Is it possible to configure the OS X Server VPN Service to use Certificates?

I was attempting to set up the VPN Service on OS X Server 4.0.3 (Yosemite) to use certificates instead of a private shared key.  It does not appear that the VPN Server in OS X Server is designed to use anything other than a private shared key (on the server side).  I was wondering if I was missing something?  The VPN Server works fine using the PSK (L2TP or PPTP) - I just thought I would experiment with certificates - but every example I am finding shows the PSK being used - although some of the "how to" tuturials allude to the fact that VPN certificates are supported for L2TP - but they don't provide any detail on how that functionality would be configured.  I tried creating both a VPN Server and VPN Client certificate - however - the certificates show up in the login keychain and do not appear in the certificate window in the Server app.  I was hoping that maybe the presence of a VPN Server Certificate would possibly enable an option to use it when configuring the VPN.
~Scott

No unfortunately the 'official' Apple VPN service does not have this ability, furthermore as Apple use a heavily customised version of Racoon you cannot cheat by trying to do this via the command line.
You will have to use a completely different VPN server, Mac and iOS clients can do this but not the Mac server side. I use StrongSwan running in a Linux virtual machine.

Similar Messages

  • It is not possible to configure the selected XI domain

    Hi...
    PI 7.0 server on Windows environment and database is SQL Server.
    PI Server pick and place the messages from r/3 to r/3 in Oneway but in the reverse it is pick the messages from source but it is not place to the target system.
    The error messsage in RWB in end to end monitoring...
    It is not possible to configure the selected XI domain because the Integration Server does not exist or could not be read from the SLD
    In Component monitoring...
    500 internal server error
    Application error occured during repuest processing..
    Thnx
    Raj

    Thanks for your promp response, tbluong.
    The configuration in SXMB_ADM > Integration Engine Configuration is already done and its check (F7) returns success (all green): "Role of Business System: Current Configuration = System Landscape" and "Corresponding Integration Server: Current Configuration = System Landscape".
    Any suggestion?
    Regards.

  • Is it possible to make the ISE guest server redundant ?

    Hi,
    We've an ISE cluster of two ISE nodes.
    The ISE guest server works fine on the primairy ISE node.
    MAC address of the guest client is set in the map 'GuestDevices' after accepting the AUP policy.
    The the ISE sents the COA and the client authenticates again and is punt in the guest vlan.
    But when the primairy ISE is offline, I see the guest portal AUP page on the secondairy ISE node.
    I can accept the AUP policy, and I get an error message.
    On the secondairy ISE I see that the COA to the switch is sent, to clear the session to the primairy ISE....
    But the COA request should ask to clear the session to the secondairy ISE ( the primairy ISE is offline ).
    Should it be possible to configure the ISE guest functionality redundant in an ISE cluster?
    /SB

    The Guest portal can run on a node that assumes the Policy Services persona when the primary node with Administration persona is offline. However, it has the following restrictions:
    •Self registration is not allowed
    •Device Registration is not allowed
    •The AUP is shown at every login even if first login is selected
    •Change Password is not allowed and accounts are given access with the old password.
    •Maximum Failed Login is not be enforced
    http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_guest_pol.html#wp1126706

  • Configure the embedded Tomcat Server

    Hello,
    is there a documentation which tells me how to configure the embedded Tomcat Server in the Oracle Content Server? I can't get it work.
    When I try to start an web application from "JSP Server Web App Admin" I get the following error message:
    Content Server Request Failed
    csJspServerErrorAddWebAppService Failed to add context /idc/groups/jsp/documents/adacct/hello. Unable to execute service method 'addContext'.
    [ Details ]
    intradoc.common.ServiceException: !csJspServerErrorAddContext,/idc/groups/jsp/documents/adacct/hello!csUnableToExecMethod,addContext at intradoc.server.jsp.JspServiceHandler.addContext(JspServiceHandler.java:152) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at intradoc.common.IdcMethodHolder.invokeMethod(ClassHelperUtils.java:461) at intradoc.common.ClassHelperUtils.executeMethodReportStatus(ClassHelperUtils.java:142) at intradoc.server.ServiceHandler.executeAction(ServiceHandler.java:75) at intradoc.server.Service.doCodeEx(Service.java:488) at intradoc.server.Service.doCode(Service.java:470) at intradoc.server.ServiceRequestImplementor.doAction(ServiceRequestImplementor.java:1350) at intradoc.server.Service.doAction(Service.java:450) at intradoc.server.ServiceRequestImplementor.doActions(ServiceRequestImplementor.java:1191) at intradoc.server.Service.doActions(Service.java:445) at intradoc.server.ServiceRequestImplementor.executeActions(ServiceRequestImplementor.java:1111) at intradoc.server.Service.executeActions(Service.java:431) at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:632) at intradoc.server.Service.doRequest(Service.java:1709) at intradoc.server.ServiceManager.processCommand(ServiceManager.java:357) at intradoc.server.IdcServerThread.run(IdcServerThread.java:195) Caused by: intradoc.common.ServiceException: !csJspServerErrorAddContext,/idc/groups/jsp/documents/adacct/hello!csUnableToExecMethod,addContext at intradoc.server.jsp.JspProvider.addContext(JspProvider.java:391) at intradoc.server.jsp.JspServiceHandler.addContext(JspServiceHandler.java:116) ... 19 more
    And it is also not possible to use jsp layout pages in Site created in Site Studio. When I try to load pages using a jsp layout page the browser displays a blank page.

    Hi,
    Even i am also facing the same issue after following all those steps.
    Please find the error which i m getting.
    csJspServerErrorAddWebAppService The target file cannot be accessed. Unable to rename the file 'F:\stellent\indxpdod2\weblayout\groups\chanpart\@cccd\documents\manufacturing\enhstellsrchint' to 'F:\stellent\indxpdod2\weblayout\groups\chanpart\@cccd\documents\manufacturing\enhstellsrchint~jsp'.

  • Is it possible to configure size disk for a Cloud Service?

    Is it possible to configure size disk for a Cloud Service?
    What happens is, I have deployed a Solr Server on a Cloud Service, and the application folder is on E: Drive, but it is only 1.5 GB. I want to increase it, because index content created easily exceeds this limit.
    Thank you.

    hi Luis,
    Base on my experience, E drive is the app disk. The apps (application) disk is where your .cspkg is extracted and includes your website, binaries, role host process, startup tasks, web.config, and so on. It is only 1.5G (http://msdn.microsoft.com/en-us/library/windowsazure/dn197896.aspx
    ). So I think you didn't worry about its space.
    Regards,
    Will 
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • Possible to send the 50,000 records at a time using proxy?

    Hi All,
    I am using the proxy to send the data form SAP to PI and then send it to Receciver by using JMS. Here i have a small issue.... is it possible to send the 50,000 records at a time using proxy? If not please suggest me how can i send bulk of records through proxy?
    Thanks
    Karthik.

    is it possible to send the 50,000 records at a time using proxy? If not please suggest me how
    can i send bulk of records through proxy?
    you can try this in steps...do not go for a BigBang testing :)....check how much your XI system can handle at a time...then you may need to tune the system parameters to accomodate more message size.....how to do this??...check the below document..section 3.9.2 (Special Cases)
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/2016a0b1-1780-2b10-97bd-be3ac62214c7
    Regards,
    Abhishek.

  • Can't get mobile device to auto configure the active sync server

    Hello
    I am trying to get my costumer mobile devices to auto configure the active sync server name so they don't have to type it in. I believe I have everything in place Certificates are fine. I populated the external url on the active sync
    object in Exchange.
    DNS is set up correct. I ran the Exchange Connectivity Analyzer and it runs perfectly. The only test step if fails on is the first attempt to contact the autodiscover service using just the domain name and that is because we have a
    record in DNS so our domain name points to our public web server but all the other tests run fine. At the end, it even displays the xml file contents and shows me the external url of the active sync object.
    I get a successful run but it first shows SSL certifiate of our public Web site and then hangs on the server config and then prompts me to enter in the server name and domain. My external url in Exchange looks like this:
    https://remote.domain.com/Microsoft-Server-ActiveSync
    Any Help??
    Eddie

    Thank you for replaying but there is already internal A record that points to Exchange server. Firewall, DNS external and internal are setup like this:
    Firewall:
    Port 443 and 25 points to Internal IP of our Exchange 2013 (only mail server in company).
    Port 80 not open.
    External DNS records:
    autodiscover.mydomain.com à points to our WAN IP
    remote.mydomain.com à points to our WAN IP
    mydomain.com à points to external online webhosting
    Internal DNS records:
    autodiscover.mydomain.com à points to ours Exchange 2013 internal IP
    Remote.mydomain.com à points to ours Exchange 2013 internal IP
    mydomain.com à points to external online webhosting
    Test form "ExchangeConnectivityTest.com" is Successful but with warnings.
    Warnings are about https://mydomain.com/AutoDiscover/AutoDiscover.XML
    because
    https://mydomain.com is
    pointing to website, which is hosted externally.
    Eddie

  • I want to copy songs from my old ipad to a new one. laptop used in configuring the old ipad crashed and cant be used again.

    i want to copy songs from my old ipad to a new one. laptop used in configuring the old ipad crashed and cant be used again

    You may be able to re download iTunes purchases for free directly on the new iPad.
    Downloading past purchases from the App Store, iBookstore, and iTunes Store
    Note: Previously purchased music is only available through iTunes in the Cloud in Australia, Canada, Cypress, France, Ireland, Luxembourg, Malta, Mexico, New Zealand, Spain, the United Kingdom, and the United States. Previously purchased TV shows are only available through iTunes in the Cloud in the United States.

  • Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

    Hi All,
    I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
    2811 having C2800NM-ADVIPSERVICESK9-M
    2811 router connects to the Internet SW then connects to the Internet router.
    Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
    Below is router config for VPN & NAT
    crypto keyring ISR_Keyring
      pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp keepalive 10
    crypto isakmp profile isa-profile
       keyring ISR_Keyring
       self-identity user-fqdn [email protected]
       match identity user vpn-proxy.websense.net
    crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
    crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
    set peer vpn.websense.net dynamic
    set transform-set ESP-NULL-SHA
    set isakmp-profile isa-profile
    match address 101
    interface FastEthernet0/1
    description connected to Internet
    ip address 216.222.208.101 255.255.255.128
    ip access-group HVAC_Public in
    ip nat outside
    ip virtual-reassembly
    duplex full
    speed 100
    no cdp enable
    crypto map GUEST_WEB_FILTER
    access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
    access-list 103 permit ip 192.168.8.0 0.0.3.255 any
    ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
    ip nat inside source list 103 interface FastEthernet0/1 overload
    ip nat inside source route-map nonat pool mypool overload

    How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
    Check
    show crypto isakmp sa
    show crypto ipsec sa
    show crypto session
    You'd better remove the preshared key from your post.

  • Is this possible in TIDAL , Change the Lotus Domino Server (LotusDominoData) service Startup Type from 'Automatic' to 'Manual

    1) Shutdown the Domino server (Lotus Domino Server (LotusDominoData) service)
    2) Change the Lotus Domino Server (LotusDominoData) service Startup Type from 'Automatic' to 'Manual'
    3) Reboot the server
    4) Defragment the drive (D:\ or F:\)
    5) Change the Lotus Domino Server (LotusDominoData) service Startup type from 'Manual' to 'Automatic'
    6) Reboot the server
    Any help would be appreciated.

    Binu - are you wanting to automate this process with TES?
    There is a windows cmd command "net stop" and "net start" you can use to stop and start a service.
    You will need to work with your windows admin or look online for a command line way to change the service to manual and to start the defrag.
    There is a shutdown command that can be run from cmd. It has a switch to force the reboot.
    You might also check out scripting with WMI.
    Hope this helps,
    Michelle

  • TF255186: The following SQL Server Reporting Services Instance could not be found

    Hi,
    I'm trying to install TFS 2013 on a remote SQL RS instance. 
    Using the TFS 2103 U4 installation
    SQL 2012 RS, name instance, Server: SQLProdA, Instance Name COMRS
    When I enabled tracing using debugView I see the following output:
    [4160] [Error  @11:07:10.978] Exception Message: TF255186: The following SQL Server Reporting Services Instance could not be found: COMRS. The server name is: SQLProdA. (type TfsAdminException)  
    Any ideas what the issue is?
    Thanks,
    reuvy

    Hi Charles,
    Thanks for the help. I already saw those links, and am already trying with the format. As I wrote above:
    Server: SQLProdA, Instance Name COMRS
    So I wrote in the box "SQLProdA\COMRS" (without quotes of course) and I still keep getting that error.
    I don't know if it matters, but although this is indeed a named instance, nonetheless, the path to the report server uses the default url (ie.
    http://servername/reports) as opposed to the name instance version (ie.
    http://servername_instance/reports) as mentioned by your link and this post:
    https://msdn.microsoft.com/en-us/library/bb552341.aspx
    But, I checked with Fiddler on the server and didn't see it trying to even access the link so I don't think it is related. I saw with Process Monitor that it is indeed trying to access via the network resources on SQLProdA, so I know it's trying.
    I have noticed something in the past, and wondered if this could be the issue, that for example if I have Management Studio 2014 installed, I cannot connect to a Reporting Services instance which is 2012. Only when Management Studio 2012 is installed
    and being used can I connect. I wondered if this possibly could be related, that maybe the API or something else which the installer is using is missing some component to connect to the RS instance.
    Just in case, I already installed both the SQL 2012 and 2014 Client Tools Connectivity (although I first installed 2014, and then 2012).
    Do you think this could be the issue? If not, do you possibly have any other leads?
    Thanks,
    Reuvy

  • Is it possible to configure the size of MVCC freezer files?

    Sometimes we run a large update transaction and 1000's of freezer files are created. I realize increasing the cache size will reduce the need for the freezer files, but I'm just wondering if it is possible configure the freezer files to be larger than the apparent 8KB (is that what the .8K suffix stands for?) file size... to reduce the number of freezer files that are created?

    Matt (right?),
    The freezer files represent pages. The default page size in BDB XML is 8k for node storage containers, and 16k for wholedoc containers. Being able to put multiple pages in a single file when this happens seems (to me) to be a good idea for file systems that don't handle lots of files in a single directory very well. I don't know if that will ever be implemented, but it's a good thought. I think the assumption for the implementation is that this is a rare event rather than the norm.
    Regards,
    George

  • Is it possible to configure the switch port to mode trunk if I m going to put a Pc on that port?

    If the answer is yes then what are the adventages and the disadventages of doing this. I've proof this with real switches and configuring the ports as trunk with a pc and the pc can ping other pc that are on the same Vlan or configure as trunk. I would like to know why does that happend?

    Hi,
    It may work, you can configure an interface connecting to host as a trunk link but only if you want that host to receive data from multiple vlans since trunks allowed all vlans per default.
    Usually, on a switch you configure vlans to logically devide the users and to avoid flooding all the users with all the information from multiple vlans which they do not need and which causes unnecessary burden on the ports carrying traffic.
    Hope this helps.

  • How do I tell my clients to configure the connectionstrings for a cloud service?

    I have an application that exists in two forms
    A Windows Service
    A Clouse Service with a Web Worker Role
    Both applications have an encrypted connection string in the app.config;
    for clients using the Windows Service I know how to tell them to change the config file.
    For a cloud service is it possible to edit the configuration file?
    I read something about Azure Settings, but I can't find any good information about that, is that the preferred method for setting environment settings in a Cloud Service?
    Can you remote in to a VM or whatever hosts the Cloud Service?
    Thank you for any help. I am writing the documentation about how to setup the Azure environment and I realized I don't know myself, I only know how to publish with Visual Studio to a cloud service with the values already set. That works, but I can't
    tell a client to use Visual Studio.

    Hi,
    For a cloud service, though it is possible to access instance VMs and do changes on their file system by RDP sessions, but it is not recommended, as you will end up loosing your changes if role instance VMs are restarted.
    If you really want to keep certain settings configurable and which will be shared by all your role instances, best way to do is to utilise the cloud service configurations, typically you mention these settings in .cscfg file and you can also edit those using
    azure management portal.
    You can also access those from your code 
    string settingValue = CloudConfigurationManager.GetSetting("SettingString");
    Read more about it here - http://msdn.microsoft.com/en-us/library/azure/ee405486.aspx
    http://haishibai.blogspot.in/2012/09/windows-azure-cloud-service.html
    Bhushan | Blog |
    LinkedIn | Twitter

  • HT4814 Is it possible to manage the mac mini server with server app before set up?

    The article says using the server app I need to enter the IP address, then the Administrator name and password, but obviously on the first boot these are not configured yet. The article does not mention if this is possible or the server.app can only manage the server after its initial configuration using a monitor connected.

    From dim memory...  Load Server.app on the client box or use Server.app on some other handy server, and either configure DHCP with the server's MAC address (usually listed on the shipping box) and your intended static IP address and then boot the new target server box, or just boot the new target server box and use Bonjour Browser or the command-line dns-sd tool to find the IP address that the new server box has acquired from DHCP, and then in either case, connect to the new target server via Connect To Server in Server.app via its IP address, specify the root user and use the system serial number (again, usually listed on the shipping box) as the password.

Maybe you are looking for