I have a Mac mini running OS X 10.8.2 with the OS X Server 2.2.1 from the app store, and I have set up the VPN using L2TP in the Server.app interface. I have tested this VPN connection using a Macbook, which works, but I can't figure out how to get Android's built-in VPN to work.
Current set-up:
- I have opened ports 500, 1701, 1723, and 4500 on my router.
- I am using a dynamic DNS from no-ip.com, we'll say hostname.no-ip.org
- I have set a "Shared Secret", we'll say 1234567890
- I have set up an account for my android phone on the server, let's say the user name is "nexus" and the password is "google"
On the Macbook, I simply use the DNS, the secret, and credentials that I have set up on the server, and it connects.
On my Android device (Galaxy Nexus 4.2.2) I am using the following settings:
- Name: Mac Server
- Type: L2TP/IPSec PSK
- Server address: hostname.no-ip.org
- LT2TP secret: (not used)
- IPSec identifier: (not used)
- IPSec pre-shared key: 1234567890
When I try to connect using these settings, it prompts for the username and password, so I enter "nexus" and "google". It sits there saying "Connecting…" for maybe 30 seconds and then it just goes back to "Disconnected" with no error or other message. I have also tried putting the "Shared Secret" in the L2TP secret field, but with the same result.
Is the built-in Android VPN simply incompatible with OS X Server's VPN? Or have I misconfigured something?
Note: I would strongly prefer to continue using L2TP, and not the less-secure PPTP VPN
Best Answer
I've had some success in Mac OSX Leopard 10.5.8. For my setup, I have a Mac Mini behind a Verizon FiOS Actiontec router. I was using Android phone to connect.
At first, it worked fine internally (Phone on the same Wifi), but would fail when connecting externally (Phone on data connection). In the end, it is working exactly the opposite.
I don't have a user account for the "VPN User" because this method just created a single user/password for the connection. I am not "logged in" to Mac, but could remote desktop with a "real user" after connected.
I used version 2.4b of iVPN to configure the settings, and here are some end results:
Forwarded ports UDP Any->1701, UDP Any->500
Android Settings Name: YourConnectionName (e.g. Mac Server) Type: L2TP/IPSec PSK Server address: hostname.no-ip.org L2TP secret: (not used) IPSec identifier: (not used) IPSec pre-shared key:
**YourSharedSecret**
When connecting Username: auser Password: challenge
/etc/ppp/user.plist
/etc/ppp/chap-secrets
/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
/etc/racoon/remote/anonymous.conf
You might have to
touch /var/log/ppp/vpnd.log
and if you're not using iVPN, it looks like (from aps -ax
) the server is started withvpnd -i com.apple.ppp.l2tp
. After changing settings and PSKs, I alsoracoonctl flush-sa ipsec
.