VPN 10.3 – Can connect, but cant connect to resources on the VPN

[Tobias]

Hello…

I have set my XSERVE us as a VPN server. It has two ethernet cards. One is connected to the nternet, the other to our local network. I can connect to the VPN from the outside, but once connected I cant connect to any of the services on the VPN. When checking my connections in “System preferences” i can see that I have an IP on the VPN, but the “subnet mask” field is blank??

Any ideas?

[PhillyMJS]

I feel your pain– I’m having the exact same problem. I can connect just fine, but cannot connect to any shares. I can’t even ping the server’s internal IP address while connected.

Apple’s server documentation is practically worthless. Would it kill them to maybe include an example configuration with explanations as to why the settings have to be a certain way? I even came up snake eyes searching Google and Apple’s support discussions for help.

Someone needs to create a tutorial that steps through the setup of each OS X Server service… something I can read through and actually duplicate on a spare machine at home to really learn the ins and outs of how it works and understand why it needs to be set up a certain way, and then apply that knowledge to my own projects. <sigh> But I guess someone’s making too much money from selling $2000 classes to put out a decent tutorial for the advanced stuff.

~Philly

[dave621]

I was just trying to do this myself. Right now I don’t have access to the server (it is in a different town about 30 min. away), but would one of you check this and see if it works?

http://docs.info.apple.com/article.html?artnum=107915

[fherbert]

I had this issue when I first setup OS X VPN server.

I was surprised that I didn’t have to do much on the server in order for it to work.

Essentially the issue was my client machine not routing the traffic to the correct place. If you have a pc, set that up and test it.
I fixed the issue on my client machine, by setting up a new location, and within that location, creating the vpn connection.
I could then ping the server and mount server share points.

PS. I also did the steps as suggested by the post above, this may have also been the cause of my issues.

[PhillyMJS]

I followed the instructions in the tech note over the weekend but still couldn’t get anything working.

Now this morning, I tried from my office and after putting the internal IP address of the DNS server and the default domain in the PPTP network settings on the client (and fixing a stupid typo in the server’s DNS server settings), everything works. Very weird.

Trying it from my office PC running XP doesn’t work, it gets as far as “verifying password” and then gives up and times out., even though I’m trying to establish a PPTP connection and have everything configured properly on the PC (AFAIK). Have to get that figured out, since the client where I’ll be using this needs dual-platform VPN access.

I’ll nuke and rebuild my test server from scratch one night this week and see if I can at least duplicate my results on the Mac client side of things.

Oh, and I still can’t get L2TP incoming connections with either platform. I never get past “Contacting VPN Server.” I’m not sure, but I don’t think simply enabling the L2TP checkbox in the firewall setup opens all the inbound ports L2TP needs. Anyone?

~Philly

[PhillyMJS]

I’m having a good day here– I think the three-day weekend cleared my mind. 🙂

The VPN log kept showing something about LCP requests, or something like that, when the XP box would time out trying to connect. Just stooging around in the settings on the XP side of things, I found the culprit. Something called “Link Control Protocol” is enabled by default on XP, but it doesn’t seem to be supported (or at least enabled by default) by OS X Server.

Open the Properties on your PPTP connection, select the “Networking” pane, click the “Settings” button under the “Type of VPN” popup, and uncheck the “Enable LCP Extensions” option.

Again, I had to put the DNS and WINS server settings for the VPN LAN into the proper places on the Windows box before everything started behaving, but at least it works.

Looks like my clients are going to need some detailed, screenshot-laden instructions to set up VPN connections on their home boxes.

~Philly

[fherbert]

On your OS X server VPN setup, did you enter the dns server and search domain in the “Client Information Tab” in the “Settings” section on the VPN server in Server Admin??

[PhillyMJS]

[QUOTE BY= fherbert] On your OS X server VPN setup, did you enter the dns server and search domain in the “Client Information Tab” in the “Settings” section on the VPN server in Server Admin??[/QUOTE]

Yes, I did. I used the local DNS (192.168.x.x) server running on the OS X box for the LAN, not the two upstream ones belonging to my ISP. Sometimes I still had problems, though, until I put the DNS and search domain info into the client-end PPTP network port configuration myself.

Also, I got PPTP VPN working in WinXP with that LCP Extensions checkbox I mentioned previously enabled. Dunno why it wouldn’t work before.

~Philly

[AlanCE]

Hey guys, found this thread when I Googled “Mac OS X Contacting VPN Server time out” … because, you see, after setting up the vpn service on my Xserve as per the documentation, and setting up VPN in my Internet Connect app on my workstation, no connection occurs, it just times out.

Nothing shows up in the Xserve vpn logs either, so I am apparently not even hitting the server with my request. I have read the link provided in this thread and all the docs i can find at apple’s site on the subject but just can’t seem to contact the server.

There is no firewall between my workstation and the server, in fact they’re on the same hub plugged into the same port in the router… any suggestions at all?

[AlanCE]

Ugh, strange, the connection is being made now and I don’t recall changing squat. *shrug*

Now to figure out why I can’t use the VPN connection to browse and such.

[bpagliano]

I was having this issue for the last couple of weeks. I ended up doing the apple article that said to run the vpnadduserkey command, which did not fix it. I finally went into the workgroup manager and had it in inspector mode found the user entry that the vpnaddkeyuser command added, deleted that user and ran the command again and everything seems to be working as it should now.

apple article:
http://docs.info.apple.com/article.html?artnum=107915

[Author]

Posts