PDA

View Full Version : Multiple Windows VPN Clients not allowed




tbottink
Dec 7, 2012, 04:45 PM
Hi there, tried searching but didn't find an answer to this specific problem; here it goes, hope somebody can help:

We are using a Mac Mini with OSX Mountain Lion Server 10.7.4 in an Office setup. Almost all clients are Windows 7.

We have set up client configs, and it works; both L2TP as PPTP.

My problem is multiple VPN connections from Windows clients are not allowed. When user1 is using VPN from his Windows client, no other VPN connection from a Windows client is allowed while connections from an Mac or iPad works like a charm.
If user1 disconnects vpn another Windows client is allowed.

All users are using L2TP. I have enabled PPTP for testing purposes.
VPN address pool is 20 adresses for max 4 VPN users.

Is there a explenation/solution?



dazey
Dec 7, 2012, 05:50 PM
Are the users connecting from the same IP address by any chance? One thing I have learnt is that only one VPN connection is allowed from any one IP address (but you can have one pptp and one L2TP from the same address)

tbottink
Jan 14, 2013, 05:35 AM
Hi, sorry for not answering to your reply. Missed the notification, holidays etc.

Regarding your question; no, vpn-users are on different physical locations, internet providers in the country.

Meanwhile, we have managed to test this in an other environment with exact same results. Multiple Windows clients can not connect simultaneous to a MacOSX VPN server while Mac-clients (and probably Linux) have no problems.

In the test-situation the server log reported that L2TP phase 1 authentication was OK but phase 2 NOT. From there we got stuck again.

Still trying to get it to work:
- multiple tests with PPTP, checking the local policies on Windows
- different VPN client (TheGreenBow, (free) alternatives?)
- different VPN server (Draytek etc.) will be our last resort

sabahm
Jan 14, 2013, 01:13 PM
I think you should try some other VPN client which allow simultaneous connectivity between two OS.

tbottink
Jan 15, 2013, 07:06 AM
I think you should try some other VPN client which allow simultaneous connectivity between two OS.

I am trying several VPN clients(theGreenbox, Shrew Soft, Viscosity) but haven't got succesfull results yet.

----------

Server log has following entries:
Jan 15 13:27:15 server racoon[235]: Connecting.
Jan 15 13:27:15 server racoon[235]: IPSec Phase1 started (Initiated by peer).
Jan 15 13:27:15 server racoon[235]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Jan 15 13:27:15 server racoon[235]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Jan 15 13:27:15 server racoon[235]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Jan 15 13:27:15 server racoon[235]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Jan 15 13:27:15 server racoon[235]: IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
Jan 15 13:27:15 server racoon[235]: IKE Packet: receive success. (Responder, Main-Mode message 5).
Jan 15 13:27:15 server racoon[235]: IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
Jan 15 13:27:15 server racoon[235]: IKE Packet: transmit success. (Responder, Main-Mode message 6).
Jan 15 13:27:15 server racoon[235]: IPSec Phase1 established (Initiated by peer).
Jan 15 13:27:15 server racoon[235]: IKEv1 Phase2 Initiator: dropped. (can't continue phase2 without valid phase1).
Jan 15 13:27:17: --- last message repeated 1 time ---
Jan 15 13:27:17 server racoon[235]: IKEv1 Phase2 Initiator: dropped. (can't continue phase2 without valid phase1).
Jan 15 13:27:20 server racoon[235]: IKEv1 Phase2 Initiator: dropped. (can't continue phase2 without valid phase1).

Can't figure out why phase 2 will not start after succesfull phase 1, when another Windows client is already connected.

sabahm
Jan 18, 2013, 06:22 AM
I am trying several VPN clients(theGreenbox, Shrew Soft, Viscosity) but haven't got succesfull results yet.

----------

Server log has following entries:
Jan 15 13:27:15 server racoon[235]: Connecting.
Jan 15 13:27:15 server racoon[235]: IPSec Phase1 started (Initiated by peer).
Jan 15 13:27:15 server racoon[235]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Jan 15 13:27:15 server racoon[235]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Jan 15 13:27:15 server racoon[235]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Jan 15 13:27:15 server racoon[235]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Jan 15 13:27:15 server racoon[235]: IKEv1 Phase1 AUTH: success. (Responder, Main-Mode Message 5).
Jan 15 13:27:15 server racoon[235]: IKE Packet: receive success. (Responder, Main-Mode message 5).
Jan 15 13:27:15 server racoon[235]: IKEv1 Phase1 Responder: success. (Responder, Main-Mode).
Jan 15 13:27:15 server racoon[235]: IKE Packet: transmit success. (Responder, Main-Mode message 6).
Jan 15 13:27:15 server racoon[235]: IPSec Phase1 established (Initiated by peer).
Jan 15 13:27:15 server racoon[235]: IKEv1 Phase2 Initiator: dropped. (can't continue phase2 without valid phase1).
Jan 15 13:27:17: --- last message repeated 1 time ---
Jan 15 13:27:17 server racoon[235]: IKEv1 Phase2 Initiator: dropped. (can't continue phase2 without valid phase1).
Jan 15 13:27:20 server racoon[235]: IKEv1 Phase2 Initiator: dropped. (can't continue phase2 without valid phase1).

Can't figure out why phase 2 will not start after succesfull phase 1, when another Windows client is already connected.

Which service provider are you actually using?

tbottink
Jan 22, 2013, 04:42 AM
Which service provider are you actually using?

Different service providers in The Netherlands. Same problem.
I have tried to re-enable PPTP. While I have a problem connecting by L2TP, PPTP succesfully builds the VPN-tunnel. Unfortunately, PPTP has a new problem, not giving access to the network. In both Mac as Windows client PC, the network is unaccessable. Both clients recieved a IP adress.

I have allready reset the Airport NAT settings for PPTP vpn.