Wireless Access

Reply
Frequent Contributor I
Posts: 102
Registered: ‎06-17-2009

Can't connect with VIA for Mac OS

I haven't been able to authenticate via RADIUS as all. Chaging it to the internal database works. Now I've gotten as far as getting the profile, but IKE keeps failing.

 

VIA-1.jpg

EDDIE FORERO | @HeyEddie
Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: Can't connect with VIA for Mac OS

With MAC, you need to make sure pap is enabled on your remote access policy.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 102
Registered: ‎06-17-2009

Re: Can't connect with VIA for Mac OS

That was it!

EDDIE FORERO | @HeyEddie
Contributor I
Posts: 23
Registered: ‎04-19-2011

Re: Can't connect with VIA for Mac OS

I have the same problem. I can get Windows devices, iPads, iPhones to work over VIA but not MAC OS. I have PAP enabled. This is what I see from the local controller, regardless of user as the credentials work fine on an iPad or Windows machine.  May 11 13:31:03  l2tp[10909]: <105003> <ERRS> |l2tp|  PPP/VPN Authentication failed bjkelly 24.2.189.200 MSCHAPv2.  Please check authentication server radius/ldap/tacacs logs.

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: Can't connect with VIA for Mac OS

Rich,

 

There is special configuration on the server side in VIA for MAC.

 

Please see the chapter entitled "Configuring the VPN Server on the Controller" here:  http://www.arubanetworks.com/vrd/VIAAppNote/wwhelp/wwhimpl/js/html/wwhelp.htm

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 23
Registered: ‎04-19-2011

Re: Can't connect with VIA for Mac OS

 
I have the vpn authentication profile configured to reflect the same server group that is used in the VIA authentication profile and I am still having issues with MAC OS devices connecting. Everything else (Windows, iPads, iPhones) connect ok.
Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: Can't connect with VIA for Mac OS

MAC OSX clients require that additional firewall ports be open.  Please see below:

 

Firewall Requirements

 

By default, all VIA clients use certain UDP and TCP ports to establish an IPsec connection. However, VIA 1.0 for Mac OS uses some additional ports than those used by VIA for Windows and iOS. VIA 1.0 for Mac OS depends on the IPsec stack of the Mac OS, which uses some additional ports to establish an IPsec connection. All VIA clients use these common ports:

TCP 443

used by the end user to download VIA client software

used by the VIA client to download the latest VIA configuration

used by the VIA client for trusted network and captive portal checks

used for SSL fallback when UDP 4500 is blocked

UDP 4500

used for IPsec NAT-T

 

VIA 1.0 for Mac OS uses these additional ports:

UDP 500

used by Mac OS for internet key exchange (IKE) along with port 4500

IP Protocol 50

used for forwarding Encapsulating Security Protocol (ESP) traffic
In your network, it is necessary to open these ports on all firewalls that lead up to the controller on which VIA terminates.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 23
Registered: ‎04-19-2011

Re: Can't connect with VIA for Mac OS

our Palo Alto firewall for this VIA eval testing is wide open

Guru Elite
Posts: 20,990
Registered: ‎03-29-2007

Re: Can't connect with VIA for Mac OS

Did you check the radius server logs to see why the failure?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: