vpnd needs restarting every 6-12 hours on OS X 10.5.6

[nickforge]

I have setup an L2TP/IPSec vpnd using Leopard’s built-in vpnd by configuring the /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist file. It currently looks like this:

[code]
ActiveServers

com.apple.ppp.l2tp

Servers

com.apple.ppp.l2tp

DNS

OfferedSearchDomains

OfferedServerAddresses


IPv4

ConfigMethod
Manual
DestAddressRanges

192.168.1.210
192.168.1.215

OfferedRouteAddresses

OfferedRouteMasks

OfferedRouteTypes


Interface

SubType
L2TP
Type
PPP

L2TP

IPSecSharedSecret
mySecret
Transport
IPSec

PPP

AuthenticatorProtocol

MSCHAP2

LCPEchoEnabled
1
LCPEchoFailure
5
LCPEchoInterval
60
Logfile
/var/log/ppp/vpnd.log
VerboseLogging
1

Server

Logfile
/var/log/ppp/vpnd.log
MaximumSessions
128
VerboseLogging
1

[/code]

When I start vpnd, everything works great. I can connect from my remote mac, and I can access file shares, screen sharing etc. Everything except for bonjour works (which is as expected). The only problem is that after vpnd has been running for around 6 hours, it stops allowing VPN clients to connect. When the bad connection occurs, the server vpnd.log looks like this:

[code]2009-04-06 12:28:32 EST Incoming call… Address given to client = 192.168.1.213
Mon Apr 6 12:28:33 2009 : SCDynamicStoreCreate failed: Configuration daemon not (no longer) available
2009-04-06 12:28:33 EST –> Client with address = 192.168.1.213 has hungup
2009-04-06 12:28:33 EST Incoming call… Address given to client = 192.168.1.214
Mon Apr 6 12:28:33 2009 : SCDynamicStoreCreate failed: Configuration daemon not (no longer) available
2009-04-06 12:28:33 EST –> Client with address = 192.168.1.214 has hungup
2009-04-06 12:28:35 EST Incoming call… Address given to client = 192.168.1.215
Mon Apr 6 12:28:35 2009 : SCDynamicStoreCreate failed: Configuration daemon not (no longer) available
2009-04-06 12:28:35 EST –> Client with address = 192.168.1.215 has hungup[/code]

This is repeated every ten seconds or so until the client gives up. The client’s ppp.log looks like this:

[code]Mon Apr 6 12:34:40 2009 : L2TP connecting to server ‘203.myip.1.1’ (203.myip.1.1)…
Mon Apr 6 12:34:43 2009 : L2TP sent SCCRQ
Mon Apr 6 12:34:43 2009 : IPSec connection started
Mon Apr 6 12:34:43 2009 : IPSec phase 1 client started
Mon Apr 6 12:34:43 2009 : IPSec phase 1 server replied
Mon Apr 6 12:34:43 2009 : IPSec phase 1 established
Mon Apr 6 12:34:44 2009 : IPSec phase 2 started
Mon Apr 6 12:34:44 2009 : IPSec phase 2 established
Mon Apr 6 12:34:44 2009 : IPSec connection established
Mon Apr 6 12:34:44 2009 : L2TP sent SCCRQ
Mon Apr 6 12:35:04 2009 : L2TP cannot connect to the server[/code]

Does anyone have any ideas what the “SCDynamicStoreCreate failed: ” message is an indication of? A bit of googling and digging around led me to an ADC page that states that the error message means that the SystemConfiguration daemon is not responding or available. Any ideas as to why or how that could be? Is there a setting missing in my plist that is causing vpnd to hang after a few hours?

Thanks in advance,
Nick

[lix]

Hello,

I don’t have an answer, rather the same problem. In my case the server runs for only a couple of minutes, then I get the same messages as you get. Only a restart helps, but again for a limited period of time. Did you find a resolution for this problem?

Lix

[nickforge]

In the end, I installed iVPN and used that instead. It’s not perfect and there were a few glitches, but once I got it setup and working, and removed my own startup scripts etc., it has been running reliably.

I could try and work out what iVPN is doing that I wasn’t, and reverse engineer it, but I decided that it was better to just buy it.

[lix]

Problem is in my case, I have this issue +with+ iVPN (I bought it too)!

Meanwhile I think I got a trace: it appears that if I am restarting the vpn server using the iVPN GUI, or manually in a terminal (vpnd), I have the issue. However, if I reboot the machine and basically vpnd is run at boot time by the startup script, then the problem does not occur. I had more than one day since the vpn server has been started with no problems at all. Today I reconfigured some parameters using iVPN and the problem re-appeared immediately. I rebooted the machine (a mini, latest generation with a fresh Leopard on it, up to date) and I can log-in without problem. I will check again in a couple of days to report if it still works. It is a kludgy work-around (that is, after each VPN server configuration change I have to reboot the machine!), but I see no other solution for now.

So I suspect that the start-up must be done in a certain order (how various daemons must be started), otherwise vnpd does not work properly. At boot-time maybe the order is right, while by simply restarting vpnd it does not suffice.

However, my theory does not explain your initial problems, and especially that your problems have been solved by using iVPN.

[lix]

As I suspected, there is now one week since the vpn server runs without a hitch. I did not have the time to look into the issue, however any hints would be appreciated.

[guitar24t]

I had a similar problem (I think?).

10.5.7 fixed it for me.
Don’t know if you’re still looking into this,
Robert

[Author]

Posts