VPN client not connecting

Silas1066
Getting noticed

VPN client not connecting

I just set up a RAS VPN on my MX84 , but I can't establish a VPN session.

 

Went through the setup for the VPN, created a subnet, key, and selected meraki cloud authentication.

 

I then went to my Mac and created a new VPN connection with 

 

L2TP

server address (which is pingable and I can resolve the name)

user account and password

key

and "send all traffic over vpn" selected.

 

When I try to connect, I get the message "L2TP server did not respond". I don't see anything in the Meraki dashboard logs. So I tried with my iPhone over the Verizon network, but I get the same result.

 

Is there something I forgot to do?

6 Replies 6
PhilipDAth
Kind of a big deal
Kind of a big deal

Did you try connecting from outside of your network?

PhilipDAth
Kind of a big deal
Kind of a big deal

Some VPN clients can't handle complex PSK's.  Perhaps try a simple PSK like "password" and see if that makes any difference.

Warren
Getting noticed

Follow this guide exactly:

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#macOS

 

We have run into this with macs and windows computers.  If you haven't tried rebooting, do that as well.  Sometimes the client will try to connect and fail repeatedly, then works first time after a reboot.

 

One downside of the Meraki Client VPN on MAC is that if you want to a split tunnel vpn, you have to set it up each and every time.  The static routes don't persist.

 

We have one user who uses it regularly - we gave up trouble shooting the connection and bought them a teleworker gateway (Z1).  

 

I'm pretty sure System Manager can allow a mac to auto connect to the vpn, worth checking into.

Silas1066
Getting noticed

I ultimately opened a case with Meraki

 

looks like the upstream Comcast router is causing the issue --not passing the traffic correctly to the security appliance

PhilipDAth
Kind of a big deal
Kind of a big deal

I have read in other posts about needing to run the comcast router in "bridge" mode.  I don't know anything more about it though sorry.

Warren
Getting noticed


@Silas1066 wrote:

I ultimately opened a case with Meraki

 

looks like the upstream Comcast router is causing the issue --not passing the traffic correctly to the security appliance


I didn't even think to suggest that.  All of our sites have static ip's, so they have to have the isp equipment running in bridge mode.

 

We have seen from time to time carriers will route UDP traffic differently than tcp - even though they claim that they don't.  We use 7 or so ISP's nationwide, so we see a lot.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels