Best setup for vpn connection

Similar Messages

• Best setup for a non-Mac file server?

  I have a dual xeon server, with a SATA RAID5 I want to use as a file server in a cross-platform environment.
  *What I've tried and the issues...*
  At first I considered using Windows 2003 (Win2k3) but Services for Macintosh (SFM) is an older version of AFP and thus only supports 31 character filenames. With all our Macs supporting SMB/Samba/CIFS and Apple touting that "Macs and PCs can co-exist harmoniously on the same network" I figured I would give that a try.
  SMB doesn't work.
  Sure I can create a connection, but transferring files is a completely different story. I'm trying to backup application and system data, but companies such as Adobe and Apple have named some of their files with special characters that can't be transferred over SMB. I know NTFS doesn't support these characters, but I though a Linux box using SMB would work fine. It doesn't. It's the protocol which keeps me from transferring the data. I end up with the lovely error message of "You cannot copy some of these items to the destination because their names are too long or contain invalid characters for the destination..." (what's sad is, if you google for " because their names are too long or contain invalid characters for the destination" you only get 6 results.)
  So I thought I would give NFS a try. Apple says "Viewed from Mac OS X, [connecting via NFS] is just like connecting to an Apple or Windows server." No. It's not. NFS shares don't even show up in the Finder's Network listing. There are also a pile of other hurdles which are only tackled by savvy, command-line using users.
  So that leaves me with AFP. Win2k3 doesn't support filenames longer than 31 characters, and Win2k8 is dropping SFM altogether. Off to choose a *nix flavor, but that requires Netatalk. It hasn't been updated in years, it has many bad performance reviews... and most distros have removed it. I can download and install it. Oh, but that requires I get the kernel source files. Then I have to create an RPM an that's not working... now I'm several levels deep in trying to figure out how to get Netatalk working and I'm not even sure it will work.
  *What's the best setup for a non-Mac file server?*
  FreeNAS seems promising, but it's in alpha/beta and they have all sorts of warnings regarding potential data loss. Sure there's ExtremeZ-IP, but I really don't want to spend $675 do something Apple claims OS X can already do. I can put just about any non-Mac OS on this thing... what's the best way to set it up so it works?
  Thanks much.

  Rick may be right because although i didnt think of it before i tend to have notoriuosly long classnames for my php classes and i have used samba on occasion (when rsync is out of the question for one reason or another) and never had a problem. I use kubuntu (feisty at the moment )with an ext3 filesystem. if i have a chance this evening ill give it a try and see what happens.
  You could also possibly use FUSE to use an ssh filesystem for the shares... i don tknow how that would figure in your back up though.
  Also if worse comes to worse you could tar or dmg the the necessary files... just some thoughts.
  Ill be interested to know what you end up implementing....
  OH one last thought... Compile Darwin from source and use that as your server

• Need advice on best setup for Extreme and Express w/ (n only) network

  I'd like to get some advice on the best setup for my situation. I've read a number of posts on WDS, Extending a Network, etc. and, unfortunately, I'm now more confused than ever.
  We have an Airport Extreme 802.11n using WPA2 Personal, 2.4Ghz (n only connection) which I've found to give us the best range/connection speeds for the following devices (all computers running 10.5.5, Apple TV's using most current update):
  (2) MacBooks
  iMac
  (2) AppleTVs
  The good news we have a large house, the bad news we have a large house. Meaning of course that I don't get the range in parts of the house I'd like to. I also have an older Mini (G4) connected to the AEBS thru ethernet (the Mini acts as the iTunes server for the ATVs).
  I just bought a new Airport Express with the desire to place it on the other side of the house to both enhance the range of the wireless network and to provide another wired to wireless connection to the network.
  I initially merely chose to "Extend a wireless network" but that seems to have a MAJOR adverse impact on the speeds of the wireless network. dropping the streaming to one of the ATV by like 90%. I would like to maintain the security settings I have as well as the 2.4Ghz (n only) since these provide the best speed/connection range on the AEBS.
  My question then is what is the best way to use the AX (WDS? Bridge?).

  The best way to use it is the option you chose "Extend a wireless network".
  WDS forces you to the much slower 802.11g and even cuts that bandwidth in half.
  Operating as a bridge has nothing to do with wirelessly extending a network. Changing this option won't have any effect on wireless bandwidth.

• Best Setup For Frequent File Sharing On Home Network?

  Hi guys,
  I'm setting up an office at my house with multiple computers on a network, and we'll be sharing files over the network frequently. My question is, what is the best setup for this?.. Fastest transfer of files, stable wireless connection, etc.
  All of the computers will be Macs (iMacs and Macbooks).
  We'll be editing videos/photos on the computers. (Potentially large files)
  Is the easiest setup just to have the main computer attached to a good router, setup file sharing on all other computers, and just do it that way?
  Or would it be better to create some sort of NAS?
  Also can someone reccomend a good router for this type of scenario?
  Thanks for any help given.

  NAS is the right tool for this job.
  It is expensive but the market leaders.. synology and QNAP have really been doing it for long time and the ability to do file store/sharing and most importantly backup in these is excellent. Pick the best you can afford.. and buy disks that are in the recommended list. ie the cheapest are not always the best.. indeed they seldom are.
  Plan very carefully for rotation of USB drives (easy and cheap now with 4TB single drives). Rotate backups with offsite location on weekly basis.
  I would buy a 4 disk case.. you can use 4x3TB which are the best value at the moment.. that gives you 9TB of storage.. plus redundancy for a dead drive.
  Alternatives are using a Mac Mini as a server.. with a large stack of disks on it.. generally should be thinking thunderbolt if you want speed. Hideously expensive though for now.
  You can buy an Extreme or TC.. either would work well. TC allows you easy TM backups without using your NAS..
  Edit very large files on the computer. ie copy to computer.. edit.. copy back to the NAS.
  Editing very large files over wireless.. not good. Multiply that by mutliple computers.. not even fair.
  Copy a large project to the computer.. work on it.. copy back to the NAS.. in the meantime Time Machine should be able to take care of incremental backups.
  There are heaps and heaps of solutions.. as long as it is logical and easy to you.. and covers what you need.
  Don't skimp.. spending a $1000 for a NAS with disks.. plus extra for the backup disks.. that represents how many day's work for you plus anyone you have helping.. $$$$ ????
  A mini as a server is a good alternative.. You don't need to run server OS.. but share files to the network. Very hard to build the capacity of the NAS though.
  And a Mac Pro is now a joke without internal slots and cages for drives. (nice machine but wrong for this).
  And Apple have nothing in between.. a short tower case.. been missing for a long long time.

• Just bought a 3TB Time Capsule for a small office. Will have 4 users with MacBooks. What would ne the best setup for time machine individual backups and internet sharing in a secure way?

  Just bought a 3TB Time Capsule for a small office. Will have 4 users with MacBooks. What would ne the best setup for time machine individual backups and internet sharing in a secure way?

  Set up each Mac for Time Machine backups in the normal way.  Time Machine will keep each backup separate on the Time Capsule, so users will only be able to see the backups of their own Mac.
  Yes....there are convoluted workarounds that might allow one user to see the backups of another.....IF...they know the administrator password of the "other" Mac.
  As far as Internet sharing, all users will have access to the Internet if they have a wired or wireless connection. If a Mac connects using wireless, it is possible to limit the time that they are allowed to connect to the network.
  For example, you might limit the ability to connect to the wireless from say each Weekday from 8 AM to 6 PM.
  With a wired Ethernet connection, you cannot limit access times to the Internet.

• Best setup for iMac with SSD & HDD? Best location of scratch & home folders

  Best setup for iMac with SSD and HDD? Best location of scratch & home folders?
  Computer:
  iMac 2.93 GHz Quad core i7, 8GB RAM, 1 TB HDD + 256 GB SSD
  There is not much info from Apple about the best way to set up an iMac with a Hard Drive and Solid state drive. I’ve looked at a few of the forum posts across the web and came up with a plan and lots of questions. (I do use photoshop frequently, but not on a professional level):
  1. I will keep OS and Applications on SSD
  2. About moving the home folder: I saw some posts about moving the whole home folder, but it makes more sense to me to only move selected fodlers withing the home folder tomake the best use of the SSD. So will keep the home folder on SSD, but move certain folders (document /music/iphoto/download) to 1 TB HDD via instructions I found on the macintoshperformanceguide website:
  cd
  sudo cp -r Documents /Volumes/Master
  sudo rm -rf Documents
  sudo ln -s /Volumes/Master/Documents Documents
  3. I would like to get 8 more RAM when I can afford it
  4. I will attach an external hard drive for most of my documents and backup storage
  5. Now here is where I’m not sure what’s best:
  a. Should I partition my internal 1 TB hard drive and use the first partition as a scratch disc for photoshop and other applications? How much should I partition? Is there any benefit to this if the rive is partitioned?
  b. Should I use an external drive as a scratch disc?
  c. Any advice on a good 1-2 TB external drive?
  d. Should I just leave things in factory settings?
  Don't assume I know the basics - I got all the above just by searching around. Any advice and commentary is appreciatedThanks.
  Message was edited by: sfandtheworld

  Thanks for the advice and the links. yes, I would like to speed up ps as much as possible.
  I wonder if putting the scratch disc on the same drive as the OS would cause them to interfere with each other? Even if they are on different partitions, they would not be able to be accessed at the same time, or could they? That's why I was wondering if I should place scratch disc on the internal HDD -- but then I don't know how much to partition for it (or to partition at all?)
  ALso, I read on a few places that too much read/write on the SSD wears it down over time? Is this more of a theoretical concerns - it does not make sense to me since it has no moving parts!
  thanks again for the advice ... I'm gonna go digest those links

• What is the best router for mugs connectivity

                     i am looking for best networking institute in India, for optical networking please suggest, have heard about Networkers Zone (http://networkerszone.com/) , however needs suggestion and what is the best router for mugs connectivity.

  For training on the Cisco Optical I would rrecommend Fastlane http://www.fastlane.si/ they would be able to fullfill your training requirements either in India or at another location even at the Cisco Factory in Monza, they can tailor courses to your specific requirements and also do switching and routing courses too, I have know one of the instructors for over 10 years they are very good.
  As far as recommending the best router, that all depends on the application, not what you mean by mugs connectivity, I know what mugs is in English but not sure if thats what you mean or if it is an acronym for something else   in any case if you post in the router section of Net-Pro with your specific requirements I'm sure someone woule be able to help/advise accordingly.

• Best setup for a swing application

  Hello,
  I have developed an Swing application for a EPOS machine.
  The machine has around 512 ram.
  What's the best setup for me in terms of performance, for example, which JVM to use etc.....
  Cheers
  Bobby

  bsbiran wrote:
  Hi,
  Well the app require alot of images and I parts of it do run 'slow'
  ...I'm currently going through a book about Swing and read that many times the "slowness" of a Swing-application can be credited to the programmer for not using the API efficiently/correctly (letting the app repaint too much, or repainting large parts that don't need repainting at all, to name just two things). So, I don't know how much of a Swing-guru you are, but it might be better to read a few decent Swing tutorials or pick up a good Swing book.

• Entering Correct info for VPN connection

  please suggest the correct configuration for entering information in order for my laptop to connect via VPN to my newly installed Leopard Server software. On my laptop, I have entered the following info on the System Preferences> network tab...
  Configuration: Default
  Server Address: 76.173.xx.xxx (my public IP address - do I need anything else?)
  Account name: XXXXXX (same as the account name in Server)
  under Authentication Settings, my password is fine and my shared secret is the same as on the Server.
  Am I entering in everything correctly? i am most concerned as to how the server address is supposed to be written. thanks!!

  Hi
  If Appletalk is enabled server side and you simply enter the IP address afp is assumed as the protocol to be used. If you prefer the extra effort involved in typing afp:// followed by the IP address you can use that as well. If you want to use the smb service rather than afp simply type smb://followed by the IP address. The same thing applies to ftp services. The Finder supports reads only for ftp services.
  If you are using VPN services you simply type in the private IP (LAN-side) address of the server rather than the public IP (WAN-side) address. Once a VPN connection has been established, the remote client behaves as if it is on the same LAN.
  You can make a connection using the Public WAN address if you enable port forwarding to a single LAN IP address for services you are interested in. For example if you wanted to access your server remotely using afp you configure your router to forward requests for port 548 to the internal IP address of your server. You can use this method for as many services you like as well as how many your router supports. Most commercially available routers support 10-20. Depending on the router you may have to configure an appropriate firewall rule as well. When faced with that it makes more sense to use a single VPN connection.
  I may be in danger of teaching granny to suck eggs but for what its worth for VPN connections to work successfully the remote client’s private IP address has to be different from the host site. For example if the remote site is on 192.168.1.x/24 as is the server then you won’t establish a connection. As far as the remote site is concerned its already connected to that network, why look elsewhere? 192.168.1.x/24 to 192.168.2.x/24 or 10.10.10.x/24 to 192.168.0.x/24 should result in successful VPN connections.
  For a list or IP addresses reserved for private use:
  http://www.iana.org/faqs/abuse-faq.htm#SpecialUseAddresses
  Hope this helps, Tony

• Best setup for new airport with wired connection to old airport extreme (4th gen)

  I have an AirPort Extreme (4th gen) in my basement (of a three story house) connected directly to the Fios box (I am not using the Verizon g router).  The new AirPort (ac) is connected to the old one by in-wall Cat 6e to an upstairs bedroom.  Can/should I turn off wifi on the n router for best wireless performance?  What would the optimal setup be?
  On the airport utility I selected "replace existing Airport" and the new ac router is up and running and working fine.  I wonder whether the fact that wifi on the old Airport is still on may be good for coverage around the house, but compromising the wireless bandwidth/speed?  I haven't noticed any speed issues yet, but I do a lot of video streaming so I want to ensure I have the best setup.  Range doesn't seem to be a major issue in my house.  It is more important to me to have strong wifi signal upstairs.
  Thanks in advance for advice.

  If the AirPorts are connected using Ethernet, then no bandwidth is being lost on the network. Keep the wireless functions "on" at both AirPorts for additional wireless coverage and speed.

• Can't setup correctly VPN connection with certificate

  First of all: the VPN connection to a Windows server I'm trying to setup in Mac OS X works perfectly with a Windows XP client.
  The VPN is of L2TP over IPSEC type and uses a certificate for computer authentication. I've tried to setup the connection on my mac importing the certificate on Keychain and marking the certificate as trusted for every use. I've set up the VPN in System preferences - Network creating a new VPN connection and filling: server address, account name, password for user authentication and selecting the certificate for computer authentication in the "Authentication settings" section. Then I've clicked Apply.
  Then, when I click Connect the mac answers with a message something like this (I'm going to translate from the italian message), titled "Internet connection": "The IPSec shared secret is missing. Verify settings and retry.".
  So, what's happened? Why mac says me that the "shared secret is missing" while I've never set up that option but instead I've selected the "Certificate" radio button in "Computer authentication" section of "Authentication settings" and correctly selected the imported certificate? The strange thing is that verifying what I've set up in the VPN configuration I've found that the active radio button in "Authentication settings" was the one corresponding to "Shared secret", not the one of "Certificate". It seems that when clicking on Apply the mac doesn't stores the certificate choice but resets the choice to "Shared secret".
  Anyone has some suggestions to resolve my problem?
  Thank you

  to run IKEv2 you need the following EKUs on both server and client certificates. The machines select certificates automatically, the best option is the a), if not present, they proceed to the next b) and c):
  a)IPSec IKE
  Intermediate (IPSec Protection)
  1.3.6.1.5.5.8.2.2 + Server Authentication +
  Client Authentication
  b)IPSec IKE Intermediate +
  Client Authentication
  c)Client Authentication
  As you may see, both client and server require Client Authentication EKU in the certificate. If you include Server Authentication and IKE Intermediate, you will get more exact match.
  ondrej.
  Hi ondrej,
  Thanks for the reply. I've reissued the certificate with the Client Authentication EKU, but it hasn't made any difference.
  Please note that I'm not using machine certificates on the client for authentication - I want to use Secure Password (EAP-MSCHAPv2), which is working when I connect through SSTP. However, the server seems to be determined to use certificates for client authentication
  - when I log using wfp, in the wfpdiag.xml file I can see that the authentication method listed is <mmAuthMethod>IKEEXT_CERTIFICATE</mmAuthMethod>. As I understand it, this should not be the case.
  How can I get the server to accept EAP-MSCHAPv2 authentication?
  Thanks,
  Andrew

• Zone Base Forewall for VPN connections does not work after IOS upgrade

  Hi all,
  We use cisco router 2911 as corporate gateway - there is Zone Based Firewall implemented - I upgraded IOS to last version (15.2(2)T1) - originaly version 15.1(4)M1 - to solve issue with Anyconnect connections (bug CSCtx38806) but I found that after upgrade the VPN users are not able to communicate with sources in other zones.
  More specific
  WebVPN use this virtual template interface
  interface Virtual-Template100
  description Template for SSLVPN
  ip unnumbered GigabitEthernet0/1.100
  zone-member security INSIDE
  There are other zones VOICE, LAB, ...
  In the policy any connection is allowed (used inspection of icmp, tcp and udp) from INSIDE zone to VOICE or LAB zone
  After VPN connection I am able to reach resources in INSIDE zone (which is the most important), but not in other zones. Before upgrade it worked.
  Once I changed zone in Virtual-Template interface to VOICE, I was able to reach sources in VOICE zone but not in any other. I searched more and found the stateful firewall is not working for connections from VPN as ping is blocked by policy on returning way - it means by policy VOICE->INSIDE, once I allowed communication from "destination" zone to INSIDE zone - the connections started to work, but of cause it is not something I want to setup.
  Does anybody has the same experiance?
  Regards
  Pavel

  It seems to me I should add one importatant note - if client is connected directly in INSIDE zone, he can reach resources in other zones without any issue - so the problem is only when the client is connected by VPN - not in ZBF policy setup.
  Pavel

• Best option for VPN and Firewall..

  I am replacing my Watchguard Firebox 700 Firewall/VPN with a Cisco box. I am trying to determine what would be the best model for my environment.
  20 person company.. The only need would be for 1 or 2 different offices to connect via VPN and also our users to connect via VPN. So my needs are for firewall and VPN.. What model would you recommend?
  Thank you

  Hi,
  I would suggest ASA 5505. Take a look at the link below.
  http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
  Rate it, if it helps.
  Thanks
  Gilbert

• Unable to set manual IP address for VPN connection

  Recently a VPN connection with a client stopped working. They changed phone companies and changed some of the IP addresses.
  After alerting them I could no longer log in, I received the new server address which I can log in with it,
  BUT my computer is assigned a dynamic address that is already in use on their network. This causes my computer to *not* be connected to their network, even though I am inside their firewall; therefore I cannot adjust the database files I need to.
  I have tried to set the VPN (PPTP) connection TCP/IP address IPv4 manually, using the static address they just gave me. But each time I connect, [I believe] their router assigns me an address that is already in use.
  They do not use IPv6.
  Can anyone give me direction on how to make the manual IP address *stick*?
  The tech person at the site keeps telling me it is a problem with my "Mac, because with Windows.... blah, blah, blah".
  I am pretty sure this is not the case and in fact I was the one who let her know I was receiving a duplicate address.
  Your VPN expertise is really appreciated.
  Thanks in advance,
  Michele

  Hi,
  Please make sure the Ad hoc connection IP adress is at the same range with your local connection. In addition, how about recreate the ad hoc connection for test, please have a try.
  If problem persists, please use Network troubleshooter in Action Center to fix this problem for test.
  Roger Lu
  TechNet Community Support

• Best practice for RAC connections

  Got a question of what people consider best practice for setting up high-availability connection pools to a RAC cluster. Now that you can specify the fail-over logic right in the thin connection string it seems like there are three options.
  A) Use OCI connections and allow the fail-over logic to be maintained in the TNSNAMES.ORA file.
  B) Use simple thin connections with multi-pools and let WebLogic maintain the fail-over logic.
  C) Use simple thin connections with fail-over logic in the connection string.
  Thanks,
  Rodger...

  If you need XA, then follow the WebLogic documentation. If not, then
  you have much more freedom. The thin driver can be configured to
  use the tnsnames.ora file if that helps you. WebLogic much prefers the
  thin driver to the OCI-based one, which can kill a JVM with OCI bugs.
  If you do driver-level failover, each failed connection will cost a test
  and replace. If you use multipools, WLS can be configured to flush a
  whole pool when it finds a connection bad, and also make the failover
  at the pool level, right then, so application delay is minimized.
  Joe