DNS VPN SBS2003

Similar Messages

• VPN mysteries OS X server 10.5.0

  Hi all
  I have a perplexing issue and I'm sure that to a certain degree it is due to a lack of knowledge and experience with DNS, VPN, etc., but bear with me as I'm learning fast.
  Situation is I've configured VPN a Mac Pro running OS X server 10.5.0 (yet to apply updates, but as far as I can see, 10.5.1 and 10.5.2 don't change the VPN picture much).
  On the netgear router, the following ports are being forwarded to the IP of the server:
  UDP: 4500, 500, 1701
  TCP: 1723
  So with L2TP set to authenticate via PPP, directory service selected, and MS-CHAPv2 for authentication, I can get a VPN connection from a nearby wireless network.
  I've left the Network Routing Definitions blank so all traffic should be routed through the VPN (as I understand it). DNS server - at server end of course - is set to the server's IP, and this shows up in the DNS settings on the client end (after a successful connection).
  Forward and reverse DNS lookups seem to be working fine at the server, and on the client (10.5.1).
  There is a workstation (192.168.1.51) and printer (192.168.1.60) on the LAN (netgear gigabit switch) the server is connected to. However, I cannot ping anything on the network, nor can I connect via browser (for example to the printer, that has a web-interface for config.). Anyway, the DNS resolves fine, but no access.
  I can ping the server at 192.168.1.50 no problem.
  What I'd like to be able to do is access other workstations, etc. via IP, on the remote LAN via the VPN connection.
  I can't see any firewall problems at either client or server end.
  If anybody has any thoughts or ideas of how I could resolve this, I'd be really happy to hear from you!
  Thanks!

  Hej Leif ...
  Leif Carlsson wrote:
  "As I understand it, this means all traffic will be routed through the VPN connection for reasons of security and clarity."
  It is what people use to report yes (default route through VPN - check with netstat -rn on client when connected to VPN).
  I'll check this out and post the results. Never used netstat so there you go!
  If you add the server (LAN) subnet to routing def. you should get a split tunnel like you describe.
  Sometimes people also add a public route 0.0.0.0/0.0.0.0 (not sure if this is neccessary).
  OK.
  I think you should look att the subnet used for the server LAN.
  Can you give me some more clues here?
  Stay away from using 192.168.1.0/24 as most NAT-routers has that as the default.
  And don't use 192.168.0.0/24 either.
  If you try to connect from a subnet using the same numbering as the server LAN you woun't succed.
  OK, so if I'm on a subnet where the addressing overlaps with the remote (server-side) LAN, that's an issue?
  Otherwise if server is the gw doing NAT you probably need to look att firewall settings (allowing trafiv in from ppp0 - VPN)
  Firewall on the server? I turned it off totally when testing.
  If the server is behind NAT and you wish to go through it using the VPN - and then go to Internet - you need ipforwarding "on" in the server (NAT-config: "ipforwarding only" -at least in Tiger server).
  NAT on the server box isn't even turned on - the LAN gets it's addresses via DHCP from an adsl modem-router (Netgear DG834) with LAN definition 192.168.1.1/255.255.255.0 and DHCP from 192.168.1.2-25.
  I could give the airport base-station a fixed IP, leave DHCP just to wireless (none of the devices that have fixed IPs are wireless) and use the server for NAT? There would be a few physical wiring challenges but it could be done.
  Thanks!

• OS X Server / VPN /The L2TP-VPN server did not respond...HELP!

  I am very new to OS X Server and my goal is to setup DNS & VPN!  I would like to have this setup to be able to connect into my apple computer from work or friends house.  I am using an Apple Airport Extreme router and im also using the latest version OS X Mountain Lion with OS X Server installed.  I have started an account with dyndns website for user host name (using a [email protected] address). I assume this would be used as an alternate way of being able to connect without starting a personal website.  I also signed up for another site (no-ip) and I now have a different IP address (not sure if that was necessary). I then followed instructions on youtube (instructional videos by todd for OS X Server Mountain Lion) which seemed to be very easy to understand. But after setting up my VPN on the client side (network setting in system preferences), i tried to connect VPN (L2TP) and i receive this error message "The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.". When I open Consol in the utilities folder, I am seeing part of the following message below;
  racoon[117]: IKE Packet: transmit success. (Phase1 Retransmit).
  racoon[117]: IKE Packet: receive failed. (malformed or unexpected cookie).
  pppd[490]: IPSec connection failed
  Does anyone know what's happening or what I need to do to fix this?  Or can someone tell me the basic requirements to setting things up correctly?

  Im using Comcast for my ISP and from the wall I have a Motorola Surfboard 6120 cable modem (not sure how to access my setting on the modem). So basically I have my 6120 cable modem connected to the Apple AirportExtreme router and is then wirelessly connected to my macbook pro.  im providing screen shots of my apple router settings, OS X Server settings and firewall (which is turned off) settings.  Any suggestion on how i should set things up or if you can tell me step by step would be greatly appreciated.

• Not enough port fields in port forwarding for Linksys E4200

  I have always used netgear routers in the past. After a series of issues regarding configurations not working correctly I invested in what appeared to be a semi pro router, the cisco linksys e4200.
  I have a centralized server which I use to access a mass of different services such as mail, dns, VPN, FTP, Kerberos, http and many more. While I am not a massive networking nerd, this server setup is like my garage project. To access these services externally to my LAN as far as I understand I would need to configure port forwarding for each service to my server. Unfortunately the control panel for the linksys E4200 only offers about 15 custom port fields for forwarding, and some documentation I have read shows that with it's basic install my server could be using up to 60 ports at once.
  Is this router just not suitable for this sort of network. If so I will be very disappointed because I have spent a quarter of the price on netgear routers with more control than this.
  If anybody could assist with details and options I would greatly appreciate it

  Wrong forum, use "small business routers".

• Client-side Password Changes

  I have a Leopard server setup with user accounts, but no home directories. I plan on using the server for calendaring, dhcp, dns, vpn and some web applications. These web applications are configured to auth against the user's Open Directory account on the server or using LDAP against Open Directory.
  How does a user change their password on the Mac OS X server?
  Is there a more user friendly way to do it than having them ssh to the server and running passwd?

  I am currently working on a webapp function that uses php ldap so the user can change his/her password but I am having some trouble with it. I can currently update the encoded userPassword attribute and I can see that it has been updated in the Server Admin inspector but when I try to authenticate to the Open Directory the new password doesn't work.
  This leads me to believe that Leopard OD isn't using the userPassword attribute for OD authentication, can anyone confirm this??
  Here is the PHP code I am using:
  $encodedPass = "{SHA}" . base64_encode( pack( "H*", sha1( $pass ) ) );
  $infoOPENBRACKETHERE"userPassword"CLOSEBRACKETHERE = $encodedPass;
  $r = ldapmodreplace($ldapconn, "uid=".$username.",cn=users,dc=server,dc=domain,dc=com", $info);
  Any help would be greatly appreciated!
  Thank you very much!

• Time Machine and OS X Server

  I was wondering what others results have been with this combo; I recently attempted a Time Machine recovery of a backup made of an OS X Server 10.5.4 drive and discovered that while the backup appears to work correctly and the restore brings all directories and files back, the server services won't work. I found that of the services I use (AFP, DNS, VPN, iCal, Web, SMB, and Open Directory), none of them would start or operate as expected. It was only after doing a fresh install that I was able to get the services to operate. The server also operated correctly after restoring from a disk image made with NetBoot.

  you should post this in [OS X server forum|http://discussions.apple.com/category.jspa?categoryID=96]. and please mark your post as a question when you are asking something.

• Networking Scenario - Will this work

  Hi. I have been asked to look into the option of setting up a "server" for a small company, max 10-users. After doing some research I have thought of implementing the following.
  Get a decent Imac Running Mac OS x 10.5. Set up File Sharing on the imac with user rights, set up VPN to allow apple lapotops to connect from outside to the Imac and seeing their files, documents. Install Kerio server on the mac os X for email.
  Will the above solution proviude this company to share files when inside the office and outside, securely. Does the Mac OS X have the features to allow user access to shared folders, etc. Is Kerio Mail server easy to setup and implement?

  The cost of kerio mail server in the UK is £324. The cost of snow leopard server is £399
  Leopard Server would have everything you are looking for. users n groups, policy based file sharing, VPN Server, Mail server and much more.
  Setting up mail and vpn can be done in a few clicks using the simple server setup. Or if you goto lynda.com and subcribe for 1 month you can do their leopard server course its about 12 hours.
  So why spend that kind of money on just a mail server when just a little extra will get you leopard server.
  I currently run leopard server on a mac mini, It only has 3 user so not to demanding, I run mail, dns, vpn, file sharing and it runs just fine.
  So if your file sharing is not too demanding eg not huge videos files etc then and imac should be ok.

• How can local user send message to other user via OSX server in mac maverick

  I just install OS X server in mac mavericks and enable services such as message, DNS, VPN, etc. I also create local users and local network users. I add some local users from OSX server to Message app in order to message to server, but I cannot send any message to those user, even Bonjour is available but I cannot use it to send message in local network.
  I already followed all Server Help in Messages like in this image:
  I try to access to my local OS X server via IP address by using other PC, Mac and iPhone and I can get this interface:
  I already try in iPhone to send message to local user in OS X server after accessing to OS X server via IP Address, but I don't know how local user can get that message and I see nothing in message_archives of message data of server. Therefore, how each user in OSX server can message to each other across OSX server ? Does Admin have to write some codes or make configuration for providing message services to those users ?
  Message was edited by: chhanmalin

  Client users need to use XMPP client app to log in to server with account name like in server , then user can send message to other users in server. Client users can use iphone, pc, or mac.

• Problems with my Samba-Server

  Dear all,
  I've some problems with my samba-server. It's running on an XServe G5 on OS X 10.4. The problem I have, is that after an undefined time (several days to several months) don't react. It's running as an print-server and primary as an primary domain controller. This time, wehen everyone can't log in, I restart the service and everything runs without any problems, but this is very problematic.
  has someone of you had this problem yet or can someone help me with my problem?
  Thanks a lot,
  Fabian

  Fabian, you might be better posting in the File Services forum. This forum is used more for network subjects (e.g., DNS, VPN)...
  http://discussions.apple.com/forum.jspa?forumID=702
  -david

• Change from dual ip bridge to single ip server - advice?

  Our server is currently as follows:
  10.4.11,
  en0 - private ip address
  en1 - public ip address
  en1 is primary ip with all usual DNS resolving.
  We run, mail, web, ftp, OD, AFP, private side DNS, VPN, NAT and IP forward for private clients sharing en1 public ip address.
  I plan to take the server out of the bridging job and have it only on the private network side behind a firewall and router. I intend to port forward the net services to the server at its private ip address, eliminating the primary ip address and interface altogether.
  I plan to make a full backup in advance in case of trouble.
  I assume that we can back up OD, pull the ethernet card (or leave card in and change en0 to primary??), run changeip and restore OD...
  Any advice or experience would be appreciated.
  Thanks in advance - Erich

  No, I don't have any special information. I'm just going by my experience when I had to change the primary IP when we changed services from DSL to FIOS with our ISP. When we made that change, we got a new IP and since the internet side is the primary address had to run changeip which resulted in strange OD behavior until restoring the database from a backup.
  With what I am doing here there will be a new primary IP too. I assume I am doing the same thing here since I need to change to the private IP as the server machine's primary address now. The server's primary address / ethernet connection is going to be disconnected so it can be run through the router. I assume that since there won't be any connection on the port listed as the primary that something needs to be changed. I don't want to have to start from scratch since we plan to move to 10.5 in a few months anyway.
  I don't have enough experience to be confident of this type of change going smoothly.
  -Erich

• User Password Control

  I have a Leopard server setup with user accounts, but no home directories. I plan on using the server for calendaring, dhcp, dns, vpn and some web applications. These web applications are configured to auth against the user's Open Directory account on the server or using LDAP against Open Directory.
  How does a user change their password on the Mac OS X server?

  I suggest you ask in the OS X server forum
  http://discussions.apple.com/category.jspa?categoryID=96
  in leopard client passwords are changed in system preferences->accounts.

• Small system setup

  I have the following setup and wanted to make sure what I am conceptually doing is correct:
  t1-1760router--2950switch---pix501
  t1:
  254 available ip's
  1760 router
  -no changes, just connected to the catalyst 2950 switch
  2950 switch:
  -Fedora Linux server for web hosting
  -Windows Server 2003 Nic 1
  -pix501
  Pix501:
  dhcp turned off
  -windows server 2003 nic 2
  -2 workstations
  -network printer
  Server 2003:
  dhcp server
  dns
  vpn
  terminal services
  workstation access
  Nic 1
  terminal services
  WAN access
  Nic 2
  LAN workstation access
  vpn
  Does this setup look correct?
  thank you in advance

  Hello,
  Looks fine. Are you going to have 2 separate VLANs for the different services associated with the 2nd NIC's and secure the public facing ones with the PIX and a totally private VLAN for the local services?
  HTH
  Regards,
  James

• Server has gone wobbly - advice needed.

  I'm hoping the experts here can point me in the right direction.
  I have taken over a position as IT Manager of an all-mac business (~20 users) using a co-located XServer that is currently running 10.5.7. I'm trying to work with the hosting company to upgrade to 10.6.1 (or .2) in the next couple of weeks. (All clients save 3 are on SL.)
  The person whose position I've taken over is no longer available and while I am extremely competent with Mac (20+ years) I am new to the server side of things. I'm very comfortable in Terminal and have a beginners knowledge of Unix/Linnux.
  To the point: My server has in the last few weeks become extremely unstable and upon restart can take 40+ mins. to restart during which time, of course, I cannot ssh or screenshare. I have made no changes to the settings save for two DNS updates (IP address changes for www and ftp). The old IT manager has updated security certificates and installed a self-signed. Our RAID controller reports no problems, neither does the Server Monitor.
  I'm hoping the upgrade to 6.1 will help stabilise, as I have no idea where to start investigating. Prior to this we had uptime of well over 45 days. Now I can't seem to go more than 5.
  I know I haven't even begun to give you the information you need to help me solve this issue but I'm wondering - are there any books any of you would recommend that would help me really start to get a handle on the intricacies of maintaining this server. I have all the apple docs and have read the majority of all of them, but since I don't know where to start looking, I'm finding the doco little help.
  Any assistance or advice offered will be greatly appreciated. Thanks!

  IMHO, the problem with documentation is twofold:
  1) it's copious - there are reams and reams of documentation on Mac OS X Server - each service has its own volume - Open Directory, File Sharing, DNS, VPN, Mail, etc., etc.
  2) it's all based on theory - it all says how it should work but rarely covers what to do when things fail.
  The first problem means it can take a while unless you're really focussed on one issue at a time and can find the right piece of documentation. The second problem is only really solved with time and experience.
  In this case I think your best start is to review the server logs for any clues. Mac OS X Server is pretty good about logging error conditions, so look specifically for any log events that occur around the time the server goes down, as well as the startup logs which can add additional information.
  I wouldn't recommend upgrading to Snow Leopard until you know what the issue is. You run the risk of compounding the problem, and migration of data can take time even when things are good.

• Trouble with DNS/NetBIOS name resolution over VPN

  I’ve got one for the DNS/WINS gurus out there who are also familiar with VPN connections.
  We have a VPN setup on our Mikrotik RouterBoard 532 for a number of employees running Windows 7 Pro laptops. Unfortunately the Mikrotik is maintained by our ISP so I don’t have access to it, but I can call them to make changes. Anyhow, I do not believe it
  is a problem with the Mikrotik.
  The problem is with resolving NetBIOS names (UNC paths, drive letters, etc…) over the VPN from remote locations, and ONLY with laptops joined to our
  abc.local domain. If I use my home PC or disjoin the domain laptop from the
  abc.local domain and return it to WORKGROUP, keeping the same Windows VPN client settings, I am able to resolve paths just fine.
  For example, when I type \\server1 from Start>Run, it fails and tells me “server1 is not accessible. You might not have permission to use this network resource.” Using the FQDN is no problem at all, which makes me believe the problem is with NetBIOS resolution
  and takes me to the WINS servers on the network.
  The VPN hands out primary and secondary WINS servers, and they appear to be configured correctly in our Server 2003/2008/2012 environment. When I run
  nbtstat –A IPAddressOfLaptop from a WINS server it resolves the laptop, and the same command from the laptop looking to the server resolves OK too.
  What’s strange is that when I ping “server1” I get a valid response from server1.abc.local, as expected, but for some reason I still can’t browse to it from start>Run… “\\server1”.
  The DNS suffix abc.local is in the “DNS suffix or this connection” field in the properties of the VPN client since the Mikrotik VPN is unable to deal this to clients.
  I have ruled out Group Policy as the culprit because even after removing any group policy from applying to one of the laptops the result was the same.
  I’ve used every resource and tool that I could to try and find where the problem lies and can’t seem to solve it. Everything looks properly configured.
  I would greatly appreciate some assistance!

  When you run an ipconfig /all, do you see the WINS server addresses being provided? How about the connection specific suffix for the domain, domain.local (or whatever it is called)?
  I assume that you are using the Microtik as the VPN server and you are not using AD accounts for authentication. I would highly suggest to do that, otherwise, there will be a mismatch.
  What VPN client is being used?
  What is offering DHCP, a Windows Server or the Microtik?
  FYI, using NetBIOS connection method, such as \\server1, will use the current logged on account for authentication. If the VPN credentials are not AD credentials, but the VPN client is setting the logged on credentials account
  (some of them do that), then it will cause issues.
  From what I see that NetBIOS is not being blocked, so that doesn't appear to be an issue, but it's coming down to credentials. Maybe in the mapped drive you can preset the credentials, and might be one way around it.
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• DNS over VPN

  Hi community,
  I am having some trouble with dns over vpn. On server side of VPN the dns is working 100% i.e servername.domain.com resolves to local IP address correctly from within network. However, when i connect into network over VPN the dns does not work correctly - it resolves servername correctly but not servername.domain.com. I can overcome this by setting VPN above my Ethernet adaptor in service order but then all my traffic gets routed over VPN connection (which i don't want) - even if I try adding network routing defn on VPN server. I probably need to do something on the VPN client (Snow leopard 10.6.1)?
  Please help!

  Rather than dnsmasq and openwrt, I'd look at the DNS server here.
  My guess here would be that the DNS configuration is invalid, or the domain name incorrect, or such.
  For a simple split-brain, you'll have one forward zone with your local Mac OS X Server box as the DNS server, and one (created for you) reverse DNS zone. And you'll be using a unique domain name or (far better) a publicly-registered DNS domain. But this smells like a DNS error.
  Post the +dig -x+ of the IP address on your LAN, and the +dig host+ and +dig host.example.com+ of the domain name on your LAN. And given this DNS information is either public or is behind a firewall and thus accessible only via VPN, please post the real data rather than masked data.