On 16-Dec-2010, at 15:49, Dan Shoop wrote: > > On Dec 16, 2010, at 5:09 PM, LuKreme wrote: >> >> On 16-Dec-2010, at 06:54, Neil Laubenthal wrote: >>> On Dec 16, 2010, at 5:43 AM, LuKreme wrote: >>>> I tell my iPhone to connect to the VNC and I get a message "The L2TP-VPN >>>> server did not respond. Try reconnecting. If the problem continues, verify >>>> your settings and contact your Administrator." >> >>> Sounds like the request isn't getting the the VPN server. >> >> Well, it SOUNDS like that, but it doesn't get to the VPN server even when I >> am on the local LAN. > > And tcpdump or wireshark shows what? What do your log files show?
The log files shows practically nothing at all. This is from an attempt to connect yesterday: 2010-12-10 08:07:48 MST --> Client with address = 10.1.10.205 has hungup 2010-12-16 03:39:55 MST terminating on signal 15 That's the entire extent of the log from yesterday in Server Admin -> VPN - Log This was only after I tried to get the iPhone to connect via PPTP instead of the default L2TP. I haven't gotten into TCPdump because, frankly, I wouldn't know what to look for. I am supposed to be getting a fixed IP from the bozos at comcast today (probably Tuesday though), so that might improve matters? >> And requests to OTHER services (ssh, http, &c) DO get through. >> >>> Does your router need port forwarding as well . . .or is having it in the >>> DMZ sufficient? >> >> DMZ has been sufficient for everything. > > But probably not this. It probably only forwards TCP and UDP protocols yet > you need other IP related protocols to support a VPN. Ah… besides TCP and UDP what is there? G-something? (needless to say, I am completely new to the whole VPN thing, and I don't NEED it, I just thought it would be cool to have on my iPhone and laptop.) > You may have better luck with PPTP as it passes through routers easier as it > doesn't require protocols other than TCP/UDP. Yeah, been there, tried that. If I disable L2TP and only enable PPTP I get a lot more logged, but no connection. 2010-12-17 05:44:50 MST Incoming call... Address given to client = 10.1.10.206 Fri Dec 17 05:44:50 2010 : Directory Services Authentication plugin initialized Fri Dec 17 05:44:50 2010 : Directory Services Authorization plugin initialized Fri Dec 17 05:44:50 2010 : PPTP incoming call in progress from '10.1.10.41'... Fri Dec 17 05:44:50 2010 : PPTP connection established. Fri Dec 17 05:44:50 2010 : using link 0 Fri Dec 17 05:44:50 2010 : Using interface ppp0 Fri Dec 17 05:44:50 2010 : Connect: ppp0 <--> socket[34:17] Fri Dec 17 05:44:50 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe1fc14b> <pcomp> <accomp>] Fri Dec 17 05:44:50 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x3fbc91d8> <pcomp> <accomp>] Fri Dec 17 05:44:50 2010 : lcp_reqci: returning CONFACK. Fri Dec 17 05:44:50 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x3fbc91d8> <pcomp> <accomp>] Fri Dec 17 05:44:50 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0xe1fc14b> <pcomp> <accomp>] Fri Dec 17 05:44:50 2010 : sent [LCP EchoReq id=0x0 magic=0xe1fc14b] Fri Dec 17 05:44:50 2010 : sent [CHAP Challenge id=0x29 <7e052a7f027c263e3d7008672d333739>, name = "cerebus-2.local"] Fri Dec 17 05:44:51 2010 : rcvd [LCP EchoReq id=0x0 magic=0x3fbc91d8] Fri Dec 17 05:44:51 2010 : sent [LCP EchoRep id=0x0 magic=0xe1fc14b] Fri Dec 17 05:44:51 2010 : rcvd [LCP EchoRep id=0x0 magic=0x3fbc91d8] Fri Dec 17 05:44:51 2010 : rcvd [CHAP Response id=0x29 <...>, name = "kreme"] Fri Dec 17 05:44:51 2010 : sent [CHAP Success id=0x29 "S=... M=Access granted"] Fri Dec 17 05:44:51 2010 : CHAP peer authentication succeeded for kreme Fri Dec 17 05:44:51 2010 : DSAccessControl plugin: User 'kreme' authorized for access Fri Dec 17 05:44:51 2010 : sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>] Fri Dec 17 05:44:51 2010 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>] Fri Dec 17 05:44:51 2010 : sent [IPCP TermAck id=0x1] Fri Dec 17 05:44:51 2010 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::4de0:1b24:6e40:bb74>] Fri Dec 17 05:44:51 2010 : Unsupported protocol 0x8057 received Fri Dec 17 05:44:51 2010 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 4d e0 1b 24 6e 40 bb 74] Fri Dec 17 05:44:51 2010 : rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0a 12 06 01 00 00 40] Fri Dec 17 05:44:51 2010 : MPPE required but peer negotiation failed Fri Dec 17 05:44:51 2010 : sent [LCP TermReq id=0x3 "MPPE required but peer negotiation failed"] Fri Dec 17 05:44:51 2010 : Connection terminated. Fri Dec 17 05:44:51 2010 : Connect time 0.1 minutes. Fri Dec 17 05:44:51 2010 : Sent 0 bytes, received 0 bytes. Fri Dec 17 05:44:51 2010 : PPTP disconnecting... Fri Dec 17 05:44:51 2010 : PPTP disconnected 2010-12-17 05:44:51 MST --> Client with address = 10.1.10.206 has hungup (Client is iPhone 4 with latest iOS version) > Also many routers capture all VPN traffic thinking that they should be > hanling it, and some have specific configurations you need to enable to allow > it to pass VPN traffic. Have you checked the latter? There's nothing about VPN in the comcast router (which I *have* to use, it's some SMC 4-port router/Cable modem). I do have "Disable Smart Packet Detection" set as that caused endless problems. I have no static routes, port maps, MAC locking, web site blocking, or anything else enabled on the comcast router. It connects to my Mac Pro via a dumb 1000bT switch. the ONLY thing enabled on the comcast router is the DHCP server, and that will be turned off as soon as the static IP is implemented. Once that is done, the Comcast hardware will be put into 'bridge' mode where it will pass the fixed IP along and be, I believe, completely invisible. Googling around, it appears that this is a somewhat common problem in 10.6 *and* it is also a common problem with Comcast Business. People have posted they've solved it, but have given no details. -- When the least they could do to you was everything, then the most they could do to you suddenly held no terror. --Small Gods _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
