I did a little bit of searching from here but I couldn’t find much so I figured I would post to see if there was any information someone had.
Preface: I am not primarily a Mac user. I use Windows for most of my tasks and the clients I have mostly use Windows as well. In this particular case I have a client with an MX84 and a remote user with a MacBook Pro. I have been able to connect to the Client VPN without issue from my Windows machine but whenever I try from this user’s Mac, it fails immediately. It will immediately error out respond with ‘The LT2TP-VPN server did not respond’. I can ping successfully from the Mac and can connect to the VPN from an iPhone on the same network, but not from this Mac. I test from another Brand New Mac I had in my office without issue. I had the user go to a public location with WiFi and still failed out.
Today I got into the computer remotely and tested connectivity to a different Meraki client I have and still receive the error. Within the logs on the Mac I see the following
IPSec Connection Started
IPSec phase 1 client started
IPSec phase 1 server replied
IPSec connection failed <IKE Error 65535 (0xffff) Unknown error>
I received this same error when attempting to connect to the other Meraki client. I have verified the Secret does not include special characters and that the correct check boxes have been checked. The credentials are good as I have tested them on my machine.
It seems the problem is localized to this Mac only. I have the user setting up an appointment with Apple in the coming days, but I dont know what they’ll come up with. I figured I would check with you guys first and see if any of you had seen this before or had more Mac knowledge than I.
I have done quite a bit of troubleshooting so if you need any more clarification please let me know.
OK, so to repeat, you have ONE Mac that has an issue and others work fine. What is different about that Mac? OS Version, running agents that might interfere with network, firewall settings, hardware version, etc.
how many characters if your secret? What version of OSX are you on?
I had issues with High Sierra and my secret being too long.
I had a super long string which worked fine for Windows clients but my OSX clients weren’t connecting(iPhones and iPads were connecting fine tho). I cut the secret to 22 alphanumeric characters and it worked.
Here’s whats wrong if you haven’t discovered it yet. Hopefully this helps someone in the future. When you’re setting up the VPN on the mac through network preferences you need to create a NEW configuration. Just click the dropdown where it probably says Configuration: “Default” and select “Add Configuration”. This will fix it.
Did you get this resolved? I saw nothing mentioning if you made sure send all traffic over vpn connection was checked this is a requirement for merakis VPN
At this point, one Mac that does not work. This Mac does not have AntiVirus or a firewall installed, it’s pretty plain. It is NOT a work managed laptop, it’s a personal. This user has not used it outside of putting a piece of Law software on and that’s it. I took a look through the installed application list and did not see anything out of the ordinary. Just the standard Mac apps that come pre-loaded plus one or two extra programs for their Law Program.
That’s what was weird to me. This Mac is pretty bare bones so I am not sure why there would be anything. I did test outbound ports and they all come back OK as successful for connecting. The Mac is on the latest OSX, but I am not sure the age of the machine.
Oh that is been done twice. I even created a second VPN connection to another Meraki firewall to test and received the same exact result. There is honestly something wrong with the Mac but I don’t know enough about Mac to really know.
So I could never get it to work on this particular persons Mac. We ended up getting them a Windows PC and then it worked without issue. I then tested the same connection on a different Mac and it worked no problem. So it must have been some issue with their Mac but Apple could never figure it out.
For troubleshooting’s sake, Can you try connecting the Mac to another network (phone hotspot) and then try hitting the VPN again? Wondering if it would produce the same error.
Did you check for DNS fuckery(could be an issue resolving if you’re using a hostname)? Are you connecting to the VPN hostname or the IP, whichever one you’re trying now, try the converse.
I did have the user try that first, same results. I also attempted to connect to the VPN via the Dynamic DNS name that Meraki provides and straight to the IP of the appliance itself, same result. DNS seems to be OK since I can ping by name from the terminal and get a response. And if I look through the VPN logs on the Mac I see it connecting to the correct IP when using the name.
There’s just something very weird going on with that Mac.