VPN client no longer connecting

A colleague of mine has a Mac which is no longer able to connect to our office VPN. It has worked in the past, and nothing has changed in his VPN-settings nor on the server side. (Other Mac users with identical settings connect without problems).

Here's what he gets in his ppp.log:

Thu Feb 23 10:23:30 2017 : publish_entry SCDSet() failed: Success!
Thu Feb 23 10:23:30 2017 : publish_entry SCDSet() failed: Success!
Thu Feb 23 10:23:30 2017 : l2tp_get_router_address
Thu Feb 23 10:23:30 2017 : l2tp_get_router_address 10.2.6.1 from dict 1
Thu Feb 23 10:23:30 2017 : L2TP connecting to server '310.20.30.40' (310.20.30.40)...
Thu Feb 23 10:23:30 2017 : IPSec connection started
Thu Feb 23 10:23:30 2017 : IPSec phase 1 client started
Thu Feb 23 10:23:40 2017 : IPSec connection failed

(I've replaced the IP address with a non existing one)

So the client starts, but a 'IPSec phase 1 server replied' never comes.

I'm actually not sure where to look next, given that our other Macs connect successfully, and our VPN-server & firewall haven't changed either.

Who can help me out? :)


I had the same exact error log, but with having admin access to vpn server and router, so I found out the problem quickly. For me it was dst-nat problem, on one router that I forgot about being there and I found it via traceroute. I was playing with it and some testing vpn-servers 2 years ago.

So basically this log would show up if no packets on 500/udp or 4500/udp are able to reach the server or just end up redirected to non-existing address(like my case). There's most likely no problem with your colleague's mac. The log would just say something else if there was something like bad configurations, secret, cipher, outdated operating system etc. I recommend to contact your office if you haven't yet and tell them your IP.


Apple routinely changes/updates their DH settings to improve/force higher security on vpn connections. So if this coincides with a recent MacOS update on the machine that's likely it. Try changing the DH Group settings on the VPN side to a Higher level. Or roll back the Mac for now until you can

https://support.apple.com/en-us/HT206154

https://www.cameronbrister.com/mac-os-x-10-11-4-breaks-some-cisco-ipsec-vpn-connections/