I just set up a RAS VPN on my MX84 , but I can't establish a VPN session.
Went through the setup for the VPN, created a subnet, key, and selected meraki cloud authentication.
I then went to my Mac and created a new VPN connection with
L2TP
server address (which is pingable and I can resolve the name)
user account and password
key
and "send all traffic over vpn" selected.
When I try to connect, I get the message "L2TP server did not respond". I don't see anything in the Meraki dashboard logs. So I tried with my iPhone over the Verizon network, but I get the same result.
Is there something I forgot to do?
Did you try connecting from outside of your network?
Some VPN clients can't handle complex PSK's. Perhaps try a simple PSK like "password" and see if that makes any difference.
Follow this guide exactly:
https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#macOS
We have run into this with macs and windows computers. If you haven't tried rebooting, do that as well. Sometimes the client will try to connect and fail repeatedly, then works first time after a reboot.
One downside of the Meraki Client VPN on MAC is that if you want to a split tunnel vpn, you have to set it up each and every time. The static routes don't persist.
We have one user who uses it regularly - we gave up trouble shooting the connection and bought them a teleworker gateway (Z1).
I'm pretty sure System Manager can allow a mac to auto connect to the vpn, worth checking into.
I ultimately opened a case with Meraki
looks like the upstream Comcast router is causing the issue --not passing the traffic correctly to the security appliance
I have read in other posts about needing to run the comcast router in "bridge" mode. I don't know anything more about it though sorry.
@Silas1066 wrote:I ultimately opened a case with Meraki
looks like the upstream Comcast router is causing the issue --not passing the traffic correctly to the security appliance
I didn't even think to suggest that. All of our sites have static ip's, so they have to have the isp equipment running in bridge mode.
We have seen from time to time carriers will route UDP traffic differently than tcp - even though they claim that they don't. We use 7 or so ISP's nationwide, so we see a lot.