L2TP VPN configuration on Mac OS X. Step 1: Configure WAN group VPN on the SonicWall appliance. Step 2: Configure L2TP Server. Step 3: Configure user account. Step 1: Configure WAN group VPN on the SonicWall appliance. Step 2: Configure L2TP Server. Go to VPN > L2TP Server. Step 3.Configure User Accounts. Select Users. What could make the Mac not want to connect to remote desktop? If I disable the SSL VPN and just do RDP from home using the mac to the office, It works fine. So something is blocking between the SSL VPN and my RDP, but what!? And why just the MAC, I've been testing this for a couple of weeks and can't seem to fix this.
I'm trying to get VPN access up and running. The company has a SonicWall firewall/concentrator and I'm working on a Mac.
I'm not sure of the SonicWall's hardware or software level. My MacBook Pro is OS X 10.8, x64, fully patched. The Mac Networking applet claims the remote server is not responding. The connection attempt subsequently fails: This is utter garbage, as a Wireshark trace shows the Protected Mode negotiation, and then the fallback to Quick Mode: I have two questions: (1) does Mac OS X VPN work in real life? (2) Are there any trustworthy (non-Apple) tools to test and diagnose the connection problem (Wireshark is a cannon and I have to interpret the results)?
And a third question (off topic): what is so broken in Cupertino such that so much broken software gets past their QA department? I pay good money for the software to run their hardware, and this is an absolute joke. EDIT (, 6:00 PM): The network guy sent me 'VPN Configuration Guide' (Equinox document SonicOS_Standard-6-EN). It seems an IPSec VPN now requires a Firewall Unique Identifier. Just to be sure, I revisited RFC 2409, where Main Mode, Aggressive Mode, and Quick Mode are discussed. I cannot find a reference to Firewall Unique Identifier.
EDIT (, 11:00 PM): From the Mac OS X logs (so much for the garbage message box from this crummy operating system): Wed Nov 14 16:: IPSec connection started Wed Nov 14 16:: IPSec phase 1 client started Wed Nov 14 16:: IPSec phase 1 server replied Wed Nov 14 16:: IPSec phase 2 started Wed Nov 14 16:: IPSec connection failed. Wed Nov 14 17:: L2TP connecting to server '173.167.XXX.YYY' (173.167.XXX.YYY). Wed Nov 14 17:: IPSec connection started Wed Nov 14 17:: IPSec phase 1 client started Wed Nov 14 17:: IPSec connection failed EDIT (, 12:00 AM): I think I am screwed here:.
I am trying to connect to a broken (non-standard) firewall, with a broken Mac OS X client. I was able to connect OS X El Capitan to a Sonicwall TZ 215 using pre shared key (PSK), on the WAN GroupVPN. This was previously working for me with VPN Tracker, but now that I'm running El Capitan beta, VPN Tracker does not work, so I figured I'd give the native VPN another shot. At first it wasn't working, and I thought I'd have to reconfigure the sonicwall as described by @AnnonymousCoward, to use certificates.
However, I noticed in referred to here that you should enable the Accept Multiple Proposals for Clients checkbox in the Advanced tab of the WAN GroupVPN if you're having problems connecting from iOS (and I figured, maybe OS X as well). To be clear, my WAN GroupVPN is configured for ESP: 3DES/HMAC SHA1 (IKE). Using Group2 for Phase 1. Findtime outlook for mac.
Life Time is 28800 on Phase 1 and 2. XAUTH is setup. Under L2TP settings in the main VPN section of the Sonicwall, you must enable and configure the L2TP Server. I set mine up to assign IP addresses to trusted users (e.g.
XAUTH users) in the same IP network range as the rest of my remote network. On OS X side, I created a VPN (L2TP) connection. Server address is that of the remote firewall. Account name is that of the XAUTH user. Authentication settings has Password set as the XAUTH user password, and Shared Secret set as the PSK that was configured on Sonicwall.
Group Name is left blank. I haven't totally figured out routing. Normally in VPN tracker I define the network ranges that I want to route over the VPN (and they must match the routes that are defined on Sonicwall for the endpoint, e.g. 10.72.0.0/16 in my case). I can define multiple remote networks, if I need them, But I don't see where to specify that kind of setup in OS X's VPN configuration. However, so far I am not having a problem accessing the remote network. So I'm guessing L2TP works differently than the configuration I'm using in VPN Tracker.
How to Setup SonicWall VPN Client This page demonstrates how to use the SonicWall Global VPN Client and Remote Desktop Connection to access a remote computer.