cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9544
Views
25
Helpful
19
Replies

Has anyone successfully connected a Mac OSX vpn client to RV340 using L2TP/IPSec?

rickrossnc
Beginner
Beginner

Has anyone successfully gotten the built-in Mac OSX VPN client to connect to an RV340 using L2TP/IPSec? We have tried virtually every combination of settings we can think of, but it simply doesn't work. It seems to get close, but then complains of "Authentication Failure." We're absolutely sure we have the user credentials and the preshared-key correct, but we cannot get the built-in Mac OSX VPN client to connect to our RV340 with L2TP.

We did manage to get the built-in Mac OSX client to connect using Cisco IPSec, but we'd like to have the L2TP option working and available. We had similar problems trying to get the Windows 10 built-in VPN client using "L2TP/IPSec with pre-shared key." It won't work, either!

I suspect the problem has something to do with how the RV340 is storing and fetching the preshared-key value. We noticed log entries from signon attempts showing mangled strings for the key (almost like there are a few extra random chars added to the end of the actual, correct string!)

The RV340 has Firmware Version: 1.0.01.17

Thanks
Rick

19 Replies 19

fkzdiceman
Beginner
Beginner

Hi Rick,

Sorry, I don't have a solution, but I'm having trouble connecting to a RV215 from a Mac.  Can you post info on how you connected using Cisco IPsec.  I can't even get that to work.

Thanks,

      -matt

verysiberian
Beginner
Beginner

I just spent the whole day trying to get this to work without success. Would you please share how you got the native Mac OS VPN client to connect to the router over IPSec? I have tried probably 100 different ways of doing this without success.

 

Best regards,

Rob

train_wreck
Beginner
Beginner

One suggestion RE: the mangled PSK strings, maybe check if there are special characters in the PSK, and if so try removing them. Yes, a horrible "solution" if that works, but just a suggestion.

 

I will say IMO that all of the RV routers are pretty terribly for remote-access style VPN; OpenVPN is the best you have, and even that is dog slow. Recommend going with another vendor if this is a feature you need, or at least stepping up to an ISR (the 891F can be purchased for less than $500 in the right places). If you must use an RV, I recommend using plain IPsec (what Apple calls "Cisco IPsec"), as it will perform better than L2TP. L2TP kind of needs to die in my opinion.

verysiberian
Beginner
Beginner

Update: I got this to work with my Macs and iOS devices, though it still does not fix the OP's original issue for using L2TP. Nevertheless, I am posting it here in case it helps others. Using the following procedure, I was able to get Cisco IPSec VPN working on macOS and iOS for a Cisco RV340.

 

On the router:

 

1. Do not mess with IPSec profiles at all, at least for getting your Mac and iOS clients connected. I wasted tons of time with those settings, but they do not seem to apply.

2. VPN Passthrough: be sure that IPSec is enabled.

3. Under Client-to-site, create a new group. Under Add a New Group, go with the default option, Cisco VPN Client. This threw me off big time since I'm not using the Cisco VPN Client (i.e., Cisco AnyConnect), so I wasted hours messing with the third party client settings. Don't do what I did! Keep it simple.

4. Pick your interface, e.g., WAN1, and input a pre-shared key. For User Group, click to add the admin group (or other group that you created in an earlier step).

5. Leave the default DNS server for the LAN IP of your router. 

6. In my setup, I left everything else blank and saved the settings. I did not want or need split tunnels, etc.

 

On the Mac or iOS device:

 

1. Create a new VPN connection using the built-in client. No special software needed. Select Cisco IPSec as the type.

2. Enter your router's WAN IP address (or, depending on your setup, its domain name or dynamic DNS name).

3. Enter your username and password. Click on Authentication Settings, enter the pre-shared key and group name of your client-to-site group.

4. Click Apply.

 

Blam, be happy, you now have IPSec VPN working on your Mac and iOS devices. In hindsight, this all seems pretty simple but I burned an entire day on realizing that you don't need to mess with some of the settings.

 

Cheers,

Rob

Sorry, I left out a couple of steps. On the router under client-to-site settings, select client for mode and enter an IP range that will be assigned to your devices connecting remotely that differs from the local VLAN(s) on the router. In my case, I have four VLANs and simply picked a different third octet for the VPN clients (e.g., 192.168.27.xxx instead of 192.168.1.xxx).

I tried all of this, and still cant get it to work.

 

I have two active internet connections wan1 and wan2, either one doesnt work.

 Like you ive tried every combination. Spend days on this.  i even used shimo program to try other options.

 

i am able to set up site to site with the rv345p.

 

Does client to site automatically set an ipsec profile?

i have an rv345p with newest firmware.

- Vincent

I got IPSec working for client to site. Is that what you're trying to do? I did not mess around with L2TP. Happy to try to assist.

IPSec is good

 

what were the exact settings that you used for your OS X and iOS to connect to your router?

 

it seems that I tried every combination. 

 

If if you could be detailed that would be great maybe screen shots with text ontop. 

i set up client to site. it doesnt ask me what ipsec profile to use so i dont know what setting it is using.  with osx vpn setup exactly how you said it it was done.  it refuses very quickly so i know its failing for the handshake. i rechecked preshare key and password at least ten times and tried to keep them simple with no special characters, i even used the default cisco account because i saw that was having issues.  

 

please help with exact settings, see if you are missing anything. 

Cisco is not helping.

Sorry for the delay. Here are the steps I used successfully to allow macOS and iOS clients to connect to our office VPN using IPSec for a Cisco RV340. 

 

On the router:

1. Under VPN, VPN Passthrough, set IPSec to Enable. Click Apply.

 

2. Under VPN, Client-to-Site, click Add and create a Group. Use the following selections: Cisco VPN Client (select), Enable (checked), Group Name (whatever you prefer, mine is HNA), interface (select your WAN, mine is WAN1), Preshared Key (create one), user group (click Add, mine is for admins), mode is Client, IP range is whatever you want (but must be different from the remote and local LAN subnets), Mode Configuration (enter the router's local IP address). Click Apply.

 

3. Under System Configuration, User Accounts, create the accounts for those who need VPN access. Be sure that each user is part of the group used in the next step.

 

4. Under System Configuration, User Groups, you should already have a group for admin. Edit the group. Be sure that all of your users are in the group and EzVPN/3rd Party contains the group name that you picked earlier (mine is HNA in this example). Click Apply.

 

This is it for the router end of things. 

 

5. On the client (macOS in this example, but also works for iOS), click on System Preferences, Network, then the plus sign. Select VPN, VPN Type Cisco IPSec, and choose a service name. Click Create. Enter the server address, username, and password (these must match the user data you entered into the router's list of users). Click Authentication Settings, select Shared Secret and enter the one you picked in step 2 (preshared key), and finally enter the Group Name (mine is HNA). Click OK, then Apply. Test the connection. It should work. 

 

I am including several screen shots that correspond to each numbered step above. Good luck!

Here are the rest of the screen shots. This site limits the number of attachments to five.

In osx and ios vpn setup, Account name and group name are the same name as the user name set up in the rv340.  so the same user name in cisco is used for group name and user name in the client side vpn setup

 

that was my issue.  OMG

 

thank you so much.

I set my client lan pool range to be 192.168.27.20-192.168.27.25

 

RDP just works when i point to an ip address on the 192.168.1.xxx range without opening ports to the world.

Great! Glad you got it working.

I've followed your instructions and am able to connect the Macintosh to the VPN but then am unable to communicate with anything on the LAN behind the VPN router. On other VPN routers, the assigned IPs are within the LAN subnet but Cisco (or at least this router) doesn't permit that. How do I get traffic flowing between the two IP ranges? Do I need to configure a second VLAN? Do I need to add entries to a routing table? The LAN is 172.23.10.0/24 and I'm using 172.23.11.0/24 for the VPN clients. Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers