Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Can't connect with VIA for Mac OS

This thread has been viewed 1 times

  • 1.  Can't connect with VIA for Mac OS

    Posted Apr 18, 2012 03:34 PM

    I haven't been able to authenticate via RADIUS as all. Chaging it to the internal database works. Now I've gotten as far as getting the profile, but IKE keeps failing.

     

    VIA-1.jpg



  • 2.  RE: Can't connect with VIA for Mac OS

    EMPLOYEE
    Posted Apr 18, 2012 09:25 PM

    With MAC, you need to make sure pap is enabled on your remote access policy.



  • 3.  RE: Can't connect with VIA for Mac OS

    Posted Apr 19, 2012 06:30 PM

    That was it!



  • 4.  RE: Can't connect with VIA for Mac OS

    Posted May 11, 2012 02:37 PM

    I have the same problem. I can get Windows devices, iPads, iPhones to work over VIA but not MAC OS. I have PAP enabled. This is what I see from the local controller, regardless of user as the credentials work fine on an iPad or Windows machine.  May 11 13:31:03  l2tp[10909]: <105003> <ERRS> |l2tp|  PPP/VPN Authentication failed bjkelly 24.2.189.200 MSCHAPv2.  Please check authentication server radius/ldap/tacacs logs.



  • 5.  RE: Can't connect with VIA for Mac OS

    EMPLOYEE
    Posted May 11, 2012 07:34 PM

    Rich,

     

    There is special configuration on the server side in VIA for MAC.

     

    Please see the chapter entitled "Configuring the VPN Server on the Controller" here:  http://www.arubanetworks.com/vrd/VIAAppNote/wwhelp/wwhimpl/js/html/wwhelp.htm

     



  • 6.  RE: Can't connect with VIA for Mac OS

    Posted May 22, 2012 09:26 AM
     
    I have the vpn authentication profile configured to reflect the same server group that is used in the VIA authentication profile and I am still having issues with MAC OS devices connecting. Everything else (Windows, iPads, iPhones) connect ok.


  • 7.  RE: Can't connect with VIA for Mac OS

    EMPLOYEE
    Posted May 22, 2012 09:30 AM

    MAC OSX clients require that additional firewall ports be open.  Please see below:

     

    Firewall Requirements

     

    By default, all VIA clients use certain UDP and TCP ports to establish an IPsec connection. However, VIA 1.0 for Mac OS uses some additional ports than those used by VIA for Windows and iOS. VIA 1.0 for Mac OS depends on the IPsec stack of the Mac OS, which uses some additional ports to establish an IPsec connection. All VIA clients use these common ports:

    TCP 443

    used by the end user to download VIA client software

    used by the VIA client to download the latest VIA configuration

    used by the VIA client for trusted network and captive portal checks

    used for SSL fallback when UDP 4500 is blocked

    UDP 4500

    used for IPsec NAT-T

     

    VIA 1.0 for Mac OS uses these additional ports:

    UDP 500

    used by Mac OS for internet key exchange (IKE) along with port 4500

    IP Protocol 50

    used for forwarding Encapsulating Security Protocol (ESP) traffic
    In your network, it is necessary to open these ports on all firewalls that lead up to the controller on which VIA terminates.



  • 8.  RE: Can't connect with VIA for Mac OS

    Posted May 22, 2012 10:10 AM

    our Palo Alto firewall for this VIA eval testing is wide open



  • 9.  RE: Can't connect with VIA for Mac OS

    EMPLOYEE
    Posted May 22, 2012 11:53 PM

    Did you check the radius server logs to see why the failure?