You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

L2TP issue on Ventura?

I had been using macOS Big Sur with two L2TP VPN configurations with no problems.


I have now built a fresh laptop running macOS Ventura 13.0.1 and having problems with one of these VPN configurations.


Both configurations are for connecting to devices acting as L2TP servers, one is a Draytek ADSL router and one is a SonicWALL Firewall.


I can successfully connect to the Draytek router, this being both the ADSL router and the VPN server does not have the VPN server behind a NAT gateway. The SonicWALL at a different site is however behind another ADSL router which is performing NAT. In this second case the ADSL router doing the NAT has been configured to forward all the L2TP required ports to the SonicWALL. This works fine with older versions of macOS!


It is apparently not working with macOS Ventura 13.0.1


I am therefore wondering if macOS Ventura has broken the ability to traverse NAT?


Note: The error message I get is very basic as below


Tue Dec  6 17:22:31 2022 : IPSec connection started
Tue Dec  6 17:22:31 2022 : IPSec phase 1 client started
Tue Dec  6 17:22:31 2022 : IPSec phase 1 server replied
Tue Dec  6 17:23:01 2022 : IPSec connection failed


Or if you prefer the GUI




MacBook Pro

Posted on Dec 6, 2022 9:40 AM

Reply
Question marked as Top-ranking reply

Posted on Dec 11, 2022 8:33 AM

I did some further testing including an additional MacBook Pro running a much older macOS to eliminate Ventura.


It turns out that whilst I had correctly retrieved the password from the original Mac via Keychain Access and had found a Shared Key also via Keychain Access I had retrieved the wrong version of the Shared key.


The error messages in both /var/log/ppp.log and Console filtering for the racoon process were completely useless for diagnosing this. The obvious error would have been to report an incorrect shared key which they did not.


Anyway problem solved, L2TP is still working for Ventura. Hurrah!

Similar questions

3 replies
Question marked as Top-ranking reply

Dec 11, 2022 8:33 AM in response to John Lockwood

I did some further testing including an additional MacBook Pro running a much older macOS to eliminate Ventura.


It turns out that whilst I had correctly retrieved the password from the original Mac via Keychain Access and had found a Shared Key also via Keychain Access I had retrieved the wrong version of the Shared key.


The error messages in both /var/log/ppp.log and Console filtering for the racoon process were completely useless for diagnosing this. The obvious error would have been to report an incorrect shared key which they did not.


Anyway problem solved, L2TP is still working for Ventura. Hurrah!

Dec 8, 2022 1:35 PM in response to John Lockwood

Hello John Lockwood,


While doing some research, we came across this from Change options for L2TP over IPSec VPN connections on Mac - Apple Support:


Set VPN options, such as controlling when VPN disconnects, and turning on verbose logging to capture more log information in a VPN session.

VPN options are available only for the L2TP over IPSec type of VPN connection. (For other types of VPN connections, the options are specified by the VPN server when the VPN connection is negotiated.)


There is additional information on that page that may also be of assistance.


Have a good day.

L2TP issue on Ventura?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.