Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

kimjohnsson

macrumors member
Original poster
Aug 13, 2013
58
8
Hi!

I am having trouble setting up a working VPN (Server) on my Mac Mini at home. El Capitan 10.11.6.

I have a dynamic host name. My router (Inteno DG301AL) at home responds to ping requests sent to that dynamic host name. I have set up port forwarding on it like follows:

UDP: 500, 1701 and 4500
TCP: 1723 (not needed for L2TP?)

My MacMini Server is set up as such:
In Server, on the MacMini Overview page, it says that on Internet, the machine is reachable on IP number a.b.c.d (which corresponds to the dynamic dns address), no services available.

My VPN (Available - Reachability unknown) is configured as follows:
Permissions: All users, All Network
Configure VPN for: L2TP
VPN Host Name: my dynamic dns host name
Shared Secret: whatever
Client addresses: 31 for L2TP
etc default values

I have tested the connection with my iPhone and iPad and from my PC at work, but the Mac does not respond. I don’t see anything happening in the VPN log either, other than that the VPN service is started. My VPN clients are configured using matching parameter values. As user name and password I use the the ones I normally log in with to the Mac.

I have got this to work earlier (a year ago or so) using the same router and another Mac Mini, and I have no clue what I’ve done wrong.

Any ideas where I should start looking?

Cheers,

Kim
 

kimjohnsson

macrumors member
Original poster
Aug 13, 2013
58
8
Hi!

@kimjohnsson Do you have your Mac setup with a static IP on the router and the port forwards going to that static IP?

No, not static. Yes, points to the Mac's IP number. But now that you mention it, this is probably the difference to the last time I set this up, as at that time I used a static IP on the Mac.

Thanks, I'll try that!

Cheers,

Kim
 

Altemose

macrumors G3
Mar 26, 2013
9,189
487
Elkton, Maryland
No, not static. Yes, points to the Mac's IP number. But now that you mention it, this is probably the difference to the last time I set this up, as at that time I used a static IP on the Mac.

Verify that your port forwards are actually working. Can you screen shot your port forward information on your router? Also, verify that you do not have two routers in a "Double NAT" configuration. Lately, ISPs have been rolling out new modems with routers built in that will make all port forwards on the router behind them worthless. Most routers do not alert you when it is in a double NAT configuration aside from the Apple routers.
 

kimjohnsson

macrumors member
Original poster
Aug 13, 2013
58
8
Verify that your port forwards are actually working. Can you screen shot your port forward information on your router? Also, verify that you do not have two routers in a "Double NAT" configuration. Lately, ISPs have been rolling out new modems with routers built in that will make all port forwards on the router behind them worthless. Most routers do not alert you when it is in a double NAT configuration aside from the Apple routers.

I'm actually not quite sure what I should do to check that the router successfully directs traffic to the correct address. The target Mac's (now a fixed IP address) server logs don't contain anything useful. And as far as I know, there shouldn't be a Double NAT situation.

Let's see if I can get that screenshot here next...

Forwards.png


...yeah, apparently :)

IIRC, this is exactly the same setup I had earlier, when this worked.

Cheers,

Kim
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.