Ashlar-Vellum L2TP VPN Setup Guide
(Fallback for Graphite v12 on macOS Mojave)

This guide provides instructions for setting up an L2TP/IPsec VPN connection. This is a fallback solution specifically for our Graphite v12 customers on macOS Mojave (10.14) who are experiencing network firewall restrictions that prevent software licensing.

While IKEv2 VPNs are generally preferred for modern operating systems, our testing has shown that IKEv2 client functionality on macOS Mojave (10.14) can be unreliable with many VPN server configurations. Therefore, for macOS Mojave users facing licensing communication issues, this L2TP guide offers an alternative method. Our primary IKEv2 guide is available at verify-vpn-tunnel-guide.ashlar.com and may work for other macOS versions.

You should use this L2TP guide if the following conditions are met:

You are using Graphite v12 on macOS Mojave (10.14).
Your IT department or network administrator cannot configure your network firewall to allow direct, bidirectional communication for Ashlar-Vellum licensing data on TCP port 80 to and from verify.ashlarvellum.biz.

If these conditions apply, this L2TP VPN will help your Ashlar-Vellum Graphite v12 software communicate with our licensing server at verify.ashlarvellum.biz. Ideally, you should only need to connect to this VPN when Graphite v12 indicates it cannot reach the licensing server, and disconnect it after licensing is successful. This solution is intended for a very small percentage of users (estimated at less than 0.1%).

Important: This VPN must be configured to NOT send all your internet traffic through the VPN (this is often called "split-tunneling"). Only traffic intended for Ashlar-Vellum services (specifically licensing) will use the VPN.

Alternative Licensing Option: Hardware Key

If VPN solutions are not suitable for your environment, Ashlar-Vellum also offers a hardware key (dongle) option for software licensing. This uses CodeMeter technology from Wibu.com. Please note that this option may involve an additional cost. Contact support@ashlar.com or your sales representative for more details.

L2TP VPN Connection Details:

Please contact support@ashlar.com to obtain the required Username, Password, and Pre-shared Key for the L2TP VPN.

Server Address / VPN Server: verify-vpn.ashlar.com (This is the L2TP server IP: 69.13.42.135)
VPN Type: L2TP/IPsec with Pre-shared Key
Account Name / Username: [Provided by Support]
Password: [Provided by Support]
Pre-shared Key / Shared Secret: [Provided by Support]

Connecting on macOS Mojave (10.14) for Graphite v12

The L2TP setup process on macOS Mojave uses "System Preferences".

Open Network Preferences:
Click the Apple menu > System Preferences.... Then click on Network.
Add a new VPN Service:
Click the "+" button (at the bottom left of the network services list).

A dialog will appear. For **Interface**, select **VPN**. For **VPN Type**, select **L2TP over IPSec**.
For **Service Name**, type a descriptive name, e.g., Ashlar-Vellum L2TP. Click Create.
Configure Server and Account Details:
The new VPN service will be selected. Enter the following:
- Server Address: verify-vpn.ashlar.com
- Account Name: [Enter Username Provided by Support]
Enter Authentication Settings:
Click the "Authentication Settings..." button.

In the sheet that appears:
- Under "User Authentication", enter the **Password:** [Enter Password Provided by Support]
- Under "Machine Authentication", select **Shared Secret** and enter: [Enter Shared Secret Provided by Support]
Click OK.
Advanced Settings (Crucial for Split Tunneling):
Click the "Advanced..." button.

In the Advanced options, under the "Options" tab, **UNCHECK** the box that says "Send all traffic over VPN connection".

Click OK.
Apply and Connect:
Back in the main Network settings window for your L2TP connection:
- Optionally, check **"Show VPN status in menu bar"** for easy access to connect/disconnect. If you enable this, you can connect via the menu bar as shown below, or disconnect from there as well.
- Click **Apply** (in the bottom-right corner of the Network window).
- Then, click **Connect** in the Network window (or use the menu bar icon if enabled) when you need to use the VPN for licensing.

Next Steps for Ashlar-Vellum Graphite v12 on macOS Mojave

Once your L2TP VPN connection is established (and configured NOT to send all traffic), the next step is to configure your Graphite v12 software to use the VPN for licensing. Remember to connect to the VPN when Graphite has trouble licensing, and disconnect it afterwards.

You will need to set the licensing server address within your Graphite v12 software's configuration to: 10.99.88.2 (this IP address corresponds to the hostname verify-vpn-transit-ip.ashlar.com and is only accessible when the VPN is connected).

Update Graphite v12 Configuration File (`config.ini`)

The configuration file (config.ini) for Graphite v12 needs to be updated to point to the VPN's internal licensing address. The file is located here:

/Applications/Graphite V12 SP0/Graphite.app/Contents/AshlarHttpMac.app/Contents/MacOS/config.ini

To automatically update this file:

Open Terminal (you can find it in /Applications/Utilities/).
Carefully copy the entire command below, paste it into the Terminal window, and press Enter:

sudo curl -o "/Applications/Graphite V12 SP0/Graphite.app/Contents/AshlarHttpMac.app/Contents/MacOS/config.ini" https://verify-vpn-guide.ashlar.com/config_with-vpn-transit-ip.ini

You will be prompted to enter your macOS administrator password. Type it (characters will not appear on screen) and press Enter.

After the command completes, restart your Graphite v12 software for the change to take effect. If Graphite v12 still cannot license, please contact support@ashlar.com.

By setting the licensing server in config.ini to use 10.99.88.2 (or verify-vpn-transit-ip.ashlar.com), your software will send its licensing traffic through the VPN. This traffic will then be correctly routed to Ashlar-Vellum's licensing server at verify.ashlarvellum.biz in our Dallas datacenter.

Troubleshooting

Cannot Connect / Authentication Fails: Double-check all entered details: Server Address, Account Name, Password, and especially the Pre-shared Key (it's case-sensitive). Ensure you have the correct credentials from support.
"Server did not respond" or similar: Ensure verify-vpn.ashlar.com is reachable from your network. The issue could also be a local firewall blocking L2TP/IPsec ports (UDP 500, 4500, 1701). This L2TP VPN is intended for when such blocks exist for direct traffic but hopefully not for VPN traffic.
Software still doesn't license:
1. Confirm the VPN is connected (check VPN status in menu bar if you enabled it).
2. Confirm that the config.ini file was updated by the Terminal command. If unsure, contact support.
3. Ensure "Send all traffic over VPN connection" is UNCHECKED in the VPN's advanced settings.
4. Try launching Graphite v12 *after* connecting to the VPN.
Remember to disconnect the VPN via the menu bar icon (if enabled) or System Preferences > Network once licensing is successful to ensure your general internet traffic is not unnecessarily routed.
If you continue to experience problems after trying these steps, or if you are interested in the hardware key option, please contact support@ashlar.com.

Ashlar-Vellum L2TP VPN Setup Guide (Fallback for Graphite v12 on macOS Mojave)