Orbi WiFi 7 RBE973

Re: UTM9 Mac OSX Sierra - IPSec VPN

flattened
Apprentice

UTM9 Mac OSX Sierra - IPSec VPN

Hi all,

 

I have used the very useful PDF to enable a Mac on latest OS X Sierra to the UTM 9.

 

PDF https://docs.google.com/viewer?a=v&pid=sites&srcid=a29zc2Jvc3MuY29tfG1haW58Z3g6NzZkNDZhYTNiYTkwNzkzY...


It even gets an IP address (as per the mode config).

 

But it cannot access or ping any devices on the network.

What have I screwed?

 

Cheers 🙂

Andy

Message 1 of 14

Accepted Solutions
flattened
Apprentice

Re: UTM9 Mac OSX Sierra - IPSec VPN

I'd like to end this as closed. We achieved the required result by reverting back to standard PPTP using a 3rd party paid app on the Mac called Shimo.

View solution in original post

Message 14 of 14

All Replies
DaneA
NETGEAR Employee Retired

Re: UTM9 Mac OSX Sierra - IPSec VPN

Hi flattened,

 

Kindly access the article below and it might help:

 

Mac OS X VPN Client install with ProSAFE VPN Firewall/Router

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 2 of 14
flattened
Apprentice

Re: UTM9 Mac OSX Sierra - IPSec VPN

Hello Dane,

 

Thankyou very much for this guide, I have followed it to the letter. A connection is established but I still cannot access any resources. I guess there are more steps for me to take now? A static route? A mode config? 

 

I disclose right now that I really do not understand IPSec tunnels and have been forced down this route by the latest Mac OS release and our client insisting that he use it ... The previous PPTP connection that he had in El Capitan is now depreciated/removed in this latest 'Sierra' release.

Message 3 of 14
DaneA
NETGEAR Employee Retired

Re: UTM9 Mac OSX Sierra - IPSec VPN

Hi flattened,

 

Let me share the old forum link below.  There are a lot of suggestions you can try.

 

https://community.netgear.com/t5/VPN-Firewalls/Mac-OS-X-Yosemite-VPN-setup/td-p/985348

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 4 of 14
flattened
Apprentice

Re: UTM9 Mac OSX Sierra - IPSec VPN

Still no luck, I'm going around in circles as many of those links I had used previous to my post here. I am establishing the link (with either IPSecuritas or the Mac stock client) but I just cannot get to the devices on the internal network... I proper hate Apple.

Message 5 of 14
flattened
Apprentice

Re: UTM9 Mac OSX Sierra - IPSec VPN

Additionally I have nothiced (I think) via the UTM logs that in the process of establising the IPSec connection that there IP address 192.168.10.10 comes into play somehow and I'm not entirely sure what it is. 

I have used the "DIagnostics" and I can actually ping 192.168.10.10 using "Ping through VPN tunnel" check box!

The local LAN is actually a 192.168.40.0/24 range.

I have redacted the calling public IP.

 

2016-10-12 14:02:33[UTM9S] IPsec-SA established[UDP encap 4500->4510]: ESP/Tunnel 192.168.10.10->x.x.x.x with spi=102136819(0x6167bf3)_
2016-10-12 14:02:33[UTM9S] [CONNECT] IPsec-SA established: ESP/Tunnel x.x.x.x->192.168.10.10 with spi=108165093(0x67277e5)_
2016-10-12 14:02:33[UTM9S] IPsec-SA established[UDP encap 4510->4500]: ESP/Tunnel x.x.x.x->192.168.10.10 with spi=108165093(0x67277e5)_
2016-10-12 14:02:33[UTM9S] Adjusting peer's encmode 61443(61443)->Tunnel(1)_
2016-10-12 14:02:33[UTM9S] No policy found, generating the policy : 20.0.0.71/32[0] 192.168.40.0/24[0] proto=any dir=in_
2016-10-12 14:02:33[UTM9S] Using IPsec SA configuration: 192.168.40.0/24<->0.0.0.0/0 from utm_remote1.com_
2016-10-12 14:02:33[UTM9S] Responding to new phase 2 negotiation: 192.168.10.10[0]<=>x.x.x.x[0]_
2016-10-12 14:02:32[UTM9S] purging spi=187648033._
2016-10-12 14:02:32[UTM9S] Sending Informational Exchange: notify payload[INITIAL-CONTACT]_
2016-10-12 14:02:32[UTM9S] ISAKMP-SA established for 192.168.10.10[4500]-x.x.x.x[4510] with spi:287fca8f27ace56e:4d9167164d0dc7dd_
2016-10-12 14:02:32[UTM9S] NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device_
Message 6 of 14
DaneA
NETGEAR Employee Retired

Re: UTM9 Mac OSX Sierra - IPSec VPN

Hi flattened,

 

Have you tried using another MAC computer or a Windows PC and try to set up a client-to-box VPN with the UTM9s in order to isolate the problem? 

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 7 of 14
DaneA
NETGEAR Employee Retired

Re: UTM9 Mac OSX Sierra - IPSec VPN

Hi flattened,

 

Just want to follow-up on this.  Were you able to try using another MAC computer or a Windows PC and try to set up a client-to-box VPN with the UTM9s in order to isolate the problem?

 

 

Regards,

 

DaneA

NETGEAR Community Team

Message 8 of 14
flattened
Apprentice

Re: UTM9 Mac OSX Sierra - IPSec VPN

Hi Dane,

 

Sorry for the late responses, I am still working on this. I did manage to create a link on a WIndows 10 laptop using Shrewsoft client and to do this I also had to alter the Netgear config in a way that made using the Mac even worse. We are getting another Mac onsite tomorrow that I will try with, we also have access to a UTM 25 to try. 

Message 9 of 14
flattened
Apprentice

Re: UTM9 Mac OSX Sierra - IPSec VPN

Was able to establish a working connection between another Mac and another UTM 25 using the orginal guide. I still could not get the connection to pass traffic when using the new Mac and the original UTM however. Suspect the orgiginal UTM has a "problem", it is a production box though and working in all other respects so I'll have to see what I can do....

Message 10 of 14
DaneA
NETGEAR Employee Retired

Re: UTM9 Mac OSX Sierra - IPSec VPN

Hi flattened,

 

Thanks for the update. 🙂 

 

Here are my follow-up questions: 

 

a. Is the other MAC you have used a MAC OS X Sierra also?  

b. Using the other MAC you have mentioned, were you able to try to set up an client-to-box IPSec VPN connection with the UTM9s to isolate the problem?

 

 

Regards,

 

DaneA
NETGEAR Community Team

Message 11 of 14
flattened
Apprentice

Re: UTM9 Mac OSX Sierra - IPSec VPN

Hi Dane,

 

I'm really sorrry but I had a complete and utter brain fart and the new Mac (this one on El Capitan) and another UTM 25 did not solve the problem after all. A complete mistake on my part.

I used the original document you posted and was able to connect the tunnel, get an IP address (supplied by the mode config) but I was unable to access the remote LAN in any way at all.

 

Back to the drawing board.

Message 12 of 14
Danthem
NETGEAR Employee

Re: UTM9 Mac OSX Sierra - IPSec VPN

Just to be sure, is your local subnet on the client side different from the LAN subnet you're trying to access on the UTM side of things?

 

Please also check for any "ANY"-service inbound rules on the UTM, if you can, disable all rules on the UTM temporarily for testing. If that helps, turn them on one by one to find out which one interfers. 

 

Other things to check on the UTM side would be static routes.

Message 13 of 14
flattened
Apprentice

Re: UTM9 Mac OSX Sierra - IPSec VPN

I'd like to end this as closed. We achieved the required result by reverting back to standard PPTP using a 3rd party paid app on the Mac called Shimo.

Message 14 of 14
Top Contributors
Discussion stats
  • 13 replies
  • 6904 views
  • 2 kudos
  • 3 in conversation
Announcements