VPN Issue with iOS Client

Discussion in 'Mac OS X Server, Xserve, and Networking' started by RocStarr, Jul 26, 2011.

  1. macrumors newbie

    Joined:
    Apr 1, 2010
    #1
    Hi Folks,

    I have a very strange issue concerning making VPN work on two iOS devices I have. I have recently setup Lion Server on a MacMini here in the office with L2TP VPN using a shared secrert phrase and a password authentication.

    I have Lion running on an a MacBook Air (which I setup VPN using the provisioning profile "VPN.mobileprovision") and Snow Leopard running on an iMac. (VPN was set up manually). Both systems have been tested to work both inside and outsideof my internal network as I have tested with an air card.

    I also have an iPhone running 4.3.4/4.3.5 that I setup by emailing the provisioning profile and and iPad 1 running iOS 5 beta 4 setup with the vpn provisioning profile. Neither the iPad nor iPhone seem to work at all either internally nor externally. In fact I never see any activity in the vpnd.log when I attempt to connect to with these devices. All I get is the standard "The L2TP-VPN server did not respond. Try reconnecting. ..."

    Based on my success with the OSX Clients both inside and outside my local network I feel it is safe to say that I do not think the issue resides on the Lion Server nor the network/firewall configuration. I am running a Time Capsule with FW 7.5.2/7.4.2. There was no change in behavior with either version of the Time capsule firmware for the clients whether they were OSX or iOS. I must be clearly missing something here and I don't know what. Any help any of you could provide would be greatly appreciated. Thanks!


    Please see the below settings for my VPN Settings on the host and iOS client



    root# serveradmin settings vpn
    vpn:vpnHost = ""
    vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
    vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
    vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
    vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
    vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
    vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
    vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
    vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
    vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
    vpn:Servers:com.apple.ppp.pptp:enabled = no
    vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
    vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
    vpn:Servers:com.apple.ppp.pptp:pPP:LCPEchoFailure = 5
    vpn:Servers:com.apple.ppp.pptp:pPP:DisconnectOnIdle = 1
    vpn:Servers:com.apple.ppp.pptp:pPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
    vpn:Servers:com.apple.ppp.pptp:pPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
    vpn:Servers:com.apple.ppp.pptp:pPP:CCPEnabled = 1
    vpn:Servers:com.apple.ppp.pptp:pPP:IPCPCompressionVJ = 0
    vpn:Servers:com.apple.ppp.pptp:pPP:ACSPEnabled = 1
    vpn:Servers:com.apple.ppp.pptp:pPP:LCPEchoEnabled = 1
    vpn:Servers:com.apple.ppp.pptp:pPP:LCPEchoInterval = 60
    vpn:Servers:com.apple.ppp.pptp:pPP:MPPEKeySize128 = 1
    vpn:Servers:com.apple.ppp.pptp:pPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
    vpn:Servers:com.apple.ppp.pptp:pPP:MPPEKeySize40 = 0
    vpn:Servers:com.apple.ppp.pptp:pPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
    vpn:Servers:com.apple.ppp.pptp:pPP:Logfile = "/var/log/ppp/vpnd.log"
    vpn:Servers:com.apple.ppp.pptp:pPP:VerboseLogging = 1
    vpn:Servers:com.apple.ppp.pptp:pPP:DisconnectOnIdleTimer = 7200
    vpn:Servers:com.apple.ppp.pptp:pPP:CCPProtocols:_array_index:0 = "MPPE"
    vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
    vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.224"
    vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.254"
    vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
    vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
    vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
    vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
    vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
    vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
    vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
    vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
    vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "ri.cox.net"
    vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.15.1"
    vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
    vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
    vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
    vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
    vpn:Servers:com.apple.ppp.l2tp:enabled = yes
    vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
    vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
    vpn:Servers:com.apple.ppp.l2tp:pPP:LCPEchoFailure = 5
    vpn:Servers:com.apple.ppp.l2tp:pPP:DisconnectOnIdle = 1
    vpn:Servers:com.apple.ppp.l2tp:pPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
    vpn:Servers:com.apple.ppp.l2tp:pPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
    vpn:Servers:com.apple.ppp.l2tp:pPP:VerboseLogging = 1
    vpn:Servers:com.apple.ppp.l2tp:pPP:IPCPCompressionVJ = 0
    vpn:Servers:com.apple.ppp.l2tp:pPP:ACSPEnabled = 1
    vpn:Servers:com.apple.ppp.l2tp:pPP:LCPEchoInterval = 60
    vpn:Servers:com.apple.ppp.l2tp:pPP:LCPEchoEnabled = 1
    vpn:Servers:com.apple.ppp.l2tp:pPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
    vpn:Servers:com.apple.ppp.l2tp:pPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
    vpn:Servers:com.apple.ppp.l2tp:pPP:Logfile = "/var/log/ppp/vpnd.log"
    vpn:Servers:com.apple.ppp.l2tp:pPP:DisconnectOnIdleTimer = 7200
    vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
    vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
    vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
    vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
    vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
    vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
    vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>
    vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
    vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.15.241"
    vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.15.249"
    vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
    vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
    vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
    vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"
     

    Attached Files:

  2. thread starter macrumors newbie

    Joined:
    Apr 1, 2010
    #2
    Resolved!!

    Issue is resolved. I used the initial random generated shared secret that was generated by Lion Server. The shared secret has special characters. IOS did not like the special characters. See iPhone Console Log below:

    Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/)

    Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] INFO: Reading configuration from "/etc/racoon/racoon.conf"

    Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: /var/run/racoon/68.9.232.78.conf:6: "?gLA" syntax error

    Jul 26 20:00:36 iPhone-4 racoon[718] <Info>: [718] ERROR: fatal parse failure (1 errors)

    That is why I never saw any attempt to connect. The actual process would bomb out before attempting to make a connection to the server.

    The shared secret key was:

    Y|WNwvM_O"?gLA$F@adT

    Looks like it was the " or the ? symbols.

    Once I changed the shared secret key the issue went away and the iPhone and iPad could connect to vpn without issue.

    Figured I'd let you all know
     
  3. macrumors member

    Joined:
    Dec 16, 2012
    Location:
    Vancouver British Columbia
    #3
    I really think this should be bumped as it is extremely important.
     

Share This Page