Github user swill commented on the issue: https://github.com/apache/cloudstack/pull/872 I have not been able to make the `Remote Access VPN` work with Mac. I have tried both `L2TP over IPSec` and `Cisco IPSec` (bare ipsec I believe), neither work. I am getting the same problems that Rohit had above. I have tested in 3 different network environments. From the office, from home and over 3G by creating a wireless hotspot and I get the same results in all situations. I have run the following command on the VR to enable more detailed logging `ipsec stroke loglevel cfg 2`. Here is a dump of the logs when attempting to connect. It looks like the connection is established, but there seems to be an issue doing the final negotiation. I have been trying different configurations to see if I can find one that works, but I have not been able to find a config that works yet. I have also flushed my iptables to be sure it is not an issue with the firewall. Here are the logs: ``` Oct 6 15:56:03 r-1968-VM charon: 02[NET] received packet: from 24.114.xx.yy[13429] to 74.121.ww.zz[500] (788 bytes) Oct 6 15:56:03 r-1968-VM charon: 02[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ] Oct 6 15:56:03 r-1968-VM charon: 02[CFG] looking for an ike config for 74.121.ww.zz...24.114.xx.yy Oct 6 15:56:03 r-1968-VM charon: 02[CFG] candidate: 74.121.ww.zz...%any, prio 1052 Oct 6 15:56:03 r-1968-VM charon: 02[CFG] found matching ike config: 74.121.ww.zz...%any with prio 1052 Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received NAT-T (RFC 3947) vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received FRAGMENTATION vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] received DPD vendor ID Oct 6 15:56:03 r-1968-VM charon: 02[IKE] 24.114.xx.yy is initiating a Main Mode IKE_SA Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable DIFFIE_HELLMAN_GROUP found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable ENCRYPTION_ALGORITHM found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable DIFFIE_HELLMAN_GROUP found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selecting proposal: Oct 6 15:56:03 r-1968-VM charon: 02[CFG] proposal matches Oct 6 15:56:03 r-1968-VM charon: 02[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024 Oct 6 15:56:03 r-1968-VM charon: 02[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160, IKE:AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/PRF_HM AC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160 Oct 6 15:56:03 r-1968-VM charon: 02[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Oct 6 15:56:03 r-1968-VM charon: 02[ENC] generating ID_PROT response 0 [ SA V V V ] Oct 6 15:56:03 r-1968-VM charon: 02[NET] sending packet: from 74.121.ww.zz[500] to 24.114.xx.yy[13429] (136 bytes) Oct 6 15:56:03 r-1968-VM charon: 01[NET] received packet: from 24.114.xx.yy[13429] to 74.121.ww.zz[500] (380 bytes) Oct 6 15:56:03 r-1968-VM charon: 01[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Oct 6 15:56:03 r-1968-VM charon: 01[IKE] remote host is behind NAT Oct 6 15:56:03 r-1968-VM charon: 01[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Oct 6 15:56:03 r-1968-VM charon: 01[NET] sending packet: from 74.121.ww.zz[500] to 24.114.xx.yy[13429] (396 bytes) Oct 6 15:56:03 r-1968-VM charon: 03[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (108 bytes) Oct 6 15:56:03 r-1968-VM charon: 03[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ] Oct 6 15:56:03 r-1968-VM charon: 03[CFG] looking for pre-shared key peer configs matching 74.121.ww.zz...24.114.xx.yy[192.168.43.66] Oct 6 15:56:03 r-1968-VM charon: 03[CFG] candidate "L2TP-PSK", match: 1/1/1052 (me/other/ike) Oct 6 15:56:03 r-1968-VM charon: 03[CFG] selected peer config "L2TP-PSK" Oct 6 15:56:03 r-1968-VM charon: 03[IKE] IKE_SA L2TP-PSK[6] established between 74.121.ww.zz[74.121.ww.zz]...24.114.xx.yy[192.168.43.66] Oct 6 15:56:03 r-1968-VM charon: 03[ENC] generating ID_PROT response 0 [ ID HASH ] Oct 6 15:56:03 r-1968-VM charon: 03[NET] sending packet: from 74.121.ww.zz[4500] to 24.114.xx.yy[13430] (92 bytes) Oct 6 15:56:04 r-1968-VM charon: 14[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:04 r-1968-VM charon: 14[ENC] parsed QUICK_MODE request 4086740468 [ HASH SA No ID ID NAT-OA NAT-OA ] Oct 6 15:56:04 r-1968-VM charon: 14[CFG] looking for a child config for 74.121.ww.zz/32[udp/l2f] === 24.114.xx.yy/32[udp/53141] Oct 6 15:56:04 r-1968-VM charon: 14[CFG] proposing traffic selectors for us: Oct 6 15:56:04 r-1968-VM charon: 14[CFG] 74.121.ww.zz/32[udp/l2f] Oct 6 15:56:04 r-1968-VM charon: 14[CFG] proposing traffic selectors for other: Oct 6 15:56:04 r-1968-VM charon: 14[CFG] 0.0.0.0/0[udp] Oct 6 15:56:04 r-1968-VM charon: 14[CFG] candidate "L2TP-PSK" with prio 5+1 Oct 6 15:56:04 r-1968-VM charon: 14[CFG] found matching child config "L2TP-PSK" with prio 6 Oct 6 15:56:04 r-1968-VM charon: 14[CFG] selecting traffic selectors for other: Oct 6 15:56:04 r-1968-VM charon: 14[CFG] config: 0.0.0.0/0[udp], received: 24.114.xx.yy/32[udp/53141] => match: 24.114.xx.yy/32[udp/53141] Oct 6 15:56:04 r-1968-VM charon: 14[CFG] selecting traffic selectors for us: Oct 6 15:56:04 r-1968-VM charon: 14[CFG] config: 74.121.ww.zz/32[udp/l2f], received: 74.121.ww.zz/32[udp/l2f] => match: 74.121.ww.zz/32[udp/l2f] Oct 6 15:56:04 r-1968-VM charon: 14[IKE] no matching CHILD_SA config found Oct 6 15:56:04 r-1968-VM charon: 14[ENC] generating INFORMATIONAL_V1 request 3901559225 [ HASH N(INVAL_ID) ] Oct 6 15:56:04 r-1968-VM charon: 14[NET] sending packet: from 74.121.ww.zz[4500] to 24.114.xx.yy[13430] (92 bytes) Oct 6 15:56:07 r-1968-VM charon: 07[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:07 r-1968-VM charon: 07[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:10 r-1968-VM charon: 08[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:10 r-1968-VM charon: 08[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:14 r-1968-VM charon: 06[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:14 r-1968-VM charon: 06[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:17 r-1968-VM charon: 01[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:17 r-1968-VM charon: 01[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:20 r-1968-VM charon: 15[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:20 r-1968-VM charon: 15[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:24 r-1968-VM charon: 08[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:24 r-1968-VM charon: 08[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:27 r-1968-VM charon: 12[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:27 r-1968-VM charon: 12[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:30 r-1968-VM charon: 06[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:30 r-1968-VM charon: 06[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:34 r-1968-VM charon: 02[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (332 bytes) Oct 6 15:56:34 r-1968-VM charon: 02[IKE] received retransmit of request with ID 4086740468, but no response to retransmit Oct 6 15:56:34 r-1968-VM charon: 01[NET] received packet: from 24.114.xx.yy[13430] to 74.121.ww.zz[4500] (108 bytes) Oct 6 15:56:34 r-1968-VM charon: 01[ENC] parsed INFORMATIONAL_V1 request 4023936214 [ HASH D ] Oct 6 15:56:34 r-1968-VM charon: 01[IKE] received DELETE for IKE_SA L2TP-PSK[6] Oct 6 15:56:34 r-1968-VM charon: 01[IKE] deleting IKE_SA L2TP-PSK[6] between 74.121.ww.zz[74.121.ww.zz]...24.114.xx.yy[192.168.43.66] ```
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---