On Mar 4, 2014, at 2:03 PM, LuKreme <[email protected]> wrote: > > On 04 Mar 2014, at 11:33 , Gilbert Wilson <[email protected]> wrote: > >> So, if you’re not seeing anything on the server side in >> /var/log/ppp/vpnd.log double-check system.log for messages from racoon and >> vpnd (although from the sound of what you’ve described I’d hazard the guess >> that you’ll only see logs from racoon, if anything at all). > > When I try to connect with the phone I get: > > Mar 4 13:19:31 www.kreme.com racoon[224]: Connecting. > Mar 4 13:19:31 www.kreme.com racoon[224]: Invalid exchange type 243 from > 212.24.148.213[130]. > Mar 4 13:19:31 www.kreme.com racoon[224]: IPSec Phase 1 started (Initiated > by peer). > > (lots of stuff_ > > Mar 4 13:19:31 www.kreme.com racoon[224]: rejected hashtype: > DB(prop#1:trns#6):Peer(prop#1:trns#4) = MD5:SHA > Mar 4 13:19:31 www.kreme.com racoon[224]: rejected prf: > DB(prop#1:trns#6):Peer(prop#1:trns#4) = MD5.0:0.0 > Mar 4 13:19:31 www.kreme.com racoon[224]: no suitable proposal found. > Mar 4 13:19:31 www.kreme.com racoon[224]: failed to get valid proposal. > Mar 4 13:19:31 www.kreme.com racoon[224]: IKE Packet: receive failed. > (Responder, Main-Mode Message 1). > Mar 4 13:19:31 www.kreme.com racoon[224]: failed to pre-process packet. > Mar 4 13:19:31 www.kreme.com racoon[224]: Phase 1 negotiation failed. > > when the Macbook connects: > > Mar 4 14:58:52 www.kreme.com racoon[224]: Connecting. > Mar 4 14:58:52 www.kreme.com racoon[224]: IPSec Phase 1 started (Initiated > by peer). > Mar 4 14:58:52 www.kreme.com racoon[224]: IKE Packet: receive success. > (Responder, Main-Mode message 1). > > (lots of stuff) > > Mar 4 14:58:53 www.kreme.com racoon[224]: IKEv1 Phase 2 Responder: success. > (Responder, Quick-Mode). > Mar 4 14:58:53 www.kreme.com racoon[224]: IPSec Phase 2 established > (Initiated by peer). > Mar 4 14:58:53 www.kreme.com racoon[224]: >>>>> phase change status = Phase > 2 established >
For the iPhone connection above can you include the stuff you cut out? My best guess at this point is that the iPhone is having some sort of issue traversing NAT. You are using the iPhone’s built-in L2TP/ipsec client, correct? I would be surprised if Apple did something to break phase1 negotiation between an iPhone and OS X Server’s VPN. It may be worth testing it from different networks (including the cell network) to see if the messages are different. Also, what versions of iOS and OS X/Server are you using? Mavericks Server had some major bug(s) in racoon that were recently patched; there could be other issues at work in that version that I haven’t heard about, too. Gil Gilbert Wilson Systems Administrator The Omni Group +1 206-523-4152 +1 206-523-5896 (Fax) _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
