ie Safari, Mail, etc would be the same as it was on the MBP.
  Now if I'm logged into the network user on the MBP and then go to the server, it logs in as if I've just booted. They share the home folder and any new files/folders created on one shows on the other. But if Mail is open on the MBP it won't be open on the server.
  Does anyone have any ideas or suggestions?

  Thanks for your reply.
  I believe I got it to work, but,... How do you get the network account users to show up on the login window of the client computer? The login window shows the name of the client computer and the local accounts on the client computer. When I select Other in the login list I can login using a network account user id and it logs in. The network account user names do not show up on the login window

• Sharing a Calendar from Mountain Lion server with Snow Leopard users on local network

  Hello.
  I have a new Mac Mini Server running Mountain Lion Server and I want to create a shared calender for a mix of Lion, Mountain Lion and Snow Leopard users on our local network. Does anyone have any info on how to do this? I have tried using the Server App and Calender Help within the applications, but the content isn't available. I have managed to create a Shared Calender  from the Mini's Calendar App where I've  added users and I can see a 'wireless' transmit icon to the right of the Calendar name - but I cant get any of the users' iCal or Calendar apps to recognise the Calendar on the local network. I've also created a Location in the Server App under Calendar and still can't see anything on the local network. Am I missing something really obvious?
  Thanks in advance!

  Sorry, I hadn't explained everything fully. I don't want to open up my VPN to friends and family. I do have the router assigning the NAS a fixed IP, so that when I connect over the VPN I can use the local IP address to connect, as you have mentioned.
  What I would like is for my friends or family to connect to my server over AFP or SMB using the public IP of my network, which my router then forwards onto my server, and display the available sharepoints configured using Mountain Lion server. However, the NAS drive is not an available option this way as it has a separate IP to the server.
  As the NAS alllows guest access, I also don't want to configure the router to forward a specific port to it, as this way it will be open to the internet. I wanted to try and use my server as an authentication point, with profiles set using Mountain Lion server, and limited to file sharing services only.
  Hope this makes sense.

• Password problem after migrating to Mountain Lion Server

  Hello everyone,
  Yesterday, I migrated our Lion Server to Mountain Lion Server. Everything seemed to work fine. Except since this morning, none of the network user cannot connect to their calendar, reminders, and wiki. They can connect to their account and to their mails. The following line appears multiple times in ApplePasswordServer.Error.log:
  Aug 16 2012 16:52:50 700250us    client response doesn't match what we generated
  It seems that only web services are concerned (vpn, mobile accounts, and mails are working). My initial guess is that the hash computed on the basis of the user password is not computed on the same way on the client machine (which is running Mountain Lion by the way) and on the server. On the other hand, this would be very surprising, since all this stuff is based on standards and unlikely to have changed since Lion.
  I tried to create a new "Test" user. Even this new user, created after the migration, cannot connect to its calendar, etc. I also tried to reset my user password using the Server App. It makes no difference, the same lines appear in the logs.
  Is anyone experiencing a similar problem ? Does anyone have a clue of what to try next ?
  Thanks a lot !

  I found out the following:
  After looking at the contents of the password server database using the slot numbers of several user accounts, it seems that all users where WEBDAV-DIGEST authentication is failing, have two entries for the digest method "*cmusaslsecretDIGEST". This is obviously wrong. All users who can authenticate successfully have only one such entry.
  Deleting and recreating the user account has no effect. In fact, updating the password server with a new entry may actually trigger this error. It could be that all users where this is failing have changed their passwords after the server was updated to Mountain Lion.
  It would be interesting to know if you also see duplicate entries for "*cmusaslsecretDIGEST" in the database. You can display a password server record via the user account's slot number (in your example, the 0xd6ace...) using the command
  sudo mkpassdb -dump <slot-number>
  At the end of the record dump, you should see 10 digest entries with their method identifiers.

• I'm trying to use Mountain Lion Server so my family can have separate logins via Screen Share to their iTunes.

  Using Mountain Lion Server so my family can have separate logins and connect via Screen Share.
  Works great, each has their own home directory and permissions are perfect.
  Now setting up iTunes for each with their own Library (not shared), thus keeping multiple Libraries.
  I get this;
  This Computer is already associated with an Apple ID.
  If you download past purchases with your Apple ID, you
  cannot auto-download past purchases with a different
  Apple ID for 90 days.
  What!
  So what it is on the same computer, they are completely separate Libraries never to be mixed.
  If this works, I only need to keep one computer up and running, instead of three.
  Each can do their syncing/backup and connect to the various Airplay/AppleTVs I have around the house.
  How do I fix this.
  Thanks

  Bottom line is you can't - easily.
  You need to make sure that you log out of the server each time otherwise the ID is running. To explain, if you had a laptop with different people using it, your solution works fine. Each time someone logs in, the iTunes ID is different so it works as you can only have one person using the laptop at any one time.
  Now, turning your problem inside-out, you want people to be able to log into iTunes concurrently to use their own version of the program with their own library. This does not seem to work and you get the conflicted ID error message. Even though iTunes is running under their own login ident, I have never been able to get this working reliably and was told that iTunes is NOT a network-aware application as it is designed to be single user.
  The way I got around this was to login as XYZ and to make sure that the ID was changed in iTunes accordingly. However, it did not always work so I gave up with the whole thing.