# L2TP Authentication Issue - 10.5.8 Server



## John Clay (Jun 25, 2006)

I'm having a hell of a time tracking down an irritating VPN issue with 10.5.8 Server, where every few days/weeks/months (seemingly random), the L2TP service will stop authenticating users properly, displaying a perpetual "Authenticating..." message for the client, and a rather useless "IPCP: Maximum Config-Requests exceeded" error in the server logs.

The issue is resolved immediately after a service restart, but if if you can't VPN in, you can't restart the service.

Has anyone encountered this before, and been able to fix it? All of the threads I've found suggest a service restart as the fix, but that's not viable.


----------



## Theseus (Jun 6, 2006)

Have you tried completely clearing out all the VPN settings and rebuilding the service from scratch? Sounds harder than it is, you just need to track down the two or three config files.

i've had zero problems with Snow Leopard's VPN server, if that's an option.


----------



## John Clay (Jun 25, 2006)

Theseus said:


> Have you tried completely clearing out all the VPN settings and rebuilding the service from scratch? Sounds harder than it is, you just need to track down the two or three config files.
> 
> i've had zero problems with Snow Leopard's VPN server, if that's an option.


I've looked into it more, and it appears to be hanging on the authentication with Open Directory, so it may not even be an L2TP issue so much as an Open Directory issue. Unfortunately, starting from scratch with Open Directory isn't an issue, nor is upgrading to 10.6 Server at this point. Perhaps down the road.


----------



## Chealion (Jan 16, 2001)

Are there any errors in PasswordService, etc.?

Any idea how many connections it's reporting when it locks up?

As a kludge of a workaround you could set off a shell script that resets it every so often (cron/launchd)

```
serveradmin stop vpn; serveradmin start vpn
```
AFP548 has a script to reset it and check for users first.


----------



## Guest (Jun 17, 2011)

I've had similar issues and it is likely with OpenDirectory (not VPN) ... at least that's exactly what it was in my situation and the only thing that helped me was to restart the VPN service  As funny as it seems you might also try resetting the local DNS service as well, I've seen that taken down OD authentication in the past (presumably when it tries to reverse lookup).


----------

