Skip to content

L2TP VPN working on Mavericks finally!

I finally had a few minutes free to explore Jon Stacey’s excellent blog about getting L2TP working on Mavericks…

His documentation is excellent, and can be found here:
How to Setup a L2TP VPN Server on OS X

Repeated here in case his blog goes away – but all credit to him…

Go into Keychain Access and delete the old com.apple.net.raccoon password/shared secret if you have one.

Get a new SHARED-SECRET-PHRASE, Steve Gibson Research has an excellent random string generator at: Perfect Passwords

Insert your 64 byte random hex string into Keepass or some other password authentication vault.

Create a new Shared Secret keychain:

sudo security add-generic-password -a com.apple.ppp.l2tp -s com.apple.net.racoon -T /usr/sbin/racoon -p "SHARED-SECRET-PHRASE" /Library/Keychains/System.keychain
sudo launchctl unload -w /Library/LaunchDaemons/com.apple.ppp.l2tp.plist

Expand the Zip file from Jon’s site.

vi com.apple.RemoteAccessServers.plist com.apple.ppp.l2tp.plist
sudo cp ./com.apple.RemoteAccessServers.plist /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
sudo cp ./com.apple.ppp.l2tp.plist /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
sudo chown root:wheel /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
sudo chmod 644 /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist /Library/LaunchDaemons/com.apple.ppp.l2tp.plist
sudo launchctl load -w /Library/LaunchDaemons/com.apple.ppp.l2tp.plist 

Put the new shared secret into your iPhone, iPad, and Laptops – and make sure your router forwards VPN traffic to the new server.

I am embarrassed to admit I had this working fine on both Leopard and Snow Leopard, but could not upgrade to Lion, Mountain Lion nor Mavericks the host serving L2TP VPN until now… so I had a Snow Leopard Mac Mini just for this… now it can be Mavericks (or Lion or whatever). Happy dance.

Post a Comment

Your email is never published nor shared. Required fields are marked *