setting VPN using macos maverick own VPN software

[cajolino]

hi,

I’m having problem connecting to my vpn server from a mac os computer.

I installed and configured the VPN Server on a windows 2012 computer.
the virtual hub is of type “standalone”
in the “IPsec/L2TP Setting”:
I enabled L2TP over IPsec but not the other one (raw…)
IPsec pre-shared key: I put some text, say “Hello VPN”

I installed the client on a windows 7 machine using the Ether’s windows client and it worked (after opening ports 443 and 992).


My next step was to set up client-side PVN on my mac os machine.
In network preferences, I created a VPN connection.

If I set up a connection with L2TP over IPSec, I’m obliged to provide machine authentication settings: either a “shared secret” or a certificate.
So I assumed that the shared secret was the pre-shared key, so I put “Hello VPN”
I click connect and I get an error: The L2TP-VPN server did not respond.

If I set up a connection with PPTP-VPN, the settings are easier, I just put my login/password but I still get an error: The PPTP-VPN server did not respond.


Is there maybe a tutorial I have missed or some settings I forgot to set?

I’d rather not use tunnelblick, the config.ovpn file I have to set up looks way too complicated.

Thanks for your help.

Caj.

[avel]

check 500 and 4500 udp ports to be open and forwarded.
check username, if not setup default hub you should use username@hub

and show your log from softether server (hub log too)

as I have tested your settings and all works fine. L2TP works good from Win XP, Win 7, Mac OS as by my tests.

[cajolino]

Hi,

My router is port-forwarding public ports 500 and 4500 to the same ports on my server In Ether VPN Server Manager, I added these 2 ports in the listener list.

in mac os VPN setup, the Account name is: login@virtual hub name as you suggested

and the Mac OS firewall is turned off.

When I try to connect from mac os, the server log file doesn't show anything.
when I try to connect from windows, using a invalid login, the server log file says "...User authentication failed..."
when I try to connect from windows, using a valid login, the server log file says "...Successfully authenticated..."

I also tried Cisco Anyconnect macOS client.
I was able to reach my VPN server but the server eventually rejected the connection with this error:
"...Connection "CID-13" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port.".."


With the above tests, I guess it's safe to assume that the VPN server is correctly configured.

It's something wrong with Mac OS stock VPN software. It can't even reach the server.

I tried to find some tutorial on youtube or on this forum but coudln't find any :-(

Caj

[avel]

First of all delete 500 and 4500 ports from listener, next forward 1701(L2TP-IPsec needed) and 40000(SE VPN Client) ports

I bet your problem is in 1701 UDP port ;) (and don't forget about Shared Key in authorization settings)

If this will not help do plz:
Make screenshots of every step how you make connection in Mac OS? As I have made it and it works fine, but my screenshots will not help you as I have russian Mac OS )

[cajolino]

Hi,

Thanks for your reply.

It seems that this forum doesn't support embedded images (I get a "NG Word Error" message when I click the preview button), so here is an URL instead:
http://postimg.org/image/et5f646it/

As I mentioned earlier, user Id or password cannot be the problem since I can't even reach my vpn server.
My router has the following port forwarding setup:
http://s26.postimg.org/yp1elnnk9/VPN_router.jpg

I also added port 1701.

Still, the VPN server didn't receive any connection request.

Cheers,

Caj.

[avel]

Why are you forwarding only 443 and 992? What about 500 , 4500 and 1701 ?

[cajolino]

avel wrote:
> Why are you forwarding only 443 and 992? What about 500 , 4500 and 1701 ?

Hi,

I did add 1701 after I made the screenshot and softether VPN server is also listening port 1701.
I also added need 500, 4500 (although in softEther VPN client for windows was working just fine without them as I use port 443).

Not sure if I need to add these port in softether VPN server's listener list.
I tried with and without.

In both cases, mac client, cannot reach the server. :-(

Damn, mac os was supposed to be easier than windows!!!

thanks for your help anyway.

Caj.

[avel]

Very strange. Are you sure you not using some Mac OS firewall like Little Snitch, pf and etc?

[cajolino]

Hi,

I do use little snitch, not the other.
But I have always turned if off while doing my testing.

I set up openVPN in the meantime which has worked immediately. So I'm giving up on SoftEther VPN. Maybe I keep it for my windows clients. I've spent too much already and can't afford to waste anymore time on this. It's a promising software but they need to provide real client software for mac os and Linux.

thanks for your help anyway.

Caj.

[inten]

Hi.

Looks like my answer is a bit late, nevertheless, I can say with 100% guarantee that your issue has nothing to do with SoftEther software or Mac OS/Windows. In your case you should check your firewall settings as you may have a problem forwarding an IPSec traffic but not L2TP. If you search the Internet you will realize it is not a trivial task to forward this type of traffic and not everyone did achieve a goal.

Thus, my suggestion now is to try to work with your firewall settings, at least, you could say a brand and a model of it. Not every home/office appliance can manage the traffic well.

Let us know if you still want to fight it :)

Cheers,
Team.

[cajolino]

Hi Inten,

I'm not sure what you mean by brand/Model or my firewall.

I personally don't use a hardware firewall.
On my windows machine, I use the stock software firewall, which hasn't cause any issue with connecting to m server.

On my mac machine, I disabled the stock firewall but use littleSnitch instead.
So Maybe littlesnitch is to blame, but then I did disabled it (click on the littlesnitch agent, then select "stop network filter" wich according to the documentation, allow any communication in or out.

I have a plan to do q fresh reinstall of mac os on another mac before selling it, so I'll give another try at that time.

cheers,

Caj

[inten]

cajolino wrote:

> I'm not sure what you mean by brand/Model or my firewall.

What's this?
http://s26.postimg.org/yp1elnnk9/VPN_router.jpg

[cajolino]

inten wrote:
> cajolino wrote:
>
> > I'm not sure what you mean by brand/Model or my firewall.
>
> What's this?
> http://s26.postimg.org/yp1elnnk9/VPN_router.jpg

This is my home gateway port forwarding config page.

It is a thomson fibre modem.

But I have to doubt this is an issue.
the port and ip address have worked fine when I use a windows client

[inten]

cajolino wrote:

> It is a thomson fibre modem.
>
> But I have to doubt this is an issue.
> the port and ip address have worked fine when I use a windows client

That time when you got a successful connection did you use a SoftEther client for Windows or just a Windows built-in VPN client?

[cajolino]

inten wrote:
> cajolino wrote:
>
> > It is a thomson fibre modem.
> >
> > But I have to doubt this is an issue.
> > the port and ip address have worked fine when I use a windows client
>
> That time when you got a successful connection did you use a SoftEther client for
> Windows or just a Windows built-in VPN client?

Hi,
in windows I've always and only used the SoftEther client
cheers,
Caj.

[inten]

As I stated below your problem is your firewall/router because native SE client uses TCP/443 by default. Moreover, by default SE client uses NAT traversal function that allows to bypass a few firewall limitation.

[cajolino]

inten wrote:
> As I stated below your problem is your firewall/router because native SE
> client uses TCP/443 by default. Moreover, by default SE client uses NAT
> traversal function that allows to bypass a few firewall limitation.

Is there any way to force MacOS VPN software to use a chosen port?
I googled it but it seems it`s not possible.

cheers,

Caj,

[inten]

I am not sure which port you are talking about.
I would advise to set up your router.

[bucko0521]

I am having the same problem can someone reply?

[thisjun]

Did you open ports 500/UDP and 4500/UDP in router?