built-in vpn (L2TP over IPSec) not working with Monterey
Please forgive me if I leave out crucial information in this post — it is my first to the community.
I just upgraded to the new 14″ MacBook pro (M1 Pro), which is running macOS 12.0.1. I work in education, and my employer provides a VPN server to allow off-site access to certain resources. This was working fine on my old MacBook pro using the built-in VPN client (L2TP over IPSec).
On Monterey, I am still able to authenticate with the VPN server, and it shows that I am connected. However, when I try to access or even ping a resource that should be available via the VPN, it fails (Request timeout for a ping). The rest of the internet still functions as usual.
My IT department believes that iCloud private relay could be the issue. However, I do not use iCloud, and rather than having an «options button» in System Preferences -> Apple ID -> iCloud -> Private Relay I have an «upgrade» button. Everything is unchecked within Apple ID.
Any suggestions on how to get the built-in VPN client to function, or 3rd party alternatives that would allow me to connect via L2TP over IPSec, would be welcome.
[Edited by Moderator]
MacBook Pro 14″,
macOS 12.0
Posted on Oct 30, 2021 8:04 AM
I found a solution for the issues I was facing.
Bought a new MacBook Air with Apple M1 chip and migrated the MacBook from old to new. VPN and Microsoft RDP worked flawlessly on my old Mac, but didn’t work at the new MacBook; exact same settings for VPN and RDP.
I had my IT guy look at it and he found a solution:
in Mac > Settings > Network you see the circle with three dots in the bottom left > set order …. (I have Dutch language, so not sure what it is in English) and change the order to have VPN on top, above wifi/Lan.
This worked for me!
Posted on Nov 19, 2021 6:11 AM
Добрый день, настроил L2TP + IPsec + Radius, подключения с Windows клиентов работает, а вот при подключении с MacOS в логах ошибки. Все решения которые находил в интернете подходят для старых версий RouterOS. Используется версия MikroTik RouterOS 6.48.1
Ошибки которые в журнале Mikrotik:
Код: Выделить всё
22:26:30 ipsec no template matches
22:26:30 ipsec failed to get proposal for responder.
22:26:30 ipsec,error x.x.x.x failed to pre-process ph2 packet.Ошибка которая на самом Mac появляется:
Код: Выделить всё
Fatal NO-PROPOSAL-CHOSEN notify message, Phase 1 should be deletedНа текущий момент настройки такие:
Код: Выделить всё
interface l2tp-server server print
enabled: yes
max-mtu: 1450
max-mru: 1450
mrru: disabled
authentication: mschap2
keepalive-timeout: 30
max-sessions: unlimited
default-profile: l2tp_profile
use-ipsec: yes
ipsec-secret: xxxxxxx
caller-id-type: number
one-session-per-host: no
allow-fast-path: noКод: Выделить всё
ppp profile print
name="l2tp_profile" local-address=196.168.6.1 remote-address=dhcp bridge-learning=default use-mpls=default use-compression=default
use-encryption=default only-one=default change-tcp-mss=default use-upnp=default address-list="" dns-server=192.168.6.1,192.168.6.11 on-up=""
on-down=""Код: Выделить всё
ip ipsec peer
DR name="l2tp-in-server" passive=yes profile=default exchange-mode=main send-initial-contact=yes
ip ipsec peer
0 * name="default" auth-algorithms=md5 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=8h pfs-group=modp1024
ip ipsec profile print
0 * name="default" hash-algorithm=md5 enc-algorithm=aes-256,aes-128 dh-group=modp1024 lifetime=1d proposal-check=obey nat-traversal=yes
dpd-interval=disable-dpdНасколько я понимаю MacOS не нравятся алгоритмы шифрования, и то что ipsec использует ike1, но как это поменять если ipsec peer создается динамически и не дает поменять exchange-mode и позволяет использовать только профили используемые по default.
Пробовал с wiki рекомендации для iOS, не помогло:
Код: Выделить всё
/ip ipsec proposal
set default enc-algorithms=aes-128-cbc,aes-256-cbc lifetime=8h
pfs-group=noneПомогите разобраться, куда копать и что можно подправить?
Содержание
- Сервер l2tp vpn не ответил mac os
- Не работает подключение L2TP + IPsec с MacOS
- Сервер l2tp vpn не ответил mac os
- Войти
- Настройка L2TP для подключения Mac OS и I OS
- Question: Q: L2TP/IPsec VPN doesn’t work after upgrade to Catalina.
- All replies
- All replies
- Настройка L2TP / IPsec на Mac OS X
Сервер l2tp vpn не ответил mac os
Бесплатный чек-лист
по настройке RouterOS
на 28 пунктов
Не работает подключение L2TP + IPsec с MacOS
Дома: [CCR1009-7G-1C-1S+] [CRS112-8P-4S-IN] [wAP ac] [RB260GS]
Не дома: [RB4011iGS+] [CRS326-24G-2S+RM] [wAP 60ad] [cAP ac].
. [hEX] [hAP ac²] [hAP ac lite] [hAP mini] [RB260GS]
Дома: [CCR1009-7G-1C-1S+] [CRS112-8P-4S-IN] [wAP ac] [RB260GS]
Не дома: [RB4011iGS+] [CRS326-24G-2S+RM] [wAP 60ad] [cAP ac].
. [hEX] [hAP ac²] [hAP ac lite] [hAP mini] [RB260GS]
Дома: [CCR1009-7G-1C-1S+] [CRS112-8P-4S-IN] [wAP ac] [RB260GS]
Не дома: [RB4011iGS+] [CRS326-24G-2S+RM] [wAP 60ad] [cAP ac].
. [hEX] [hAP ac²] [hAP ac lite] [hAP mini] [RB260GS]
Дома: [CCR1009-7G-1C-1S+] [CRS112-8P-4S-IN] [wAP ac] [RB260GS]
Не дома: [RB4011iGS+] [CRS326-24G-2S+RM] [wAP 60ad] [cAP ac].
. [hEX] [hAP ac²] [hAP ac lite] [hAP mini] [RB260GS]
Значит пока попробовал подключиться с Big Sur к уже работающим серверам (пробовал 6.46.7 long-term и 6.47.8 stable).
Все ок с (почти) стандартными настройками, только аутентификацию он в отличие от более старых осей использует sha256.
Сейчас попробую куда-нибудь накатить 6.48.2 для теста.
Upd.: к 6.48.2 подключился так же без проблем, причем с вообще дефолтными настройками (так что, например, sha1 не помеха).
Дома: [CCR1009-7G-1C-1S+] [CRS112-8P-4S-IN] [wAP ac] [RB260GS]
Не дома: [RB4011iGS+] [CRS326-24G-2S+RM] [wAP 60ad] [cAP ac].
. [hEX] [hAP ac²] [hAP ac lite] [hAP mini] [RB260GS]
Источник
Сервер l2tp vpn не ответил mac os
Войти
Авторизуясь в LiveJournal с помощью стороннего сервиса вы принимаете условия Пользовательского соглашения LiveJournal
Настройка L2TP для подключения Mac OS и I OS
Давненько не писал ничего, видимо моя лень растет при моём же попустительстве. Сегодня упомяну достаточно распространенный вопрос от яблочников. Давать буду практически цитатами с форума, любопытствующие могут просмотреть всю ветку.
Lapjuk:
Здраствуйте. После того как шеф купил новый MacBook OS Sierra я столкнулся с тем что там вырезан протокол PPTP который использовался для подключения предидущего макбука из дому к сети предприятия. После чего настроил на роутере Mikrotik RB1200 l2tp сервер по инструкции http://bozza.ru/art-248.html. Проверил подключения с Windows 7, все подключается, все хорошо работает. Ок, далее настраиваю макбук по инструкции http://www.freeproxy.ru/ru/vpn/mac-os-x/l2tp.htm и подключения не происходит. Смотрю лог микротика
и понимаю что ничего не понимаю))) Думаю что микротик и макбук не могут очем то договорится. Пробовал также настроить подключение и с IPAD OS 10, таже история теже логи.
Подскажите что настроено не так или где копать.
/ip ipsec policy group
add name=group1
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,a es-128-cbc,3des
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=aes-256,aes-192,aes-128,3d es exchange-mode=main-l2tp generate-policy=
port-override passive=yes policy-template-group=group1 secret=*
/ip ipsec policy
set 0 group=group1
Сегодня снес все настройки для L2TP и начал с все с нуля применяя ваш код. Протестировал с Windows 7, I OS X, Mac OS Sierra все работает. Думаю все дело в алгоритмах шифрования. Большое спасибо.
________________________________________ ____________________________________
Вот как бы и счастливое завершение моего маленького пересказа. Удачи вам в IT-битвах.
Источник
Question: Q: L2TP/IPsec VPN doesn’t work after upgrade to Catalina.
It is not possible to work with VPN’s after upgrade to Catalina.
MacBook Pro with Touch Bar
Posted on Oct 9, 2019 7:55 AM
Loading page content
Page content loaded
I am having the same issue using VPN for Azure over IKEv2.; just throws a generic error. The topic is trending for Cisco and Fortinet VPN gateways on Reddit. Apple support had us reinstall Catalina, to no avail.
Oct 9, 2019 11:22 AM
After doing some tinkering, we discovered that (at least for IKEv2) if you choose ‘None’ under Authentication Settings in your VPN settings and then select the «certificate» radio button and choose your certificate, it works. No explanation as to why, but it works.
Clarifying my use case: after updating to Catalina my L2TP/IPsec connection connects as usual but tunnel connectivity disappears anywhere from 40 to 180 seconds (100% reproducible).
Method of checking:
Result: replies as usual until 40 to 180 seconds, then «time out»
—No entries during successful pings—
—No entries 10 seconds after first ping timeout, then—
: no echo-reply, despite successful ppp_auxiliary_probe!
: No response to 3 echo-requests
: Serial link appears to be disconnected.
VNP Hardware: D-link VPN DSR-N250
Windows Virtual machine (running on same Catalina mac) connects to the VPN and hold connection indefinitely.
Oct 10, 2019 6:28 PM
No L2TP VPN working neither with setup in networking connections nor with the Shimo VPN client.
Shimo support reported me that, due to security features in Catalina, no L2TP can work any more.
So this doesn’t seem a bug but an intentional choice
Oct 18, 2019 1:38 PM
This wouldn’t seem logical for the following two reasons:
1) Apple wouldn’t keep the L2TP configuration option if it was no longer supported,
2) In my scenario (above) the connection «does» get established only to be lost in a minute or two.
So we are hoping that Apple just wasn’t aware that the functionality is broken in such a peculiar way.
Oct 18, 2019 1:49 PM
This is the exact response by Shimo support «Unfortunately it’s no longer possible to provide PPTP and L2TP support on macOS Catalina due to Apples security restrictions«.
Shimo doesn’t work any more.
Also Apple VPN on L2TP does’t work always returning an error «the server L2TP-VPN did not respond. «
I agree that it’s somehow strange to still have configuration available but this is my situation at the moment. 🙁
Oct 18, 2019 2:03 PM
I add another information.
Examining the log of Vpn Connections (vim /var/log/ppp.log) i’ve found the following error. «L2TP: cannot connect racoon control socket: Connection refused».
Oct 18, 2019 2:32 PM
Sitting with the same problem. Waiting on feedback from my Router provider «Draytek» on what next,
Oct 19, 2019 4:33 AM
Getting the same problem after an upgrade to Catalina. PPP log shows the error: «L2TP: cannot connect racoon control socket: Connection refused» which I believe is the same as Plicciardello. Tried both native and Shimo clients. Connection to the same VPN server from a different mac running Mojave works fine.
Oct 22, 2019 9:12 AM
your’re experiencing exactly the same problem than me
Oct 22, 2019 1:23 PM
Try to run in terminal:
Oct 28, 2019 2:38 PM
I’ve tried to launch the command and VPN still doesn’t work but the returned error has changed
From «L2TP: cannot connect racoon control socket: Connection refused» we’ve evolved to
Tue Oct 29 00:02:35 2019 : IPSec connection started
Tue Oct 29 00:02:35 2019 : IPSec phase 1 client started
Tue Oct 29 00:02:35 2019 : IPSec phase 1 server replied
Tue Oct 29 00:03:05 2019 : IPSec connection failed
So something has changed. Now is the IPSec connection that fails
Oct 28, 2019 4:08 PM
At in I’d hope apple can provide VPN via SSL URGENTLY, as it seems they removed pretty much everything else that is available via VPN providers.
I understand they want to tighten things up, but removing a capability with not replacement in the market is irresponsible.
Oct 28, 2019 10:32 PM
I’m trying to do a native vpnd installation on Catalina 10.15.1. It had worked perfectly on Mojave. I seem to be getting farther than other people so here’s what I found.
First, my error in the vpnd.log is:
Fri Nov 1 16:00:55 2019 : L2TP incoming call in progress from ‘192.168.0.1’.
Fri Nov 1 16:00:56 2019 : L2TP incoming call in progress from ‘192.168.0.1’.
Fri Nov 1 16:00:58 2019 : L2TP incoming call in progress from ‘192.168.0.1’.
Fri Nov 1 16:01:06 2019 : L2TP incoming call in progress from ‘192.168.0.1’.
Fri Nov 1 16:01:10 2019 : L2TP incoming call in progress from ‘192.168.0.1’.
Fri Nov 1 16:01:14 2019 : L2TP incoming call in progress from ‘192.168.0.1’.
This has information about VPN changes.
The major change I found was that the LaunchDaemon was changed to vpn.ppp.l2tp.plist
I get as far as my log (above) showing that I’m hitting the vpnd service (and I don’t know why 6 times) and then hanging up. I know my username/password/shared secret are correct because if I change one of them, I don’t appear in the log.
Hope this helps someone else to maybe find an answer.
Источник
I have set up a home office server (macOS 10.12.6 with latest Server). I configured VPN L2TP/IPSec on the server.
I can successfully connect to the VPN using iOS 10 (latest). Works great.
I used the very same settings on macOS 10.12.6 client, but am unable to connect. It is trying to, but I get:
The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.»
Oh yes, Administrator = me 🙂
MacBook Pro, macOS Sierra (10.12), 2.5 GHz i7 quad core w. 16gb RAM
Posted on Aug 18, 2017 8:43 AM
Loading page content
Page content loaded
Experiencing the same situation. 2 MBPs running 10.12.6 (16G29) can’t connect to VPN, where 2 older MBPs can—running Mavericks and Snow Leopard. I was connecting with my main Sierra machine less than a month ago, but set up other Sierra laptop this morning and getting the same error.
So I was on the phone with Apple support. During this conversation we found a work around- kind off.
1. On you client, delete the non working VPN settings
2. Create a new admin account
3. Switch users to newly created admin account
4. Create a new VPN profile/Setting
5. Test it. If it works, switch back to your original user/admin account and test to connect there. DON’t modify it, duplicate it or rename it under your original account, or it won’t work anymore and you have to start over! The new VPN profile should continue to work under your original account.
6. If no longer needed delete the temporary admin account.
So I was on the phone with Apple support. During this conversation we found a work around- kind off.
1. On you client, delete the non working VPN settings
2. Create a new admin account
3. Switch users to newly created admin account
4. Create a new VPN profile/Setting
5. Test it. If it works, switch back to your original user/admin account and test to connect there. DON’t modify it, duplicate it or rename it under your original account, or it won’t work anymore and you have to start over! The new VPN profile should continue to work under your original account.
6. If no longer needed delete the temporary admin account.
Tried my luck with both Sierra MBPs—no joy. Thanks for the suggestion.
Источник
Настройка L2TP / IPsec на Mac OS X
пошаговая инструкция с картинками
В этой инструкции приводится пример пошаговой настройки VPN-соединения по протоколу L2TP через IPsec для компьютеров, работающих под управлением операционных систем семейства Mac OS. В качестве примера мы продемонстрируем настройку VPN для операционной системе Mac OS X 10.5 Leopard.
Для того, что бы осуществить правильную настройку VPN-соединения по протоколу L2TP на Mac OS Вам понадобится:
Ищите VPN провайдера? Мы поможем с выбором!
Посмотрите наш рейтинг VPN сервисов с 5-ю лучшими предложениями на рынке.
Если все условия, перечисленные выше, Вы выполнили, то в этом случае можно приступать к настройке VPN-соединения.
1. Первое, что Вам необходимо сделать, это открыть меню «Apple», затем перейти в меню «System Preferences» («Системные настройки»), где выбрать пункт «Network» («Сеть»). Если вдруг окажется, что у Вас нет прав настраивать сеть, то в этом случае нужно кликнуть по иконке замка и ввести имя и пароль администратора компьютера. Затем в меню «Network» («Сеть») слева внизу следует нажать знак плюса, после чего на экране откроется диалоговое окно для создания подключения, где Вы должны выбрать пункт «VPN»
2. В следующем окне выбираете следующие параметры:
После того, как параметры выбраны, нажимаете кнопку «Create» («Создать»)
3. Теперь, когда подключение VPN Вы создали, Вам необходимо его правильно настроить, для чего слева выбираете только что созданное VPN- подключение и в меню справа кликаете по параметру «Configuration» («Конфигурация»). В появившемся списке Вы должны выбрать «Add Configuration» («Добавить конфигурацию»)
4. После того, как Вы выбрали строку «Add Configuration» («Добавить конфигурацию»), Вам нужно ввести имя конфигурации, которое можно выбрать произвольное. В строке «Server Address» («Адрес сервера») вводите адрес сервера, к которому будет осуществляться подключение, в строке «Account Name» («Имя учетной записи») вводите свой логин на сервере. Все эти данные вы можете получить у своего VPN провайдера.
5. Затем нужно нажать кнопку «Authentication Settings» («Настройки аутентификации») и в новом окне задать пароль, а также при необходимости группу и шифрование трафика
6. После того, как ввод параметров завершен, нужно зайти на закладку «Advanced» («Параметры»), где следует поставить «галочку» напротив строки «Send all traffic over VPN connection» («Отправлять весь трафик через VPN») и нажать кнопку «Ok»
На этом настройка VPN-соединения завершена, Вам осталось нажать применить изменения, нажав «Apply («Применить»)», после чего можно нажимать кнопку «Connection» («Подключиться»).
Источник
Replies
The issue is still present in beta 2.
same issue, beta 1, beta 2, cant use also thirdparty app.
yeah I also have this issue with beta2 (was also present on beta1)
I have been able to successfully use L2TP vpn with UniFi firewalls using a configuration profile I created in Apple Configurator 2. Two separate configuration profiles, installed in system preferences, and it connected right up. If I add it through System Preferences manually, I get a PPP configuration error or an L2TP server did not respond. I’m guessing through system preferences, the manual installation isn’t saving correctly, but using a configuration profile works great. Fingers crossed it keeps working!
I’ve never used the configurator. Let me give that a try.
Dude, you are awesome. I hadn’t thought of trying it that way. My iMac is already enrolled in Meraki MDM so I created a new VPN policy in that dashboard, it pushed to iMac, and VPN now connects!
As per @utahtrust comment, I checked this out, and it worked a treat.
- Download Apple Configurator from the Mac App Store and Open after installation.
- Click File->New Profile
- Click VPN from the Left hand Side menu, and configure your VPN Settings.
- After you’re finished, hit CMD + S to save, and save to where ever, find in Finder and double click.
This will prompt System Preferences (now known as System Settings) to launch.
For me, the Profile Installation box did not pop up so I searched Profiles in the Settings Search bar and found it within there.
Double Click the new Profile and hit install. You should be able to see the new VPN Profile, and connect to it.
The Apple Configurator method works in beta 3 as well. The manual option still does not work in beta 3.
I fixed this issue by disabling new feature Private Relay. It solved my issue with GlobalProtect and Cisco Anyconnect. You can find it in System Settings , enter text ‘icloud’ in search. Choose iCloud and in right section you should have Private Relay option. Just turn off Private Relay, sometimes need to restart your laptop.
I’m still having problems with L2PT.
Using Ventura 13.0
Tried everything what was mentioned in this thread. Still no luck. Have multiple Mac only this one doesn’t work with Ventura 13.0. I get this screen,
Still broken beyond usability in 13.1 22C5044e. Can connect but it constantly dies. Haven’t find what causes it to die and sometimes I can use it for hours, sometimes for seconds.
Sat Dec 3 11:54:33 2022 : L2TP port-mapping update for en0 ignored: VPN is the Primary interface. Public Address: 0, Protocol: None, Private Port: 0, Public Port: 0
Sat Dec 3 11:54:33 2022 : L2TP clearing port-mapping for en0
Sat Dec 3 11:55:40 2022 : write: No buffer space available
Sat Dec 3 11:55:58 2022 : write: No buffer space available
Sat Dec 3 11:56:16 2022 : write: No buffer space available
And I have to disconnect and reconnect…
Same here with OpenVPN Connect Version 3.4.0 (4506) on Ventura 13.0.1
Got same issue here, waiting for the fix
VPN no longer works since my update to Ventura
The same story, non of the L2TP profiles works after upgrade to Ventura, connects to server but doesn’t route all traffic via VPN, deleted one of the profiles and tried to recreate at the end then you click create nothing happens box is closed VPN profile is not created.