Connecting to OSX Server VPN

Similar Messages

• Mac OSX Server VPN Not Working

  Heres how my setup is: I have an ATT DHCP Server/Router That assigns my public ip.
  I have an Apple AirPort Extreme in Bridge Mode Which hosts the main wifi connection.
  I have my Mac OSX Server connected to the AirPort Extreme
  On my ATT Router DHCP Server's Firewall I have my computer set to DMZ Plus mode which forwards all ports on the network to my mac.
  I am trying to connect to the vpn network via my MacBook Pro and iPhone5 and I cannot. However I can connect to the online wiki page on my server by going to server.djswirkmke.com if you would like to see it. My host name is server.local on the network but on the internet it is server.djswirkmke.com I also have a mail domain setup as mail.djswirkmke.com. My problem is I am not able to connect to the vpn on the client computers can you please help?

  In a moment of random frustration, I tried listing the DNS server in VPN settings three times, and it somehow fixed the problem. Even though it is the same IP all three times, it works when it is listed three times but not when it is listed just once.
  In other words, in VPN > Settings > Client Information > DNS Servers, I have:
  192.168.100.64
  192.168.100.64
  192.168.100.64
  Hope this helps someone having the same problem.

• OSX Server VPN L2TP secure?

  i am using osx server v2.21  (169) and using the L2TP with shared key VPN  to connect my iphone to my home server, and browse through my home internet connection...
  i have read numerous articles on the internet, and some here on the apple support communities that say L2TP VPN on OSX Server is not secure....
  is that really the case?
  thanks

  There is no perfect security.  Ever.   A sufficiently determined attacker can and will succeed against anything you can do, given that sooner or later somebody involved will make an opsec mistake somewhere.  Or the existing attacks against MD5, RC4 and SSL/TLS security — attacks including BEAST, CRIME Lucky 13, etc — will continue to be "weaponized".
  Firewalls and VPNs only get you so far, and it's common for attackers to use a variety of attacks to try to breach those; to bypass the network security.  So-called "spearphishing" tries to get somebody on the network to breach security for the attacker.  The best VPN and the best firewall are worth nothing if you have Java lit in your web browser and the Java JVM sandbox gets breached (again), or if you receive and open a document that contains malware, for instance. 
  Facebook and other entities were recently breached using what was known as a watering hole attack, and that was only spotted based on detecting "odd" out-bound network traffic.  The attack got around the firewalls and the VPNs and the rest of the security, and was active on the organizations' internal networks.
  If you're securing nuclear secrets or large sums of money or exceedingly embarassing or sensitive data, then you definitely and certainly do need to focus on this stuff, and you're going to be spending time and effort and money on making your organization harder (emphasis on harder) to attack.  But attacks will continue.
  If you're dealing with a home network or a typical a small business network, then you just don't want to be the lowest of the low-hanging fruit around, and you want to avoid opsec mistakes such as open ports or weak passwords, and you don't want to give the good folks of the Internet reasons to attack you.   You want to be not worth attacking, or not as "fun" and not as valuable to attack. 
  Even if your security is not attacked, a DDoS can still ruin your day.
  As I've mentioned elsewhere, I much prefer using a VPN server in a gateway-firewall-router device — as VPNs and NAT don't mix very well — and I do use private certificate authority chains.    But in terms of attacks?  Keep your software and your security current, review your logs and your rules, DMZ any services you provide to "outside", maintain and verify backups — those backups can be your recovery path from a breach — and start looking at "odd" or "unexpected" outbound traffic, too.  VPNs are just part of avoiding the mess of a cleanup.

• Outlook doesn't want to connect with OSX Server on 2 out of 3 clients

  I have three computers on which I have installed Outlook 2011.  All three are running Mavericks.  On one of them, a MacBook air, I have established an outlook account connecting to my OSX server with no problems.  On the other two computers when I set the parameters the same way, I cannot establish an outlook account.  When I use Apple Mail on any of the three machines, I am able to establish accounts for iCloud and  the OSX server with no problems.  Can anyone point me to the source of this problem or a method for trouble shooting it?

  Hi tommy-ch,
  Apa kabar,
  Do visit and post your thread in boot camp discussion:
  http://discussions.apple.com/forum.jspa?forumID=1165&start=0
  There are more experience user on bootcamp that might gladly help you out.
  Good Luck.

• Cant connect to OSX server over network in recovery mode

  Hi guys.
  First of all, thanks for any help you can give me.
  I am running osx server on a mavericks mac mini on a home network.  Attached to it I have a 1tb hard drive to which all the macs in my house use time machine to back up over my network and they are stored there.
  I have just formatted one of my macs and want to restore it from these time machine backups that are on the osx server on my network.
  When i enter recovery mode from boot (COMMAND R), it can see the "backups" on networks "Matts-Mac-Mini" but when i then click "CONNECT" it says "Enter your name and password for the server "Matts-Mac-Mini/local" so that Time Machine can access it.
  It gives me a box with NAME and PASSWORD and a CONNECT button.
  By DEFAULT the "NAME" it starts with is "root".......which I dont understand.
  I have tried every single iteration of names and passwords I can think of but it still wont connect, it either shakes the box or gives an error saying "There was a problem connecting to the server "Matts-Mac-mini.local".  Check the server name of IP address and then try again".
  I have tried the log in details for the osx server, the login details for the mac im trying to connect from, used root as the username, tried capitals, no capitals, spaces no spaces etc.  I am at a total loss and about to tear my hair out!!
  Is there anyone able to give me any help with this please, I would be SO grateful!
  Many thanks,
  hardtofin

  I think I have isolated the password, with a certain username and password the box never shakes and instead gives the error: "There was a problem connecting to the server "Matts-Mac-mini.local".  Check the server name of IP address and then try again".
  Are you able to offer any help with this?  I dont see why i can't connect to it, if the imac can already see it?
  Many thanks again,
  hardtofin

• Trouble connecting to OSX server from XP domain members

  Can someone help me out with a problem connecting to our OS X server from Windows XP? Basically, I only have trouble connecting from XP machines that are members of the domain.
  Here are some details:
  OS X Server 10.3.9, bound to domain through Active Directory.
  Windows Services role = Domain Member.
  Computer name (under Windows Services) = macserver
  Connects fine from Macs via Network>Domain>macserver
  macserver IP address: 192.168.1.5
  Sharing 1 folder to all members of the domain.
  I can connect fine from OS X computers and XP computers that are NOT members of the domain
  I can connect from XP domain members via the IP address \\192.168.1.5
  I cannot connect from XP domain members via Network Neighborhood>Domain>macserver, or by entering the computer name. Error message recieved: "The account is not authorized to log on from this location."
  I can ping macserver from any xp machine and it resolves the IP address.
  I can browse the webserver on OSX Server via http://macserver.
  Any thoughts?
  Thanks,
  Eric
  PowerMac G4, MDD   Mac OS X (10.3.9)  
  PowerMac G4, MDD   Mac OS X (10.3.8)  

  I can't remember how I resolved this. I think I had a number of problems, for instance, spaces in fileshare names. I might also have set up the domain incorrectly. Who knows.

• Connection to OSX Server delayed - no auto connect

  when I try to connect to my OSX server it takes around one minute before the connection is established . every morning I have to reconnect with the server (no auto connect). the other two MBP in the office with OSX 10.5 are auto connected every time.
  MPB OSX 10.6.2
  Server OSX Server 10.5.8
  connected over ethernet

  Under the Apple Menu ->System Preferences ->Network. The left hand column should display known network connections. Click the little plus sign and add the appropriate connection.
  For future reference this information is available via the help menu as are directions that might be easier to understand.

• Newbie: Connect Windows - OSX Server

  Hi
  I'm completely new with osx server. Installed it 5 min ago
  I'm wondering how i manage to get a remote desktop connection from a windows machine to the osx server?
  If i try on the windows the remote desktop with the IP of the server it can't connect.
  By the way, how to i manage to get a remote connection from mac to mac server?
  Thx

  I would politely disagree. Yes, definitely, the Mac 'Screen Sharing' app works a treat, and Apple Remote Desktop.app works as well, but I am coming from a Window's PeeCee.
  For me, connecting to my 10.5(.8) Server via tightvnc gives 'Server did not offer supported security type!". Using RealVNC to this machine states "No matching security types Do you wish to reconnect to ... ?" a telnet to this AppleVNCServer service (port 5900), shows RFB 003.889 *, or Remote Frame Buffer Major 3, minor 889.
  Also, connecting to multiple 10.6(.1) Clients with Tightvnc correctly asks for a password but then hangs at "Status: Security type requested". Using RealVNC opens, connects, asks for authentication, and exits. Telneting to this AppleVNCServer service (port 5900), also shows RFB 003.889 *.
  The Current Version of the protocol is supposed to be 3.8, that is Major version 3, minor version 8. Not 80 or 800 but Eight). http://www.realvnc.com/docs/rfbproto.pdf and I believe that tightvnc only supports up to version 3.7.
  On each station I have installed the 'old' OSXVnc.app as a service (to a unique port). OSXVnc utilizes protocol 3.3 and I can control them successfully, but that is of my own doing because of this issue.
  Now JollysFastVNC works a treat to any machine I have EVER tried to connect to. I have not tried COTVNC or any of the others (too slow for me, when they wer e around)
  Also, I just noticed that RealVNC states that their free and personal version will not connect to Mac OSX (x86 and PPC) but the Enterprise one will. I just Dl'ed the Enterprise Viewer and it gave essentially the same thing ('protocol is not valid' message, even after it asks for a password). Anyway, I am not here to hijack this thread, just trying to keep the info flowing and open.
  Maybe I am the only one with these problems but the bottom line is I cannot use Real or Tight, or UltraVNC to administer my server or clients as long as AppleVNCServer gives out the 003.889 protocol version.
  Peter
  * The ProtocolVersion message consists of 12 bytes interpreted as a string of ASCII characters in the format "RFB xxx.yyy\n" where xxx and yyy are the major and
  minor version numbers, padded with zeros.

• OSX Server VPN NAT Help

  Hello
  Configured ML VPN server using the following article.
  http://macminicolo.net/mountainlionvpn
  Everything works fine and vpn client can go out to inet. So far so good. Now what I want to do is use StrongVPN on server and allow my vpn clients to go out my connection to strong VPN. So far everything I have tried doesn't work. :-(
  Want it to look like this
  MYLOCALVPNCLIENT->OSXMLVPNSERVER->SERVEROPEN VPN CLIENT to STRONGVPN
  Playing with cusomNATRules:
  nat on en0 from 192.168.3.0/24 to any -> (en0)
  pass from {lo0, 192.168.3.0/24} to any keep state
  tried chaning it from en0 to ppp0 and no go. Did different combinations and still nada. The connection on the server to STRONGVPN cfg to route all traffic through STRONGVPN.
  I'd appreciate any help you can give. I'm sure I'm missing something simple.
  Thanks!

  Hello
  Configured ML VPN server using the following article.
  http://macminicolo.net/mountainlionvpn
  Everything works fine and vpn client can go out to inet. So far so good. Now what I want to do is use StrongVPN on server and allow my vpn clients to go out my connection to strong VPN. So far everything I have tried doesn't work. :-(
  Want it to look like this
  MYLOCALVPNCLIENT->OSXMLVPNSERVER->SERVEROPEN VPN CLIENT to STRONGVPN
  Playing with cusomNATRules:
  nat on en0 from 192.168.3.0/24 to any -> (en0)
  pass from {lo0, 192.168.3.0/24} to any keep state
  tried chaning it from en0 to ppp0 and no go. Did different combinations and still nada. The connection on the server to STRONGVPN cfg to route all traffic through STRONGVPN.
  I'd appreciate any help you can give. I'm sure I'm missing something simple.
  Thanks!

• IChat LAN-LAN bonjour connection via OSX-Server and Draytek routers ?

  We want to configure a LAN-LAN iChat intranet connection via our OSX-Server and several Draytek 2600 routers. We have static IP-addresses in all local LANs, do LAN-connection via DynDNS and opened the iChat NAT-Ports on every router as described in several posts.
  LAN-LAN connection (e.g. volume mounting and ARD (Apple Remote Desktop)) works fine. We started iChat on every Mac and chatting via .mac accounts also works, but not via Bonjour. The logged-in users are not listed in the iChat bonjour contact list.
  What do we have to configure more ? Starting the iChat service on the OSX-Server ?
  Thanks in advance for help
  Alex
  PowerPC G5 DP 1.8MHz   Mac OS X (10.4.9)   1GB RAM 22 Display
  PowerPC G5 DP 1.8MHz   Mac OS X (10.4.6)   1GB RAM 22 Display
  PowerPC G5 DP 1.8MHz   Mac OS X (10.4.6)   1GB RAM 22 Display

  Bonjour works without a server but will only work within the same subnet. It's likely your routers are on different subnets and so using Bonjour you would only be able to see contacts on the same subnet.
  If you're not seeing anybody else at all, even those on the same subnet as you, then perhaps your firewall hasn't been opened to the iChat Bonjour ports (TCP, 5297 and 5298). There's also an entry for it in each Mac's Firewall config pane.
  You best bet may be to run an XMPP server. iChat server is an XMPP/Jabber server (using a copy of the pretty old Jabberd 1.4 code), but you might want to consider running the superior OpenFire (http://www.igniterealtime.org/projects/openfire/index.jsp) on your server instead.
  Just create all the users on the server and then enter the relevant details into each copy of iChat.

• Slow connection to OSX Server 10.6

  Running 10.6.5 server on 10.6.5 clients.
  Anyone notice how slow it can be to connect when using the shortname for the username?
  If you connect using the long name it's instant? Any ideas?
  This is file sharing using Open Directory.

  I am also finding authenticating against osx server / directory or workgroup manager very slow. When I login to a Network Account it takes several minutes.

• SMB connection attempt switches to WebDAV unexpectedly when connecting to OSX server

  With Windows 8.1, I can connect to my OSX 10.9.5 Server share point by opening File Explorer, typing:  \\<fqdn> and hitting return.  I will be prompted for server credentials and when I enter them, I will see the share point.
  With Window 10, if I do the same thing, instead of seeing the shareppoint, I see a blank Windows Explorer screen with "This folder is empty".
  I contacted Apple with a tcpdump from this and they said that Windows 10 is attempting to connect over HTTP instead of SMB:
  ACTION: Windows is handling the connection incorrectly by attempting to use Webdav instead of SMB.
  STATUS: As with any other 3rd party integration cases, we attempt to identify an issue as either an issue to a 3rd party product, or to identify and isolate the issue in
  the Apple product.
  In packet 64 the client sends an SMB 1 negotiate request (expected).  In packet 66 the server responds in SMB 2 with the SMB 2 features it supports
  (expected).  In packet 67 the client sends the SMB 2 negotiation request (expected).  In packet 69 the server responds with the SMB2 negotiation response (expected).
  Normally at this point the client will send an authentication attempt in SMB 2 using one of the authentication types provided by the server in packets 66 or 69.  Instead
  the Windows client sends a tcp connection reset in packet 70 (unexpected).  In packet 74 the windows client initiates a connection over HTTP (extremely unexpected).
  The above pattern repeats several times in the tcpdump.
  The mac server never presented any HTTP information in the SMB packets.  This appears to be a purely Windows 10 issue.
  If I connect to the server by typing:  \\<fqdn>\sharepoint  -- then I do connect, but the OSX server does not indicate this is an SMB connection, so it must be a WebDav connection (which would be incredibly wrong...)
  If this is a settings issue in Windows 10 that is forcing an HTTP connection over an SMB attempt -- can somebody point me where to look?

  On Thu, 20 Nov 2014 17:04:11 +0000, steve maser wrote:
  According to Apple, it appears that if the SMB server (in this case Mac OS X 10.10.1) has port 443 open, Windows 10 attempts to connect over that instead of over the SMB port.
  Anybody looking at this one?
  If you want someone to look at this you need to file it using the Feedback
  tool, if you haven't already done so.
  Paul Adare - FIM CM MVP
  Actually, we have scientifically determined that Heisenberg did indeed
  sleep exactly here. However, we have no idea whatsoever just how fast
  asleep he was. -- Dave Aronson

• Win7 clients can't connect to OSX Server after 10.10.2 and Server 4.0.3 update

  I'm troubleshooting an annoying issue with our Yosemite fileserver at work and hoping someone has suggestions.
  The server is running Yosemite, clients a mix of MacOS from 10.6 through 10.10, and some Windows 7 boxes.
  With the server on 10.10.1 and the just-prior version of Server (4.0, I assume; were 4.0.1 and 4.0.2 ever available to the public?), everything basically worked. Last night, I updated the server to 10.10.2 and 4.0.3.  Nothing unusual during the update apart from a bunch of spotlight indexing processes running as individual users sucking up a lot of CPU for the first few minutes, which may be normal.
  However, now almost all the Macs are fine, but the Windows clients are all getting permissions errors when trying to connect. Even weirder, one Yosemite client was also getting an error on login when trying to connect via SMB, both on 10.10.1 and 10.10.2; the same computer connecting via AFP works fine.
  I'm inclined to think that it has something to do with the switch to SMB3 mentioned in the changelog for Server 4.0.3, although I'm not 100% sure that didn't exist under 4.0 as well, and if this is the problem I'm not sure what to try to fix it.
  I'm already aware of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel needing to be at least 3 (or non-existent, so it defaults to 3 on Win7) to work with Yosemite; these clients already have that registry key set. Suggestions?

  Addendum:  I just realized that the Windows users *can* see their own home folder when they connect to the server without the main share I'm trying to mount specified.  So it's not that they're completely unable to connect, it's just that the server isn't offering them any of the main share when they do.
  When I tried mounting the server from 10.6 manually forcing SMB (with an admin user, no less), I got the same thing--just my user folder, none of the main shared volumes...

• Limited number of 5 concurrent VPN (ipsec/l2tp) connections to OSX Server

  We've configured OS X 10.6 Server on XServe to accept VPN connections either via PPTP or via IPSEC/L2TP using a PreSharedKey.
  When multiple clients try to connect using IPSec/L2TP, we experience problems as soon as 5 users are connected. No additional ipsec/l2tp connections can be created until one of the 5 existing connections is terminated, but then a new connection can start immediately.
  Sniffing with tcpdump, the following can be seen on the server side:
  09:24:45.349541 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 1 I ident
  09:24:45.354978 IP serverIP.isakmp > clientIP.isakmp: isakmp: phase 1 R ident
  09:24:45.358233 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 1 I ident[E]
  09:24:45.365359 IP serverIP.isakmp > clientIP.isakmp: isakmp: phase 1 R ident[E]
  09:24:45.367222 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
  09:24:47.365936 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
  09:24:50.365799 IP clientIP.isakmp > serverIP.isakmp: isakmp: phase 2/others I oakley-quick[E]
  The last lines are repeated several times, until the connection attempt times out.
  When using PPTP connections, we don't experience these problems, and in addition PPTP connections can even be created when 5 ipsec/l2tp connections are already established.
  Does anyone know if there is some kind of limitation for the number of concurrent ipsec/l2tp connections built into OS X server? So far, we have not seen anything like this in the docs.

  Ok, IMAP server almost universally allow multiple connections. Thunderbird as you would have observed uses 5 if they are available. As Airmail suggested, iphones just use more and more until they exhaust the available connections. There is no set maximum option.
  However there are other things that can consume connections and some may surprise you.
  Anti spam tools such as mail washer
  Anti virus programs in their anti spam or anti phishing roles
  Web mail.
  The wife sharing the same account on her laptop.
  That is from the top of my head. So could any of those apply.

• How can I connect a pptp client TO my mac osx server vpn?

  On my client it requires the following information:
  IP address of server: done
  Remote subnet: __________
  Remote subnet mask:__________
  MPPE encryption:___________
  MTU:______
  MRU:______
  NAT:______
  User: done
  Pass: done
  I've looked up but I can only find I for for the mac as the client, in my case a dd wrt router is the client.
  What belongs in the empty fields, or where can I find that info.

  What kind of DVD?
  Unlikely that the file size would be suitable for email. How long is the DVD?