Why can macOS users not connect to our office L2TP VPN over IPsec (Draytek Vigor 2952) using the built-in Mac VPN functionality but Windows users can?

SOLVED: I had to change the L2TP with IPsec Policy options in the user profile to ‘Must’ for it to work.

Hi all, I am have set up user accounts for both Windows and Mac users for our Draytek VPN and put in the exact same pre-shared key and IP address - but Mac users are unable to connect using these credentials using the System Preferences > Network menu.

The error message I receive is ‘The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your administrator’.

Can anyone help? As far as I can see all the settings are correct.

Have you tried route all traffic through vpn? I had the same problem with some other vpn and that was my problem

Where are the user accounts stored? AD? The VPN device?

So, how can the server not respond if windows connects?
I think, i remember cases were both sides could not agree on the encryption to be used.

Did you follow this guide: L2TP over IPsec VPN from macOS to Vigor Router | DrayTek?

Find the certificate in Keychain and change the permissions to “allow all”

Maybe do a dos2unix on any config or key files that you’re importing?

This. Its in the instructions for Meraki VPN for Mac OSx - Client VPN OS Configuration - Cisco Meraki Documentation

Accounts are created on the Draytek router

Yes, multiple machines. I have tried deleting and readding the VPN.

Why should Cisco IPsec make a difference? L2TP is a viable option and works correctly on the Windows machines.

The VPN type in Windows is ’ L2TP/IPsec with pre-shared key ’ and that connects successfully, so it must be something wrong on the Mac side.

Yes. Looks like it was the user’s home router that was cauysing the issue.

There is no certificate, it is using a shared secret.

I’m not importing any config or key files. I just put in the VPN credentials and it fails.

That option was already checked. I had to change the L2TP with IPsec Policy options in the user profile to ‘Must’ for it to work.