How do I connect Android 4.2 VPN to OS X Server VPN (L2TP)?
I've had some success in Mac OSX Leopard 10.5.8. For my setup, I have a Mac Mini behind a Verizon FiOS Actiontec router. I was using Android phone to connect.
At first, it worked fine internally (Phone on the same Wifi), but would fail when connecting externally (Phone on data connection). In the end, it is working exactly the opposite.
I don't have a user account for the "VPN User" because this method just created a single user/password for the connection. I am not "logged in" to Mac, but could remote desktop with a "real user" after connected.
I used version 2.4b of iVPN to configure the settings, and here are some end results:
Forwarded ports UDP Any->1701, UDP Any->500
Android Settings
Name: YourConnectionName (e.g. Mac Server)
Type: L2TP/IPSec PSK
Server address: hostname.no-ip.org
L2TP secret: (not used)
IPSec identifier: (not used)
IPSec pre-shared key: **YourSharedSecret**
When connecting Username: auser Password: challenge
/etc/ppp/user.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Password</key>
<string>challenge</string>
<key>User</key>
<string>auser</string>
</dict>
</plist>
/etc/ppp/chap-secrets
auser * challenge *
/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ActiveServers</key>
<array>
<string>com.apple.ppp.l2tp</string>
</array>
<key>Servers</key>
<dict>
<key>com.apple.ppp.l2tp</key>
<dict>
<key>DNS</key>
<dict>
<key>OfferedSearchDomains</key>
<array/>
<key>OfferedServerAddresses</key>
<array>
<string>208.67.222.222</string>
<string>208.67.220.220</string>
</array>
</dict>
<key>IPv4</key>
<dict>
<key>ConfigMethod</key>
<string>Manual</string>
<key>DestAddressRanges</key>
<array>
<string>192.168.10.101</string>
<string>192.168.10.200</string>
</array>
<key>OfferedRouteAddresses</key>
<array>
<string>192.168.10.100</string>
</array>
<key>OfferedRouteMasks</key>
<array>
<string>255.255.255.0</string>
</array>
<key>OfferedRouteTypes</key>
<array>
<string>Private</string>
</array>
</dict>
<key>Interface</key>
<dict>
<key>SubType</key>
<string>L2TP</string>
<key>Type</key>
<string>PPP</string>
</dict>
<key>L2TP</key>
<dict>
<key>IPSecSharedSecret</key>
<string>**YourSharedSecret**</string>
<key>Transport</key>
<string>IPSec</string>
</dict>
<key>PPP</key>
<dict>
<key>AuthenticatorProtocol</key>
<array>
<string>MSCHAP2</string>
</array>
<key>LCPEchoEnabled</key>
<integer>1</integer>
<key>LCPEchoFailure</key>
<integer>5</integer>
<key>LCPEchoInterval</key>
<integer>60</integer>
<key>Logfile</key>
<string>/var/log/ppp/vpnd.log</string>
<key>VerboseLogging</key>
<integer>1</integer>
</dict>
<key>Server</key>
<dict>
<key>Logfile</key>
<string>/var/log/ppp/vpnd.log</string>
<key>MaximumSessions</key>
<integer>128</integer>
<key>VerboseLogging</key>
<integer>1</integer>
</dict>
</dict>
</dict>
</dict>
</plist>
/etc/racoon/remote/anonymous.conf
remote anonymous {
doi ipsec_doi;
situation identity_only;
exchange_mode main;
verify_identifier off;
shared_secret use "**YourSharedSecret**";
nonce_size 16;
nat_traversal_multi_user on;
initial_contact on;
support_mip6 on;
proposal_check claim;
proposal {
authentication_method pre_shared_key;
hash_algorithm sha1;
encryption_algorithm 3des;
lifetime time 3600 sec;
dh_group 2;
}
}
sainfo anonymous {
encryption_algorithm aes, 3des;
authentication_algorithm hmac_sha1, hmac_md5;
compression_algorithm deflate;
lifetime time 3600 sec;
}
You might have to touch /var/log/ppp/vpnd.log and if you're not using iVPN, it looks like (from a ps -ax) the server is started with vpnd -i com.apple.ppp.l2tp. After changing settings and PSKs, I also racoonctl flush-sa ipsec.
Related videos on Youtube
14 : 27
02 : 00
10 : 41
01 : 37
02 : 40
nerdherd
Updated on September 18, 2022Comments
-
nerdherd almost 2 years
I have a Mac mini running OS X 10.8.2 with the OS X Server 2.2.1 from the app store, and I have set up the VPN using L2TP in the Server.app interface. I have tested this VPN connection using a Macbook, which works, but I can't figure out how to get Android's built-in VPN to work.
Current set-up:
- I have opened ports 500, 1701, 1723, and 4500 on my router.
- I am using a dynamic DNS from no-ip.com, we'll say hostname.no-ip.org
- I have set a "Shared Secret", we'll say 1234567890
- I have set up an account for my android phone on the server, let's say the user name is "nexus" and the password is "google"
On the Macbook, I simply use the DNS, the secret, and credentials that I have set up on the server, and it connects.
On my Android device (Galaxy Nexus 4.2.2) I am using the following settings:
- Name: Mac Server
- Type: L2TP/IPSec PSK
- Server address: hostname.no-ip.org
- LT2TP secret: (not used)
- IPSec identifier: (not used)
- IPSec pre-shared key: 1234567890
When I try to connect using these settings, it prompts for the username and password, so I enter "nexus" and "google". It sits there saying "Connecting..." for maybe 30 seconds and then it just goes back to "Disconnected" with no error or other message. I have also tried putting the "Shared Secret" in the L2TP secret field, but with the same result.
Is the built-in Android VPN simply incompatible with OS X Server's VPN? Or have I misconfigured something?
Note: I would strongly prefer to continue using L2TP, and not the less-secure PPTP VPN
-
Admin about 11 yearsI'm going through the same process right now, but Mac Mini PPC with 10.5.8. I can connect to it when on the same Wifi, but am running into trouble poking holes through the NAT. Using iVPN to configure Mac OSX non-Server.
-
nerdherd about 11 yearsThank you for the detailed answer, I have not had a chance to play with this yet but I will give it a try ASAP. I have upvoted for now until I can confirm that it works. Thanks again!