VPN Connection Setup

ace2109 · 7 Feb 2012 at 22:29

Hi Guys,
I am trying to setup a VPN connection to access my network from another computer/site. Never did this before and as usual I am running into some difficulty.

I have a dynamic so I have setup a no-ip address to make it easier to connect to. I have an o2 wireless box that I have put the details from no-ip into and it looks like its working as it is saying update successful beside hostname.

When I try an use my iPhone to connect it keeps saying the server is unreachable, even when i just try and input the IP address?

Any ideas guys? I am a complete noob at this one.

bremen1874 · 7 Feb 2012 at 23:10

What have you configured as the VPN end point?

Have you opened any ports?

Have you forwarded any ports?

ace2109 · 7 Feb 2012 at 23:16

In the game and application settings page I opened ports 983 and 984.

What do you mean by endpoint?

bremen1874 · 7 Feb 2012 at 23:22

ace2109 said:
What do you mean by endpoint?

What on your network has been configured to accept VPN connections?

ace2109 · 7 Feb 2012 at 23:34

My mac mini running OSX lion server, I am now thinking however that a better router might be better and will let me access my entire network and not just one machine

bremen1874 · 8 Feb 2012 at 00:00

ace2109 said:
My mac mini running OSX lion server, I am now thinking however that a better router might be better and will let me access my entire network and not just one machine

Most of my VPN experience is with setting up fulltime site-to-site IPSec links.

I just added a test PPTP dial in user account to my Vigor 2920 and my iPhone connected to it without any difficulty.

Do you have the option of having a static IP? It does make life simplier.

ncjok · 8 Feb 2012 at 12:06

ace2109 said:
In the game and application settings page I opened ports 983 and 984.

I know Apple are notorious for 'doing things differently' but where did you get ports 983 and 984 from?

To me it looks like OSX server offers PPTP and L2TP/IPsec VPN implementations, the latter being preferred. Apple maintains a list of well known ports for their applications which suggests you'll need to forward UDP 500, UDP 1701, TCP 1723 and UDP 4500; the UDP ports for L2TP and the TCP port if you're going with PPTP.

PistolPete · 8 Feb 2012 at 12:17

You say you connecting from your iPhone...who is your mobile telco.

Orange on the standard "Orangeinternet" APN wont allow VPN, and the same was true of T-Mobile when I was with them.

ace2109 · 9 Feb 2012 at 08:16

I am on o2, never thought of my network provider not allowing VPN, the ports I opened I got from a google search but I will look at the apple standard ports aswell

PistolPete · 9 Feb 2012 at 13:17

A quick Google suggests the vpn.o2.co.uk APN is the one you want and you are probably on the ibrowse APN currently/

ace2109 · 10 Feb 2012 at 21:39

Hi Guys,
Finally got round to going through a few of your suggestions and got my VPN to connect to my server, well sort of.

I can get it to connect while connected to my wifi but if I try and connect via 3G it brings up an error saying "The PPP server could not be authenticated".

The Server Log file contains the following:

Feb 10 21:33:10 mms vpnd[95003]: Incoming call... Address given to client = 192.168.1.227
Feb 10 21:33:10 mms com.apple.ppp.l2tp[95003]: 2012-02-10 21:33:10 GMT Incoming call... Address given to client = 192.168.1.227
Feb 10 21:33:10 mms pppd[99307]: pppd 2.4.2 (Apple version 560.13) started by root, uid 0
Feb 10 21:33:10 mms pppd[99307]: L2TP incoming call in progress from '**.***.***.***'...
Feb 10 21:33:10 mms pppd[99307]: L2TP connection established.
Feb 10 21:33:10 mms pppd[99307]: Connect: ppp0 <--> socket[34:18]
Feb 10 21:33:11 mms pppd[99307]: DSAuth plugin: Failed to retrieve MPPE encryption keys from the password server: errno -14484, ctxt 4
Feb 10 21:33:11 mms pppd[99307]: Fatal signal 11
Feb 10 21:33:11 mms vpnd[95003]: --> Client with address = 192.168.1.227 has hungup
Feb 10 21:33:11 mms com.apple.ppp.l2tp[95003]: 2012-02-10 21:33:11 GMT --> Client with address = 192.168.1.227 has hungup

Any idea on this?

ace2109 · 21 Feb 2012 at 20:35

Ok guys, since my last post I have purchased a Draytek Vigor 2900V router to use for VPN. I am again though having some issues with setup. I have gone into the draytek settings and inserted a pre shared key as well as going into the teleworker setup section and given myself a username and password.

All dial in types have been allowed as well, however when I try and connect to it, my iPhone says - L2TP-VPN server did not respond.

any ideas on where to go from here?

ace2109 · 21 Feb 2012 at 21:55

Also still having issues with trying to connect to VPN on my server. A lot of people were having the same issues on theirs and managed to fix it by doing a few things in terminal, but surely there is an easier fix?

bremen1874 · 21 Feb 2012 at 22:13

ace2109 said:
Ok guys, since my last post I have purchased a Draytek Vigor 2900V router to use for VPN. I am again though having some issues with setup. I have gone into the draytek settings and inserted a pre shared key as well as going into the teleworker setup section and given myself a username and password.

All dial in types have been allowed as well, however when I try and connect to it, my iPhone says - L2TP-VPN server did not respond.

any ideas on where to go from here?

I just tried a L2TP connection to my Vigor 2920.

Set the Pre-Shared Key under IPSec General Setup. Everything left checked.

Added a user via Remote Dial-in User...

Checked Enable This Account
Unchecked PPTP
Unchecked IPSec Tunnel
Changed L2TP with IPSec Policy to Must
Entered a Username
Entered a password
Everything else at default

Added the configuration to my 4S (details only entered via the L2TP page) and it connects over 3g.

ace2109 · 21 Feb 2012 at 22:38

what ports are open on your firewall that allows this connection? Are they the ones mentioned above?

ace2109 · 21 Feb 2012 at 22:42

Am I meant to have anything after my IP address in the server part on my iPhone configuration? maybe something like ***.***.***.***:number

bremen1874 · 21 Feb 2012 at 22:52

ace2109 said:
what ports are open on your firewall that allows this connection? Are they the ones mentioned above?

No ports open that relate to the VPN. It's a connection to the router so you just need to have the appropriate VPN server enabled under Remote Access Control.

ace2109 said:
Am I meant to have anything after my IP address in the server part on my iPhone configuration? maybe something like ***.***.***.***:number

You shouldn't need to. I'm connecting using my domain name (I'm on a static IP). I'll try it with the IP address in a minute.

Edit:- Works fine with my WAN IP as the server address.

I just accidently found that if you leave the L2TP with IPSec Policy as 'None' I can't connect. If it's set to 'Nice to Have' or 'Must' it works.

ace2109 · 21 Feb 2012 at 23:06

my 2900 is behind my o2 wireless box, that is also my firewall, I'm thinking this may be an issue!

ace2109 · 21 Feb 2012 at 23:09

This is my 2900 setup

bremen1874 · 21 Feb 2012 at 23:19

ace2109 said:
This is my 2900 setup

Those settings look okay to me.

Could you temporarily configure the O2 box as a modem to remove it from the equation?