Problems setting up VPN on Server

[kimjohnsson]

Hi!

I am having trouble setting up a working VPN (Server) on my Mac Mini at home. El Capitan 10.11.6.

I have a dynamic host name. My router (Inteno DG301AL) at home responds to ping requests sent to that dynamic host name. I have set up port forwarding on it like follows:

UDP: 500, 1701 and 4500
TCP: 1723 (not needed for L2TP?)

My MacMini Server is set up as such:
In Server, on the MacMini Overview page, it says that on Internet, the machine is reachable on IP number a.b.c.d (which corresponds to the dynamic dns address), no services available.

My VPN (Available - Reachability unknown) is configured as follows:
Permissions: All users, All Network
Configure VPN for: L2TP
VPN Host Name: my dynamic dns host name
Shared Secret: whatever
Client addresses: 31 for L2TP
etc default values

I have tested the connection with my iPhone and iPad and from my PC at work, but the Mac does not respond. I don’t see anything happening in the VPN log either, other than that the VPN service is started. My VPN clients are configured using matching parameter values. As user name and password I use the the ones I normally log in with to the Mac.

I have got this to work earlier (a year ago or so) using the same router and another Mac Mini, and I have no clue what I’ve done wrong.

Any ideas where I should start looking?

Cheers,

Kim

 

[Altemose]

@kimjohnsson Do you have your Mac setup with a static IP on the router and the port forwards going to that static IP?

 

[kimjohnsson]

Hi!

@kimjohnsson Do you have your Mac setup with a static IP on the router and the port forwards going to that static IP?

No, not static. Yes, points to the Mac's IP number. But now that you mention it, this is probably the difference to the last time I set this up, as at that time I used a static IP on the Mac.

Thanks, I'll try that!

Cheers,

Kim

 

[kimjohnsson]

Thanks, I'll try that!

No change in anything as far as I can see. Incidentally, if I turn on Websites, I also only get availability on my local network.

Cheers,

Kim

 

[Altemose]

No, not static. Yes, points to the Mac's IP number. But now that you mention it, this is probably the difference to the last time I set this up, as at that time I used a static IP on the Mac.

Verify that your port forwards are actually working. Can you screen shot your port forward information on your router? Also, verify that you do not have two routers in a "Double NAT" configuration. Lately, ISPs have been rolling out new modems with routers built in that will make all port forwards on the router behind them worthless. Most routers do not alert you when it is in a double NAT configuration aside from the Apple routers.

 

[Ajmaq]

Check the firewall rules as well.

 

[kiwipeso1]

You will need to have the router point to a fixed address reserved for your mac server.

 

[kimjohnsson]

Verify that your port forwards are actually working. Can you screen shot your port forward information on your router? Also, verify that you do not have two routers in a "Double NAT" configuration. Lately, ISPs have been rolling out new modems with routers built in that will make all port forwards on the router behind them worthless. Most routers do not alert you when it is in a double NAT configuration aside from the Apple routers.

I'm actually not quite sure what I should do to check that the router successfully directs traffic to the correct address. The target Mac's (now a fixed IP address) server logs don't contain anything useful. And as far as I know, there shouldn't be a Double NAT situation.

Let's see if I can get that screenshot here next...

...yeah, apparently

IIRC, this is exactly the same setup I had earlier, when this worked.

Cheers,

Kim