I'm trying to get VPN access up and running. The company has a SonicWall firewall/concentrator and I'm working on a Mac. I'm not sure of the SonicWall's hardware or software level. My MacBook Pro is OS X 10.8, x64, fully patched. The Mac Networking applet claims the remote server is not responding. The connection attempt subsequently fails: This is utter garbage, as a Wireshark trace shows the Protected Mode negotiation, and then the fallback to Quick Mode: I have two questions: (1) does Mac OS X VPN work in real life? (2) Are there any trustworthy (non-Apple) tools to test and diagnose the connection problem (Wireshark is a cannon and I have to interpret the results)?
And a third question (off topic): what is so broken in Cupertino such that so much broken software gets past their QA department? I pay good money for the software to run their hardware, and this is an absolute joke. EDIT (, 6:00 PM): The network guy sent me 'VPN Configuration Guide' (Equinox document SonicOSStandard-6-EN). It seems an IPSec VPN now requires a Firewall Unique Identifier. Just to be sure, I revisited RFC 2409, where Main Mode, Aggressive Mode, and Quick Mode are discussed. I cannot find a reference to Firewall Unique Identifier.
EDIT (, 11:00 PM): From the Mac OS X logs (so much for the garbage message box from this crummy operating system): Wed Nov 14 16:: IPSec connection started Wed Nov 14 16:: IPSec phase 1 client started Wed Nov 14 16:: IPSec phase 1 server replied Wed Nov 14 16:: IPSec phase 2 started Wed Nov 14 16:: IPSec connection failed. Wed Nov 14 17:: L2TP connecting to server '173.167.XXX.YYY' (173.167.XXX.YYY). Wed Nov 14 17:: IPSec connection started Wed Nov 14 17:: IPSec phase 1 client started Wed Nov 14 17:: IPSec connection failed EDIT (, 12:00 AM): I think I am screwed here:.
I am trying to connect to a broken (non-standard) firewall, with a broken Mac OS X client. I was able to connect OS X El Capitan to a Sonicwall TZ 215 using pre shared key (PSK), on the WAN GroupVPN.
This was previously working for me with VPN Tracker, but now that I'm running El Capitan beta, VPN Tracker does not work, so I figured I'd give the native VPN another shot. At first it wasn't working, and I thought I'd have to reconfigure the sonicwall as described by @AnnonymousCoward, to use certificates. However, I noticed in referred to here that you should enable the Accept Multiple Proposals for Clients checkbox in the Advanced tab of the WAN GroupVPN if you're having problems connecting from iOS (and I figured, maybe OS X as well). To be clear, my WAN GroupVPN is configured for ESP: 3DES/HMAC SHA1 (IKE). Using Group2 for Phase 1. Life Time is 28800 on Phase 1 and 2.
VPN Unlimited is one of the best virtual private network services to protect all data you receive or send over the internet, to surf the web anonymously and to bypass restrictions. Get 7-day free trial of our online VPN service and try for yourself.
XAUTH is setup. Under L2TP settings in the main VPN section of the Sonicwall, you must enable and configure the L2TP Server. I set mine up to assign IP addresses to trusted users (e.g. XAUTH users) in the same IP network range as the rest of my remote network. On OS X side, I created a VPN (L2TP) connection. Server address is that of the remote firewall. Account name is that of the XAUTH user.
Authentication settings has Password set as the XAUTH user password, and Shared Secret set as the PSK that was configured on Sonicwall. Group Name is left blank.
I haven't totally figured out routing. Normally in VPN tracker I define the network ranges that I want to route over the VPN (and they must match the routes that are defined on Sonicwall for the endpoint, e.g. 10.72.0.0/16 in my case). I can define multiple remote networks, if I need them, But I don't see where to specify that kind of setup in OS X's VPN configuration.
However, so far I am not having a problem accessing the remote network. So I'm guessing L2TP works differently than the configuration I'm using in VPN Tracker.
Redwood City, Calif.-based Check Point Software Technologies Ltd. On Tuesday introduced for Mac OS X, a Virtual Private Network (VPN) client application that features a centrally-managed personal firewall: System administrators can push out security policies to remote users the same way they can to desktop users on the local network. The client software works in conjunction with Check Point's other security products. Pricing scales depending on the size of the installation. Check Point VPN-1 SecureClient for Mac OS X requires Mac OS X v10.3 or later. This story, 'Check Point offers VPN, firewall for Mac OS X' was originally published.