vraiment Posted October 24, 2013 Share Posted October 24, 2013 I have a mac home server (real MacMini, no hackintosh). It had Mountain Lion and the Server app. I had correctly configured my router to forward the VPN ports to the server and everything worked well. Then I updated to Mavericks and the new Server app and, surprise! the VPN server no longer works outside my network. Inside my network I can connect to the VPN if I use the local IP, but if I use my external IP it fails to connect. Reading the Apple Discussion forums it seems I'm not the only one, so anyone has any ideas? Thanks Link to comment Share on other sites More sharing options...
warplessBl_nk Posted October 24, 2013 Share Posted October 24, 2013 Not just you- I spent 4 hours on the phone with Apple Enterprise Support (kept getting transferred up the support person chain). At one point we created a new account for the support person and they tried the VPN, which worked. At that point he told me if must be my connections on the other devices I was trying and that was all support could do- he also told me that when pinging my server he was seeing a lot of packet loss. After this I requested that he guide me through completely uninstalling the server, since every time I do this it carries over settings (right down to the shared secret) when reinstalling. He wanted to verify that we were doing it correctly so he put me on hold- at this point I ran a web based ping and traceroute (to rule out my local network) coming from Europe NO packet loss. We did a complete uninstall of the server portion and reinstall and the shared secret came back- which he could not explain. I then showed him the ping/traceroute- which he insisted since he could connect (which we could see in the logs) that it was my local networks for the other machines I was testing on. For instance trying my iPhone on AT&T's LTE network and a work laptop- VPN into the work network THEN trying to come back to my VPN network. I informed him that I was going to completely nuke the machine and start over- he advised that I try the VPN from a Starbucks first, still insisting that it was my local cell/work networks being spotty. I erased the main drive, re-installed Mavericks, then re-installed server 3 annnnnnnnd I am back to the same place. Currently I am testing from another location and still cannot get past the IKE Phase 1 portion of racoon's auth via hostname HOWEVER if I use Logmein to get back to another machine on the same network and use the IP I can use the VPN. Here's the log: Oct 23 08:22:10 hostname racoon[224]: Connecting. Oct 23 08:22:10 hostname racoon[224]: IPSec Phase 1 started (Initiated by peer). Oct 23 08:22:10 hostname racoon[224]: IKE Packet: receive success. (Responder, Main-Mode message 1). Oct 23 08:22:10 hostname racoon[224]: >>>>> phase change status = Phase 1 started by us Oct 23 08:22:10 hostname racoon[224]: IKE Packet: transmit success. (Responder, Main-Mode message 2). Oct 23 08:22:10 hostname racoon[224]: IKE Packet: receive success. (Responder, Main-Mode message 3). Oct 23 08:22:10 hostname racoon[224]: IKE Packet: transmit success. (Responder, Main-Mode message 4). Oct 23 08:22:10 hostname racoon[224]: Connecting. Oct 23 08:22:14 hostname racoon[224]: IKE Packet: transmit success. (Phase 1 Retransmit). Oct 23 08:22:47 --- last message repeated 3 times --- Oct 23 08:22:50 hostname racoon[224]: IKE Packet: transmit success. (Phase 1 Retransmit). Oct 23 08:23:10 hostname racoon[224]: IKE Packet: transmit success. (Phase 1 Retransmit). Oct 23 08:23:59 --- last message repeated 1 time --- Oct 23 08:23:59 hostname racoon[224]: IKE Packet: transmit success. (Phase 1 Retransmit). Oct 23 08:24:56 --- last message repeated 1 time --- Oct 23 08:24:59 hostname racoon[224]: IKEv1 Phase 1: maximum retransmits. (Phase 1 Maximum Retransmits). Oct 23 08:24:59 hostname racoon[224]: Phase 1 negotiation failed due to time up. 2194c11c97819d97:a29d73f04fe7e67f The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator. Here’s the network topology- Internet > Modem > Airport Extreme > Mac Mini via ethernet. For the hostname DNS we are using a dynamic DNS service, which I have verified is resolving to the machine through the router ect. I have tried deleting the Server App and /Library/Server as well as any pref files I could find, then rebooting, after downloading the Server App again I found all of my settings are back. Also I’ve tried removing the Server Setup Done file as well in conjunction as well as independently with no luck. I have tried killing raccoon via the activity monitor as well as via the command line. I am able to reach the machine locally via ssh and screen share, and externally via logmein. I have tried an iPhone 5s locally and externally, and two MacBook Airs internally and externally as well. I have deleted the VPN port forwarding entry in the Airport, tried putting it back manually as well as via the Server App and the drop down menu in the Airport. I am 99% sure the traffic is reaching the server as I can see the following when I try to authenticate to the VPN, please note this is always the same for each VPN client So at this point I am stuck either rolling back to ML or getting on the phone again with Enterprise Support who is convinced that it's not on them. Link to comment Share on other sites More sharing options...
warplessBl_nk Posted October 29, 2013 Share Posted October 29, 2013 Spoke to Apple Enterprise Support this morning and they are aware of the issue now. We spent about 2 hours troubleshooting and trying everything the tech could think of, in the end he gathered logs from my server. At this point they are leaning towards an issues with NAT and Mavericks Server. They're working on it, most likely be addressed in an update to the Server app. Just wanted to share. Link to comment Share on other sites More sharing options...
Recommended Posts