OS X Mavericks (10.9) Breaks VPN Server

Standard

Updated 12/10/2013: Jon Stacey has identified a fix, which involves restoring a copy of racoon from Mountain Lion. I followed his advice and was able to successfully establish an L2TP VPN connection again. Please visit the ‘OS X 10.9 Mavericks fix’ section of his page for more information.

Updated 07/06/2014: The VPN continues to function just fine. I’ve installed several server updates since my previous updates so at this point I’m no longer certain if the previous fix is still in place or if Apple provided a proper fix via update. Regardless, I haven’t had any new problems.

Despite having updated various software packages to avoid software problems with compatibility under Mavericks I hit a wall that I simply haven’t been able to get past. The built-in VPN server in Mavericks (with and without OS X Server) is broken.

I had it working just fine under Mountain Lion, which I managed using iVPN. After upgrading it stopped working. Not long after I added OS X Server and it still wouldn’t work (I purchased OS X Server for its Time Machine capabilities, not for VPN support so I didn’t purchase it expecting it to fix this problem).

Prior to upgrading I had an L2TP VPN server working. Since upgrading I’ve been unable to get L2TP or PPTP working, though I’ve seen more activity with PPTP during connection attempts than with L2TP.

I have hunted across many forum threads and I have been unable to find a solution that works. Some users have reported success though the apparent causes and solutions are extremely varied. The majority of posts are from users that cannot find a solution. This weekend I spent several hours trying to find a solution without success.

At this point there appears to be nothing more that I can do. I’ll simply have to wait until Apple issues an update that fixes the problem. Until then I’ll have to use a service such as LogMeIn to access my desktop, though it’s only a partial solution and doesn’t provide the full access to my network that I need from a VPN server.

AirPort Extreme Base Station and VPN over PPTP

Standard

Updated 06/17/2011: Before you get too far into this post I wanted to point out that I didn’t find a solution to getting a PPTP VPN connection to work with my AirPort Extreme Base Station. I switched over to using L2TP instead.

Updated: 08/03/2011: I’m moving to a different solution to bring PPTP back to my network setup, but you won’t like it. The step I’ve taken illustrates how inconvenient this problem can be.

Overall, I really like the new Airport Extreme Base Station that I purchased recently. The only problem I’ve had, and unfortunately it’s a major problem, is a loss of the ability to connect back into my network remotely over PPTP  via Windows 7 (I prefer to connect to my VPN when staying in a hotel).  I forwarded the appropriate ports but I was only able to use my network for about 20 seconds at a time. After that time was up I could no longer do anything on the network and the connection would usually close within a minute or two.

Unfortunately, I haven’t been able to find a true solution to this problem but I did find an acceptable work-around. I suspect this is a problem with the Extreme not properly passing the PPTP connection, though I don’t know for certain.

I started looking at using other VPN servers. Previously, I just had Windows 7 configured to accept VPN connections. I tried OpenVPN via a VMWare appliance in Fusion, but aside from configuration issues the larger problem was that I could not connect to the VPN using my iPhone or iPad.

My solution, which seems to have worked, was to purchase a copy of MacServe’s iVPN and move the VPN handling directly into OS X. Cost in USD was around $25. It hooks into existing OS X software but provides a simple GUI for management. This option turned out to be very easy to manage and works with all of my devices. Rather than using PPTP I moved over to L2TP.

On the Airport Extreme I setup three UDP ports to forward to a specific system within my network: 500, 1701, 4500

Currently, it sounds like OS X Lion may include similar capabilities, but I simply could not wait until the release of Lion.