I use a VPN from my Mac (OS X El Capitan). It works fine everywhere… except for one particular guest Wifi network, where I simply cannot connect to the VPN: it shows "Connecting…" in the menubar for a few seconds, then fails. Verify the server address and try reconnecting.". The VPN configuration seems fine, as it works fine from every other network.
How do I debug the cause of this? Is this network blocking access to this VPN? How would I tell?
Here are the log messages in /var/log/system.log:
racoon[40908]: accepted connection on vpn control socket.
racoon[40908]: IPSec connecting to server X.X.X.X
racoon[40908]: Connecting.
racoon[40908]: IPSec Phase 1 started (Initiated by me).
racoon[40908]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
racoon[40908]: >>>>> phase change status = Phase 1 started by us
racoon[40908]: IKE Packet: transmit success. (Phase 1 Retransmit).
--- last message repeated 2 times ---
racoon[40908]: IPSec connecting to server X.X.X.X
racoon[40908]: Connecting.
racoon[40908]: IPSec Phase 1 started (Initiated by me).
racoon[40908]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
racoon[40908]: >>>>> phase change status = Phase 1 started by us
racoon[40908]: port 62465 expected, but 0
racoon[40908]: IKEv1 Phase 1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
racoon[40908]: >>>>> phase change status = Phase 1 started by peer
racoon[40908]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
racoon[40908]: IKEv1 Phase 1 Initiator: success. (Initiator, Aggressive-Mode).
racoon[40908]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
racoon[40908]: IPSec Phase 1 established (Initiated by me).
racoon[40908]: IPSec disconnecting from server X.X.X.X
racoon[40908]: IKE Packet: transmit success. (Information message).
racoon[40908]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
racoon[40908]: failed to send vpn_control message: Broken pipe
racoon[40908]: glob found no matches for path "/var/run/racoon/*.conf"
racoon[40908]: IPSec disconnecting from server X.X.X.X
There is a precisely 30-second gap between Phase 1 established and IPSec disconnecting. I have full network connectivity from this guest Wifi network as long as I don't enable the VPN. I am in the US, so it is unlikely this is government censorship, but it might be some kind of blocking by the maintainer of the guest network. I can successfully ping the server IP address (anonymized to X.X.X.X in the logs above). Anything else to check?
Best Answer
It seems that the network you are on is blocking the port 62465 which your VPN server is using.