VPN client no longer connecting

macos vpn

A colleague of mine has a Mac which is no longer able to connect to our office VPN. It has worked in the past, and nothing has changed in his VPN-settings nor on the server side. (Other Mac users with identical settings connect without problems).

Here's what he gets in his ppp.log:

Thu Feb 23 10:23:30 2017 : publish_entry SCDSet() failed: Success!
Thu Feb 23 10:23:30 2017 : publish_entry SCDSet() failed: Success!
Thu Feb 23 10:23:30 2017 : l2tp_get_router_address
Thu Feb 23 10:23:30 2017 : l2tp_get_router_address 10.2.6.1 from dict 1
Thu Feb 23 10:23:30 2017 : L2TP connecting to server '310.20.30.40' (310.20.30.40)...
Thu Feb 23 10:23:30 2017 : IPSec connection started
Thu Feb 23 10:23:30 2017 : IPSec phase 1 client started
Thu Feb 23 10:23:40 2017 : IPSec connection failed

(I've replaced the IP address with a non existing one)

So the client starts, but a 'IPSec phase 1 server replied' never comes.

I'm actually not sure where to look next, given that our other Macs connect successfully, and our VPN-server & firewall haven't changed either.

Who can help me out? :)


I had the same exact error log, but with having admin access to vpn server and router, so I found out the problem quickly. For me it was dst-nat problem, on one router that I forgot about being there and I found it via traceroute. I was playing with it and some testing vpn-servers 2 years ago.

So basically this log would show up if no packets on 500/udp or 4500/udp are able to reach the server or just end up redirected to non-existing address(like my case). There's most likely no problem with your colleague's mac. The log would just say something else if there was something like bad configurations, secret, cipher, outdated operating system etc. I recommend to contact your office if you haven't yet and tell them your IP.


Apple routinely changes/updates their DH settings to improve/force higher security on vpn connections. So if this coincides with a recent MacOS update on the machine that's likely it. Try changing the DH Group settings on the VPN side to a Higher level. Or roll back the Mac for now until you can

https://support.apple.com/en-us/HT206154

https://www.cameronbrister.com/mac-os-x-10-11-4-breaks-some-cisco-ipsec-vpn-connections/

Related

Terminal: map super/command key in stty
Why are my passwords copied to the "Local Objects" keychain after using AutoFill? What is "Local Objects" after all?
(SOLVED) - Error: "The device does not have the necessary services" when using bluetooth to browse files on Galaxy S7 Edge
Enable or disable Night Shift via Terminal
Dual-monitor – dialog boxes appear on "wrong" screen
Using "Microsoft Surface Keyboard" on Mac Sierra
Can one's iMessage/FaceTime identities be hijacked at a public Wi-Fi?
How to disable autocomplete on macOS but not iOS?
MacBook Pro suddenly started spinning fans at 100% while lid was closed for a couple of hours
How do I disable the Apple ID sign in when logging into my Mac?
Can I import an image to use for annotations or a signature in the macOS Preview app?
fsck_msdos keep blocking external HD