This weekend while setting up RRAS as part of a blog post I am working on a blog posting for, I had an issue where an L2TP VPN worked from my Windows 8 PC, but not from my Mac. The GUI error was saying that the VPN was inaccessible, and after looking further in Console, I saw this:

raccoon: not acceptable Identity Protection Mode

The resolution was to edit the /etc/racoon/racoon.conf file. To do this, fire up Terminal or any app (I use iTerm2 it’s awesome), switch to su. Enter your password, and then type in “nano /etc/racoon/racoon.conf” and swap the exchange mode setting from aggressive,main to main,aggressive. Both of these entires were in my file, so I just commented out the second entry:

My connection to my Windows Server 2012 L2TP VPN from Mac OSX now works as expected!


  1. K Man


    Thanks for this tip. It works for me. The only thing is that the settings revert to the old setting after a reboot. Do you have any idea how to make it permanent?

    • Gabe


      Interesting. I’ve not had to use this type of VPN on my Mac in over a year and when I did it was for a limited time. Glad you found a fix!

  2. Lord_John_Whorfin


    Thank you so much! Ever since I upgraded to 10.11.3 the VPN has been totally flaky, working only once after I started it and then rejecting connections from my iPhone and iPad. I made the change you suggested and it’s now working great. It’s so cool that a 3 year old post is saving my bacon! Thanks!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.