MacOS – Can’t connect to L2TP over IPSec VPN from Mac 10.12.4

macosNetworkvpn

Have troubles with connecting to my VPN from Mac.
Using default Mac client, pre-shared secret.
Also this works well on iOS 10.3.2 from the same Wi-Fi network.

Firewall is disable, no Little Snitch.
macOS error message says 'The L2TP-VPN server did not respond'

Also, I've tried to connect open free VPN, us.freel2tpvpn.com and got no response again, so I think it's a macOS problem, not the server / routing.

Do you have any ideas?

Here is my /var/log/ppp.log

Tue Jun 13 15:34:58 2017 : publish_entry SCDSet() failed: Success!
Tue Jun 13 15:34:58 2017 : publish_entry SCDSet() failed: Success!
Tue Jun 13 15:34:58 2017 : l2tp_get_router_address
Tue Jun 13 15:34:58 2017 : l2tp_get_router_address 172.16.21.1 from dict 1
Tue Jun 13 15:34:58 2017 : L2TP connecting to server '86.102.88.210' (86.102.88.210)...
Tue Jun 13 15:34:58 2017 : IPSec connection started
Tue Jun 13 15:35:03 2017 : IPSec connection failed

update 1
checked udp ports 500, 1701, 4500 — all open from mac

update 2
set up another l2tp ipsec preshered secret server on windows and got same result — don't respond on mac, connected on iphone

update 3
wiresharked booth on 'connections', and there is no udp packets from mac on connection, but test packets are ok.

definitely the mac vpn client is broken (firewall is off), where should I dig?

Best Answer

First step: Ensure that outgoing L2TP connections work properly. To do that, run the following commands in Terminal (you can copy and paste if you want):

/usr/bin/nc -uvw5 portquiz.net 500
/usr/bin/nc -uvw5 portquiz.net 1701
/usr/bin/nc -uvw5 portquiz.net 4500

You should get something that looks like this (note the three "succeeded" lines):

found 0 associations
found 1 connections:
     1: flags=82<CONNECTED,PREFERRED>
    outif en0
    src 192.168.1.2 port 56916
    dst 178.33.250.62 port 500
    rank info not available
    TCP aux info available

Connection to portquiz.net port 500 [tcp/isakmp] succeeded!
found 0 associations
found 1 connections:
     1: flags=82<CONNECTED,PREFERRED>
    outif en0
    src 192.168.1.2 port 56917
    dst 178.33.250.62 port 1701
    rank info not available
    TCP aux info available

Connection to portquiz.net port 1701 [tcp/l2f] succeeded!
found 0 associations
found 1 connections:
     1: flags=82<CONNECTED,PREFERRED>
    outif en0
    src 192.168.1.2 port 56918
    dst 178.33.250.62 port 4500
    rank info not available
    TCP aux info available

Connection to portquiz.net port 4500 [tcp/ipsec-msft] succeeded!

If that works, then you should be able to connect, and the problem is likely the server, or a configuration problem (I've used the macOS L2TP client for a long time and haven't experienced any issues). If not, something is blocking an outgoing port.

Related Question