[Micronet] OS X Any Connect VPN client fails, Windows works, one location

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] OS X Any Connect VPN client fails, Windows works, one location

Graham Patterson

We are seeing a case where OS X (10.6) machines cannot get a campus VPN
connection in a specific location, while Windows machines can. The OS X
machines can get a VPN connection from other locations.

Background: LHS runs a remote site in Vallejo for teaching using rented
space. DSL service is provided and we have no control over that service
upstream of the ethernet port on the DSL modem. We have an Apple Airport
configured to provide wireless service inside the building.

The Windows machines can do non-VPN and VPN connections without trouble.
OS X 10.6 machines can do non-VPN connections without trouble. OS X 10.6
machines cannot make a VPN connection - the negotiation times out. This
has been verified with two machines, and several accounts. The OS X
machines can do VPN connections on other DSL services.

I would normally suspect an MTU problem somewhere in the chain of
client, Airport, DSL modem, but the Windows systems seem able to handle it.

Does anyone have any suggestions for further diagnosis? Remember, we are
not the DSL subscriber, so we are limited to how much support we can get
at that end.

I find this bizarre, as I would have expected all the clients to have
trouble. And I thought the MTU issue went away with the IPSec VPN.

Graham

--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] OS X Any Connect VPN client fails, Windows works, one location

Ian Crew
Hi Graham:

A few shots in the dark:

Have you tried taking the AirPort base station out of the loop?  In other words, just jacking a Mac directly into the back of the DSL modem and seeing if that works? (Might give you a clue about where the problem lies)

Have you tried unplugging both the DSL modem and the AirPort base station, leaving them unplugged for a minute or two, and plugging them back in again, DSL first, waiting for all lights on the DSL modem to settle down to normal operating config, then AirPort base station?

Are you running the latest version of 10.6 on the macs and the current firmware on the AirPort base station?

Cheers,

Ian

On Sep 8, 2011, at 9:39 AM, Graham Patterson wrote:

>
> We are seeing a case where OS X (10.6) machines cannot get a campus VPN
> connection in a specific location, while Windows machines can. The OS X
> machines can get a VPN connection from other locations.
>
> Background: LHS runs a remote site in Vallejo for teaching using rented
> space. DSL service is provided and we have no control over that service
> upstream of the ethernet port on the DSL modem. We have an Apple Airport
> configured to provide wireless service inside the building.
>
> The Windows machines can do non-VPN and VPN connections without trouble.
> OS X 10.6 machines can do non-VPN connections without trouble. OS X 10.6
> machines cannot make a VPN connection - the negotiation times out. This
> has been verified with two machines, and several accounts. The OS X
> machines can do VPN connections on other DSL services.
>
> I would normally suspect an MTU problem somewhere in the chain of
> client, Airport, DSL modem, but the Windows systems seem able to handle it.
>
> Does anyone have any suggestions for further diagnosis? Remember, we are
> not the DSL subscriber, so we are limited to how much support we can get
> at that end.
>
> I find this bizarre, as I would have expected all the clients to have
> trouble. And I thought the MTU issue went away with the IPSec VPN.
>
> Graham
>
> --
> Graham Patterson, Systems Administrator
> Lawrence Hall of Science, UC Berkeley   510-643-2222
> "...past the iguana, the tyrannosaurus, the mastodon, the mathematical
> puzzles, and the meteorite..." - directions to my office.
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

Ian Crew
Platform and Services Manager, Research Hub
Information Services and Technology-Research and Content Technologies
University of California, Berkeley
2195 Hearst Ave, Second Floor
http://hub.berkeley.edu


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] OS X Any Connect VPN client fails, Windows works, one location

Erik Klavon
In reply to this post by Graham Patterson
On Thu, Sep 08, 2011 at 09:39:38AM -0700, Graham Patterson wrote:

> We are seeing a case where OS X (10.6) machines cannot get a campus VPN
> connection in a specific location, while Windows machines can. The OS X
> machines can get a VPN connection from other locations.
>
> Background: LHS runs a remote site in Vallejo for teaching using rented
> space. DSL service is provided and we have no control over that service
> upstream of the ethernet port on the DSL modem. We have an Apple Airport
> configured to provide wireless service inside the building.
>
> The Windows machines can do non-VPN and VPN connections without trouble.
> OS X 10.6 machines can do non-VPN connections without trouble. OS X 10.6
> machines cannot make a VPN connection - the negotiation times out. This
> has been verified with two machines, and several accounts. The OS X
> machines can do VPN connections on other DSL services.
>
> I would normally suspect an MTU problem somewhere in the chain of
> client, Airport, DSL modem, but the Windows systems seem able to handle it.
>
> Does anyone have any suggestions for further diagnosis? Remember, we are
> not the DSL subscriber, so we are limited to how much support we can get
> at that end.
>
> I find this bizarre, as I would have expected all the clients to have
> trouble. And I thought the MTU issue went away with the IPSec VPN.

If you set the wireless interface MTU to 1400 (or even 1000), does the
problem go away?

BTW, we're using an SSL VPN now. The old VPN was IPsec.

Erik

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] OS X Any Connect VPN client fails, Windows works, one location

Graham Patterson
In reply to this post by Ian Crew

Yes, we went direct connection first, and full power cycle. It wasn't
until we could get another Mac up there that we could confirm it was not
individual machine-specific, but OS-specific. Everything is up to date.


Graham

On 9/8/11 9:44 AM, Ian Crew wrote:

> Hi Graham:
>
> A few shots in the dark:
>
> Have you tried taking the AirPort base station out of the loop?  In other words, just jacking a Mac directly into the back of the DSL modem and seeing if that works? (Might give you a clue about where the problem lies)
>
> Have you tried unplugging both the DSL modem and the AirPort base station, leaving them unplugged for a minute or two, and plugging them back in again, DSL first, waiting for all lights on the DSL modem to settle down to normal operating config, then AirPort base station?
>
> Are you running the latest version of 10.6 on the macs and the current firmware on the AirPort base station?
>
> Cheers,
>
> Ian
>
> On Sep 8, 2011, at 9:39 AM, Graham Patterson wrote:
>
>>
>> We are seeing a case where OS X (10.6) machines cannot get a campus VPN
>> connection in a specific location, while Windows machines can. The OS X
>> machines can get a VPN connection from other locations.
>>
>> Background: LHS runs a remote site in Vallejo for teaching using rented
>> space. DSL service is provided and we have no control over that service
>> upstream of the ethernet port on the DSL modem. We have an Apple Airport
>> configured to provide wireless service inside the building.
>>
>> The Windows machines can do non-VPN and VPN connections without trouble.
>> OS X 10.6 machines can do non-VPN connections without trouble. OS X 10.6
>> machines cannot make a VPN connection - the negotiation times out. This
>> has been verified with two machines, and several accounts. The OS X
>> machines can do VPN connections on other DSL services.
>>
>> I would normally suspect an MTU problem somewhere in the chain of
>> client, Airport, DSL modem, but the Windows systems seem able to handle it.
>>
>> Does anyone have any suggestions for further diagnosis? Remember, we are
>> not the DSL subscriber, so we are limited to how much support we can get
>> at that end.
>>
>> I find this bizarre, as I would have expected all the clients to have
>> trouble. And I thought the MTU issue went away with the IPSec VPN.
>>
>> Graham
>>
>> --
>> Graham Patterson, Systems Administrator
>> Lawrence Hall of Science, UC Berkeley   510-643-2222
>> "...past the iguana, the tyrannosaurus, the mastodon, the mathematical
>> puzzles, and the meteorite..." - directions to my office.
>>
>>
>> -------------------------------------------------------------------------
>> The following was automatically added to this message by the list server:
>>
>> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>>
>> http://micronet.berkeley.edu
>>
>> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
>
> Ian Crew
> Platform and Services Manager, Research Hub
> Information Services and Technology-Research and Content Technologies
> University of California, Berkeley
> 2195 Hearst Ave, Second Floor
> http://hub.berkeley.edu
>

--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-2222
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.