- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
VPN MacOS client setup
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Working to setup up a IPv4 Client-to-Gateway VPN tunnel for MacOS clients configuring the MacOS native VPN client (Network Settings, VPN Interface, Cisco IPSec type). It appears I have been successful, using an IKE Policy (though no VPN Policy appears to exists) and Mode_Config to define the pool of IPv4 addresses assigned to connecting clients. (This pool is separate from the pool of local addresses assigned by the VPN Firewall's DHCP service.) I can connect the client and see the assigned IPv4 address within the pool. I can send/receive email and browse through the tunnel.
But I cannot see any other resources on the local network behind the VPN Firewall, such as my NAS, or share screen or files with local computers, all which I can do with client directly connecting to the local network. I wonder if the VPN connection is not added to the default VLAN, so cannot see local devices connected on the VLAN. I would greatly appreciate any direction to solve this problem of device access over the tunnel!
- Ken M
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I apologize for this is the only time I got back on this. Is your network setup as well as the settings on your FVS336Gv3 and MAC OS X Sierra the same as indicated on the article below?
Mac OS X VPN Client install with ProSAFE VPN Firewall/Router
Regards,
DaneA
NETGEAR Community Team
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Hi morrisonkena,
Kindly answer the questions below:
a. Was it working fine before?
b. Does same problem occurs if you will established a VPN tunnel using other MACbook or iMAC?
c. What is the specific MAC OS are you using?
d. What is the current firmware of the FVS336Gv3?
Kindly post screenshots of the settings you have configured on the FVS336Gv3 and the MAC OS VPN client.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Hi Dane,
Thank you for the reply.
I am setting this up for the first time, so I can't say it was working fine before. I have tried the VPN tunnel on only one MacBook Pro. But I plan to try today or tomorrow on an iOS device as well.
The current firemware of the FVS336Gv3 is 4.3.4-2, which I believe is current. S/N 3NJ252530021B .
The client environment is a MacBook Pro, 13", 2016, Four Thunderbolt 3 ports, 16 GB 2133 MhZ LPDDR3 memory, 1 TB SSD disk, 3.3 GHz Intel Core i7 processor, Intel Iris Graphics 550 w/ 1536 MB. The MacBook is running MacOS Sierra, 10.12.3.
Thank you and regards,
- Ken (morrisonkena)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Hi Ken -
I would be interested in hearing about your experiences.
I tried the same type of connection a few months back (we have an SRX5308), with assistance of Netgear support (there is a KB article that describes the setup), and though it worked (including accessing resources - perhaps you need to do something about DNS resolution), the connection would always terminate after 5 minutes,even if I was actilvely using it. I tried changing various settings (I believe I opened a support ticket), but was never successful in resolving this. It became a lower priority (because we have alternate methods of accessing the VPN) but it remains an issue for us.
I was also trying to connect iOS devices (iPhone & iPad) and got the same 5 min disconnect behavior. Here is the KB article for that:
http://kb.netgear.com/app/answers/detail/a_id/25836?cid=wmt_netgear_organic
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Hi sqv,
I configured my FVS336Gv3 and my Mac's VPN client using a Netgear Application Notes document titled "How to Configure UTM with Apple OSX and iOS Devices for IPsec VPN", dated 2011. I can't recall how I stumbled upon this document but you could search for it.
As I said, I can connect from my Mac laptop to my FVS336Gv3 over the VPN, and I can send/receive email and web browse, but I cannot yet access LAN resources, such as my network storage. I am certain the solution is some configuration adjustment on the FVS336Gv3 (perhaps DNS resolution as you suggest) but I have not had the time to experiment and have not received any reply from Netgear or any other community member.
What I have not experienced is the timeouts you are seeing. The tunnel appears to stay up until I close it.
I have not yet configured iOS devices, as that is less critical to me that MacOS. Thank you for the KB article!
- Ken
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
I apologize for this is the only time I got back on this.
Kindly check if the VPN policy is configured to allow access to all of the network and not just the client. To check, on the web-GUI of the FVS336Gv3, go to VPN > IPSec VPN > VPN Policies then select the corresponding VPN policy then click Edit. The start IP Address in the Traffic Selection section should have 0 in the last octet, to allow access to the entire network.
Also, kindly ensure that the local IP address of the MacOS native VPN client is in a different LAN subnet than what is indicated on the LAN subnet of FVS336Gv3, if this is not possible you should use Mode Config. For example, if the existing LAN subnet of the FVS336Gv3 is on 192.168.1.x network, then the LAN IP address of the computer where you are using the MacOS native VPN client should be on a different LAN subnet such 10.10.10.x or 192.168.9.x network.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
I just want to follow-up on this. Were you able to try the suggestions?
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Hi DanaA,
I am back from my travels out-of-town, cleared my backlog of tasks and am now fully focused on solving this VPN connectivity issue.
Know that I am not at all skilled in setup of VPN's. My current setup has an IKE Policy using a Mode Config, but has no VPN Policy set up. Perhaps I don't need an IKE Policy at all, and just a VPN Policy??
I am absolutely a believer in "reading the manual" before asking for help, so please do direct me to any background I can read before I ask for your generous help.
I confirrm the local IP address of my MacBook VPN client is different from the LAN subnet the firewall sits on. It should also be so, but I will have different DHCP assiged IP addresses as I move around to different host networks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I apologize for this is the only time I got back on this. Is your network setup as well as the settings on your FVS336Gv3 and MAC OS X Sierra the same as indicated on the article below?
Mac OS X VPN Client install with ProSAFE VPN Firewall/Router
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
DaneA,
Thank you for sharing this document, "Mac OS X VPN Client install with ProSAFE VPN Firewall/Router". I had not seen that in my searches.
Since I already had an IKE Policy set I did not use the VPN WIzard, but did edit my existing IKE Policy configuration to match that shown in the document. I then created a VPN Policy that matched that shown in the document. Then I downloaded and installed the IPSecuritas VPN client for Mac, configuring it also as shown in the document. Running the client from a different, outside network, testing the VPN connection back to my work network fronted by the ProSAFE FVS336Gv3 I could *not* connect.
I verified the settings and tried again. No luck. The error log generated by IPSecuritas shows me this message:
Connection KennyNetVPN is not started because of address collision between local (( "127.0.0.1/8", "::1/128", "fe80::1/64", "fe80::aede:48ff:fe00:1122/64", "fe80::47e:6959:af4c:25c5/64", "192.168.1.93/24", "fe80::4422:cdff:fe7e:f936/64", "fe80::dd35:9b1a:7cf6:2221/64", "fe80::7ab7:4e99:2578:c3df/64", "fe80::c0f:a40b:f157:9d6c/64", "fd28:7e35:d34b:5f8:c0f:a40b:f157:9d6c/64" )) and remote (( "192.168.1.0/24" )) networks
Any idea about this failure? Should I delete my policies completely and start over, using the wizard?
Thanks, Ken
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Kindly delete the existing IKE & VPN policies then start over use the VPN Wizard.
Let us know result.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
DaneA -
Did as you asked, deleted existing IKE and VPN policies then started over using the VPN Wizard. Verified all settings, including those of the IPSecuritas client. From an outside LAN I initiated a connection, the color indicator turned yellow, then red. Opening the log I noticed these errors:
TIme Severity Src Message
11:42:37 Error IKE phase 2 negotiation failed due to time up waiting for phase1. ESP 136.24.0.247[500]->10.10/10/115[510]
11:42:38 Error IKE phase 1 negotiation failed due to time up. fc325fd40062cb8c:0000000000000000
136.24.0.247 is the public IP address of my FVS336Gv3. 10.10.10.115 is my LAN address of the outside network from which I am connectted back to my home network. I can sent the full error log if you wish. Any ideas?
- Ken
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Thanks for the update. I apologize for the late response.
I found another article online which is a bit different to the first one I've shared with regard to some settings configured. Kindly access it below and try to follow the steps:
IP Securitas Os X – Netgear FVS336G VPN Settings
Kindly delete the existing IKE & VPN policies then start over again. Let us know the result.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Ken
11:42:37 Error IKE phase 2 negotiation failed due to time up waiting for phase1. ESP 136.24.0.247[500]->10.10/10/115[510]
About a year ago, I got exact same error message as you, when connecting to a VPN created by Netgear Support just for me to test with
"setup a IKE policy with mode config enabled in our laboratory"
my error message was:
Error IKE phase2 negotiation failed due to time up waiting for phase1. ESP 124.83.33.11[0]->192.168.1.198[0]
Netgear support are telling me that they received no connection attempt from my network. It was at that point I have up on the whole idea of setting up a VPN and tossed it into the too hard basket.
Did you ever get it working?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
DaneA,
Thank you for the additional article with alternate settings. I did try those alternate settings, but also without sucess. The two articles had variations on similiar settings, which has suggested to me to play around a bit more with those settings, in hope of finding a combination that works. I'll update this thread with any successful findings.
Regards,
- Ken
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
genesearch,
DaneA, on this thread, has provided references to two articles purporting to have the configuration deteils I require. However I have tried both configuration settings sets without success. The similiarity of the settings between the two articles has me believig that I am close, so I will "play" with variations on these settings to see if I can break through. I will update the thread with news of any breaktrough. I'll also drop you a brief note as well. But then again, if after experimenting, I might also have need for the "too hard" bucket!
Still, given the growing popularlity of Macs, I find Netgears weak support for that platform baffling. There should be good, tested, instructions for setting up this VPN on the FVS336G ("with SSL and IPSec VPN") using MacOS. There also shoud be a MacOS version of Netgear Smart Control Center. One can hope NetGear comes to recognize this market.
- Ken
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: VPN MacOS client setup
Ken
I have since got the VPN working using the above instructions and it worked, however I didnt do anything different than last time.
Since I had updated both the Netgear router firmware and using Updated version of Ipsecuritas, i can only assume that there was something wrong with older software. Especially that I was gettin the same errors connecteding to the Netgear supports test VPN they created in their lab.