How can I configure Lion server to accept inbound VPN (L2TP) connections while connected as client to another vpn service?

I have what I believe to be a unique need;
I have a MacPro (1,1) running Lion with Server app.
I require that this particular machine be connected as a client to a VPN server, while at the same time acting as a VPN server for my network.
The PPTP connection configuration is such that "Send all traffic over VPN connection" is checked.
If PPTP client is NOT connected, I can connect to Lion as VPN server. As soon as I make the connection from Lion as a client, I can no longer
connect to Lion VPN server.
I understand this is because I am forcing all traffic out the virtual interface (tun0) and eth0 is no longer listening on the local network.
1. Is it possible to bind the VPN client (on Lion Server) to a particular interface? If I could tell the PPTP client to only use eth1 as the interface of choice, my assumption would be that eth0 would then be free to accept incoming connections.
2. Is it possible to bind the VPN service  (on Lion Server) to a particular interface? if I could tell the vpn serviec to only listen on eth1, and in turn tell the PPTP client to NOT communicate on eth1 but only eth0 then perhaps I could separate the communications?
In my head, it seems as though both of the above options would be required in order to use Lion as both a VPN server and VPN client
Any and all help appreciated.

This is a standard facet of most VPNs - the problem lies in your NAT router since both clients appear to come from the same IP address as far as the VPN server is concerned, and the router can't separate out the traffic.
There are a couple of solutions.
First, the built-in VPN server supports L2TP and PPTP protocols. You should be able to connect one system under each protocol, so that gets your two machines connected.
Second, you can replace your NAT router with one that supports multiple VPN clients (often termed 'VPN passthrough').
Third, setup a site-to-site tunnel so that your entire LAN is connected to the VPN (this saves you from having to run a separate VPN client on each machine, but is typically only worth it when you have more machines).

Similar Messages

  • How can I configure Lion server or mail.app to show IMAP subfolders with mailboxes?

    I'm sure we've all seen the weird IMAP glitch where mail subfolders appear down lower on the mail.app pane instead of nested neatly under the mailbox itself.  Usually you can get around this by changing the Inbox IMAP prefix to "" or "INBOX" or "/" or some such path that the server recognizes as the root path to your IMAP folder.  Unfortunately, this sometimes means you are unable to work with those folders or introduce other problems.
    Since I am running Lion (Client) and Lion Server as my mail host, I would think that there is an appropriate answer to this either on the mail.app client settings, or perhaps with a Lion Server configuration through DOVECOT.  I don't mind if the solution is a command-line one, but I need to be able to easily set up my mailboxes so that mail subfolders appear properly under each mailbox, instead of being hidden away lower on the page where it is very inconvenient to find, especially when you are using multiple email accounts.
    Client Machine Lion 10.7.3
    Server Machine Lion Server 10.7.3
    Please Help!!!!

    I've tried editing /etc/dovecot/conf.d/10-mail.conf on Lion Server to add the following:
    namespace private {
      type = private
      separator = /
      prefix = INBOX/
      inbox = yes
    This puts me in a catch-22:
    If I leave the "IMAP Path Prefix" setting in the account Advanced tab empty, I can see the subfolders and move messages in and out of them, but can't add or edit the folders or heirarchy.
    If I set the "IMAP Path Prefix" to "INBOX" I can add and edit subfolders, but they don't appear nested under my inbox.
    Please help!

  • How can you configure an Exchange Account in Mac OS X to use a SSL client certificate?

    I'm trying to connect the Mail App of Mac OS X to my company's Exchange server. For security reasons you have provide a SSL client certificate to the server. You can convince Safari to use a client certificate by putting it into your keychain and configuring a suitable "identity preference" for the URL of the related site. But the Mail App seems not to use the keychain for this part of the SSL negotiations.
    Since you can configure the client certificate usage for an Exchange Account for the iPhone with the Configuration Utility there should be a way for the desktop App, too. Has someone sorted this issue out already or does the Mail App actually lack of client certificate support?

    I had a nice chat with the Apple end user support which revealed that this feature falls in the responsibility of the business support group. Since I have no appropriate support contract I could ask for help for about 480€ per issue -- nice try
    After more research I found the Configuration Profile Reference, where you get information about Exchange accounts too. Starting with a working iOS-Profile I changed the Exchange account part according to this documentation for OS X. All you have to do is to replace PayloadType com.apple.eas.account by com.apple.ews.account.
    After importing this profile I found the expected Exchange account within the Contacts.app. But the SSL client certificate was still not used and therefore my account not usable.
    You could enable Mail, Calendar & Reminders and Notes within the System Preferences, but neither of these would work due to the missing client certificate support.
    I came to the conclusion that the relevant applications in OS X have no proper SSL Client support build in. Since the underlying libraries and frameworks have everything in place that is really a shame.
    Would be nice, if someone would enforce the developers to do their homework there.

  • How can I use my iPod Touch as a remote for iTunes, while connected via USB?

    I was wondering if I could use my iPod touch as a remote/iTunes extension while it is connected to my computer via usb.
    It would be highly practical to control my music from there, since it is charging right by my side while I'm at my computer.
    Remote is not really an option, my computer doesn't have bluetooth or any connectivity. Something over wifi would work, but there's a usb connection right there that's begging to be used.
    Thanks

    You can't do it via USB.  Go to the App store and download/install the Apple Remote app.  It can control iTunes on your computer via wifi.

  • How can I edit iCal server addresses in Mountain Lion? I keep getting an error with regards to my google calendar and I understand that the way to fix the problem is adjust the server address, but I cannot access it because the preferences are restrictive

    How can I edit iCal server addresses in Mountain Lion?
    I keep getting an error message with my google calendar, and I heard that if I delete the extra slash at the end of the address the problem will be fixed. But the iCal account preferences take me to system preferences > accounts every time I want to edit the account.
    Does anyone know where I can edit the server address?

    You should ask in the iCloud forum, this is for iMacs. https://discussions.apple.com/community/icloud/icloud_on_my_mac

  • How can I configuration MBean in weblogic server  using the console ?

    How can I configuration MBean in weblogic server using the console ?
    I hear people talking about mbeans in weblogic server I have look in the console I can not find where , or how to do it.
    can some body explain that or a link that explain it, how to do it on the console ?

    Hi,
    Registering Custom MBeans from Admin Console is not yet possible. But yes there are ways to Configure and Utilize Custom MBeans ...
    http://weblogic-wonders.com/weblogic/2010/02/16/registering-and-invoking-custommbeans/
    Thanks
    Jay SenSharma

  • How can i access dmz server via public ip from inside?

    hi all !
    As shown in Figure,how can i access the server in dmz zone via public?
    i can access it via private ip 192.168.1.1 now,but i can't access it via 101.100.1.2.
    who can help me ?
    thank you !

    Hi,
    You would have to configure Static NAT from DMZ to INSIDE for the server in the same way you have done for DMZ to OUTSIDE.
    Basically in the following way for example
    object network DMZ-WEB
    host 192.168.1.1
    nat (dmz,inside) static 101.100.1.2
    This would enable your users on the "inside" to access the "dmz" server with the public IP address. And naturally only with the public IP address after this NAT.
    Hope this helps
    Please do remember to mark a reply as the correct answer if it answered your question.
    Feel free to ask more if needed
    - Jouni

  • How can I make a server differ between two or more clients?

    How can I make a server differ between two or more clients?
    The clients can connect and talk to the server fine, but how can I make the server talk to one, two or all clients? i.e. what would be a good way to implement this?
    Currently, the server listens for connections like this:
    while (listening) {
    try {
    new ServerThread(this, serverSocket.accept()).start();
    I guess one way would be to add the ServerThreads to a Hashtable with the client ID as key, and then get the ServerThread with the proper client ID, but this seems unnecessary complicated. Any ideas?

    Complicated was perhaps the wrong word, I should have
    written something like it doesn't "feel" right. Or is
    this a common and good way to solve communication
    between a server and multiple clients?Thats pretty much how I do it. I normally use an array or ArrayList of Sockets instead of HashTable, with [0] being the first player etc.... Then you can communicate with exactly who you want. If you want to send bytes to all of them, just send the same thing to each socket individually (or is there a better way to do this?).

  • How Can i specify multiple server names in rwservlet.properties  file?

    How Can i specify multiple server names in rwservlet.properties file without clustering?
    I am using oracle 10g Application server. we have 3 servers Repsvr1, RepSvr2 and RepSvr3. Now i need to configure rwservlet.properties file to point to these servers based on any running report. i got 3 keymap files with reports info.
    Sample entry in the key map file is:
    key1: server=Repsvr1 userid=xxx/yyy@dbname report=D:\Web\path1\path2\reports\Report1.rdf destype=cache desformat=PDF %*
    key2: server=Repsvr2 userid=xxx/yyy@dbname report=D:\Web\path1\path3\reports\Report2.rdf destype=cache desformat=PDF %*
    rwservlet.properties file letting me to enter only one servername. Even though i merged all 3 keymap files into 1, still i have the server name issue. If i leave the server to the default name still i am getting the below error.
    REP-51002: Bind to Reports Server Repsvr1 failed. However, i know the default rep_<servername> would be used incase we dont have SERVER=<value> parameter in the rwservlet.properties file.
    If i specify the servername in the rwservlet.properties file then only Repsvr1 reports are working fine and other 2 server reports are giving the same error like
    REP-51002: Bind to Reports Server <<Server Name>> failed.
    how can i configure the info which will work all 3 reports. 2 Port servers are invoking using oracle forms and report server is invoking using ASP pages.
    If i specify Server name & Key map file in rwservlet.properties one at a time, all the reports are working without any error, whenever i am trying to integrate all 3 to workable i am getting binding error. if i exclude the server from rwservlet.properties still i am getting the same error.

    My RELOAD_KEYMAP setting is YES only.As i said If i specify Server name & Key map file in rwservlet.properties one at a time, all the reports are working without any error.
    keymap file entries
    key1: server=Repsvr1 userid=xxx/yyy@dbname report=D:\Web\path1\path2\reports\Report1.rdf destype=cache desformat=PDF %*
    key2: server=Repsvr2 userid=xxx/yyy@dbname report=D:\Web\path1\path3\reports\Report2.rdf destype=cache desformat=PDF %*
    If i use http://server.domain:port/reports/rwservlet? cmdkey = key1 should bring the report from Repsvr1 and http://server.domain:port/reports/rwservlet? cmdkey = key2 should bring the report from Repsvr2, but i am getting an error from Repsvr2 saying that REP-51002: Bind to Reports Server repsvr2 failed.
    Only Servername Repsvr1 is in rwservlet.properties file. Now what is the best option to by pass the server from rwservlet.properties file and should be from keymap file. if i comment server name in rwservlet.properties file still i am getting REP-51002: Bind to Reports Server <<Server Name>> failed error for both keys.

  • How can I configure ReFS to NOT fail read operations when a checksum error is detected (on non-Storage-Spaces volumes where data integrity streams are enabled)?

    According to William Stanek, in his Windows Server 2012 R2 Inside Out: Configuration, Storage & Essentials book, this is apparently possible: (pg. 615 - here it is on Google Books: https://books.google.ca/books?id=0IyfBAAAQBAJ&pg=PT819&lpg=PT819&dq=read+operation )
        Integrity can be enabled when the system is not running on Storage Spaces. When
        integrity is enabled and ReFS detects a checksum mismatch, ReFS logs an event and
        fails the read operation by default. If you don’t want the read operation to fail, you
        can configure ReFS to continue with the read operation. A related event will be logged
        regardless.
    So then how do I configure it to do that???
    (And just to make it super-clear, I'm NOT using Storage Spaces, so there is no redundancy via mirroring/parity, and I'm not expecting any file repair - just detection of corruption. It's just a basic volume formatted with ReFS and
    with integrity streams enabled, via format E: /fs:ReFS /i:enabled
    For those who want more details, here's the situation: 
    I try to perform a read operation on a file with corrupted data (purposely done for testing using a low-level disk editor), I get a the following error message:
    And an event ID 133 from ReFSv1 gets logged in the System log:
    Clicking "Try Again" just brings up the same message, and clicking "Skip" skips the operation entirely.
    This is indeed the correct default behaviour.
    What I want instead is for the read operation to be allowed to complete, with corrupt data and all, and ONLY for the event to be logged. And according to William Stanek, this is supposed to be configurable somewhere - and after hours of searching, I haven't
    been able to find anything.

    Hi Tommy,
    >>How can I configure ReFS to NOT fail read operations when a checksum error is detected
    We can use PowerShell command Set-FileIntegrity to configure this. The specific parameter for controlling this behavior is
    -Enforce <Boolean>which indicates whether to enable blocking access to a file if integrity streams do not match the data.  
    Regarding this point, the following article can be referred to as reference.
    Set-FileIntegrity
    https://technet.microsoft.com/en-us/library/jj218351.aspx
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • How can I configure a VM to boot from USB key in Virtual PC of Windows 7?

    Hi all,
    I want to boot up with a USB key to install a new VM on Windows 7. I heared that Microsoft Virtual PC begins to support USB device on Windows 7. How can i configure it? I don't find any virtual USB device in VM settings on my Windows 7 box.
    Thanks for any help.
    Scorprio
    TechNet Software Assurance Managed Newsgroup MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin

    Hi all,
    I want to boot up with a USB key to install a new VM on Windows 7. I heared that Microsoft Virtual PC begins to support USB device on Windows 7. How can i configure it? I don't find any virtual USB device in VM settings on my Windows 7 box.
    Thanks for any help.
    Scorprio
    TechNet Software Assurance Managed Newsgroup MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin
    Virtual PC does not support USB.  Windows 7 XP Mode Virtual Machine supports the use of USB devices.  Virtual PC and Windows 7 XP Mode VM are not the same thing!

  • How can I configure a larger vertical range of 5622

    I'm generating RF signal using RFSG 5673 at IQ rate of 20 MS/s. Whenever I feed RF signal to 5663 to get RFSA response, a "Warning" message displays on RFSA Soft Front Panel with Status code: 213401 & 223532.
    So, please let me know the procedure of configuring the vertical range of Digitizer(5622) of 5663. 

    Hi all,
    I want to boot up with a USB key to install a new VM on Windows 7. I heared that Microsoft Virtual PC begins to support USB device on Windows 7. How can i configure it? I don't find any virtual USB device in VM settings on my Windows 7 box.
    Thanks for any help.
    Scorprio
    TechNet Software Assurance Managed Newsgroup MCTS: Windows Vista | Exchange Server 2007 MCITP: Enterprise Support Technician | Server & Enterprise Admin
    Virtual PC does not support USB.  Windows 7 XP Mode Virtual Machine supports the use of USB devices.  Virtual PC and Windows 7 XP Mode VM are not the same thing!

  • How can I configure AAA authentication on ASR9K?

    Hi everyone,
    I´m looking for how can I configure AAA authenticacion on ASR9K.
    I have a TACACS+ server
    Thanks and regards,
    Jaime.

    Hi Jaime,
    here is the basic configuration:
    tacacs-server host port 49
    key 7 !
    aaa group server tacacs+ acs-group
    server
    aaa authentication login acs-auth group acs-group local
    line console
    login authentication acs-auth
    line default
    login authentication acs-auth
    An example:
    RP/0/RSP1/CPU0:router#sh run tacacs-server
    tacacs-server host 1.1.1.1 port 49
    key 7 0822455D0A16544541
    RP/0/RSP1/CPU0:router#sh run aaa group server tacacs+
    aaa group server tacacs+ acs-group
    server 1.1.1.1
    RP/0/RSP1/CPU0:router#sh run aa authentication
    aaa authentication login acs-auth group acs-group local
    RP/0/RSP1/CPU0:router#sh run line default
    line default
    login authentication acs-auth
    exec-timeout 0 0

  • How to reduce configuration cache file Quota size located in ( C:\Windows\ccmcache ) for all client from SCCM 2012 server

    How to reduce configuration cache file Quota size located in ( C:\Windows\ccmcache ) for all client from SCCM 2012 server
    Thanks in Advance
    NTRao

    Hi,
    There are numerous ways to change the cache size.
    You could deploy a vbscript to a collection of the devices.
    On Error Resume Next
    Dim UIResManager
    Dim Cache
    Dim CacheSize
    CacheSize=20000
    Set UIResManager = createobject("UIResource.UIResourceMgr")
    Set Cache=UIResManager.GetCacheInfo()
    Cache.TotalSize=CacheSize
    Or you could use a configuration item.
    http://blog.coretech.dk/heh/configuration-items-and-baselines-using-scripts-powershell-example/
    You can also use the right click tools by Now Micro on a collection, if all the servers are on this would be the easiest / quickest way.
    http://www.nowmicro.com/recast/right-click-tools/
    http://www.david-obrien.net/2013/02/how-to-configure-the-configmgr-client/
    select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like '%6.2%'
    https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

  • How can I configure a printer which is connected to a Windows PC

    How can I configure a printer which is connected to a Windows PC.
    I have a I-Mac with OSX lion ver 10.7.2 installed.
    The printer is a Canon IP4200.

    The first thing you need to ensure is that the printer is being shared by Windows. Hopefully you know how to do that but if not, reply with the version of Windows you are using.
    With the printer shared by Windows you then add the printer on the iMac by opening Print & Scan and clicking the plus button under the Printers list. With the Add Printer browser displayed you can select the Windows icon. A window appears showing three columns. The first column is for the workgroup name. You may already see a names here such as Workgroup or MSHome. Selecting the workgroup the Windows computer is using will then show the computer name. And selecting the computer name will show the shared printer, although you may need to enter your Windows user name and password to see this printer share. Select this printer share name will then let you select the printer driver to be used on the Mac. Note that you will not be able to use Canon's driver for this, as it is not designed to work with a shared printer from Windows. Instead you will need to download and install Gutenprint. This will provide you with another iP4200 printer in the Print Using menu and this version will let you print via the Windows share.
    If you don't see the workgroups on your local network or the computer name, or something else does not function as described above then please reply with details of what is not happening.

Maybe you are looking for