Leopard server VPN performance
What kind of a performance do you get with Leopard VPN server?
Over the Internet or locally (between subnets)?
When VPN maximum perfomance/throughput for a device is stated by a hardware VPN router/firewall manufacturer, it must be by measuring the throughput through the device "locally", for example from WAN to LAN, when no other traffic is passing through the device. How well it performs encrypting/decrypting (the hardest part) and then moving the packets between interfaces must mostly be a device CPU dependant figure.
But if you mean connecting through the Internet from a DSL connection I would expect no real difference between the Juniper and OS X server VPN. It would most likely not be the server that is the restricting factor.
But of course depending on what hardware a VPN router it is running on and if or not taxed heavily by running other services simultaneously, what other traffic is passing to and from Internet at/between both sides (if the "road" is congested), available bandwidth on the client and/or server Internet connection and other things (firewall under attack), performance varies over time.
Similar Messages
-
Snow Leopard Server VPN and other Servers
I am thinking of deploying Snow Leopard Server at work using the Mac MiniServer option. We have a few Macs that we would like to manage their settings with. We also have Active Directory. I plan to use Open Directory with the Mac then use kerbos for logins.
My question is if I use the Snow Leopard Server VPN with the Macs, will the users be able to access other resources on the LAN like Active Directory Shares, Exchange, and internal Intranets? Or only the Snow Leopard Server?
Thanks,
WillGonzIt sounds like you will have 2 different kerberos realms, one in OD and one in AD.
If you want them to use the same realm (the AD one) you need to look at a "golden triangle" setup.
If you want to authenticate the VPN connection using Kerberos I suspect you need to be able to reach the KDC server from Internet before the VPN is up. That would mean it needs to have a public IP and same name as on the LAN(?).
As an alternative a Radius connection for the VPN authentication from the Mac to an AD/Radius server might be possible. -
Can you help me solve my Leopard Server VPN madness?
Hello all,
I've been having a devil of a time getting Leopard Server's VPN service to work "properly". None of this is mission critical, as it's simply on a home system I'm using as a nat/dns/dhcp/firewall/mail/web server for my Comcast line (with a static IP). But, it is frustrating, because I currently have a 10.4.11 Server fulfilling the same roll. So it seems like Leopard should be able to be made to work. I'm gonna go step by step here with my install process in the hopes that if I'm doing something wrong someone will be kind enough to catch it. Thanks for bearing with me.
I've installed Leopard Server 10.5 (Mirror door G4, FYI) with the built-in ethernet connected to my Comcast router (with a static external IP). Immediately after 10.5 installs I restart and update everything to 10.5.2, then I install a Sonnet Gigabit NIC, it's drivers, and assign it 192.168.3.1, where it will live as my internal router, server, etc. I turn on DNS and setup an internal ".lan" zone that resolves to 192.168.3.1. Pop into Terminal and confirm that rDNS is in fact working, it is. And check that "changeip -checkhostname" resolves itself correctly (to the external IP).
Next, turn on the NAT service and run the gateway setup assistant. After a reboot I quickly check that my internal clients with static IPs (192.168.3.10, .20, etc) are working and pulling DNS OK, they are. Jump into the Firewall, and for the moment just open it wide up by accepting all connections. At various times during testing I've configured the firewall to exactly match my 10.4 Server firewall, but for the time being I can just leave it open. I create a Firewall group to cover my 192.168.3.x internal network, and another to handle 192.168.3.60/29 to handle the VPN service I'll setup in a sec. Jump over to the DHCP service where by default gateway setup creates a 192.168.1.x DHCP zone. I delete that and create a new 192.168.3.x zone covering .50-.59. Turn DHCP on and confirm it's working, good, it is.
Now, here is where the VPN fun begins. The last service I turn on is the VPN service (I've alternatively tried letting Gateway Setup activate it, and just doing it myself, with this same result). I configure it to accept L2TP at 192.168.3.60 - .63. Like I said this is a home server, so I don't need a lot of VPN connections. Finally, when I test the VPN from a 10.5.2 Client (MacBook coming in off a neighbors open wireless network with a 10.0.0.x string) I am able to connect, and I can see/ping/mount/share screen on the server. I can also ping the attached VPN client at 192.168.3.60 from the server. However, I cannot ping or see (In ARD) any other machines on the internal network from the attached VPN client. Likewise from one of the internal systems, say my Mac mini at 192.168.3.10 I cannot ping the attached VPN client at 192.168.3.60. Out of curiosity I've tried doing a rDNS lookup while attached to the VPN and the client isn't able to resolve any of the internal DNS entries.
So, what gives? As I've mentioned I have exactly this same setup working just fine with Tiger Server. Same NAT, same Firewall, same DNS, and same L2TP VPN setup. For the life of me though, I cannot get attached VPN clients to see the internal network when I put Leopard Server in place. Clearly the internal DNS isn't working for attached VPN clients, although I'm not certain if that is a cause or a symptom. I've setup a network routing definition for the internal private network, which didn't help. I also tried setting up PPTP instead of L2TP, and had the same problem.
Is anyone having similar problems with Leopard Server's VPN service? If not, could someone hit me with the clue stick and set me right? As I said, in the grand scheme of things this isn't a big deal for me. But, it's just frustrating that I can get so close to updating my home server and just fall short.
Thanks!Your post actually contains the Key to solve the problem and there is not really a big need for going all the way to use the Property List Editor to fork around /etc/ipfilter/ipaddressgroups.plist.
There has been much written on this problem but basically you see that most is trial and error and this does include myself and my findings in this post, too, but I think I can further narrow down on what CAUSES this problem and how to fix it.
First off, we are talking a combination of using NAT (Network Address Translation - bridging an Internet connection on an external network card over to an internal network card), Firewall (which is needed in OS X to be have NAT working because the Firewall "helps" NAT by doing its job, DHCP (for providing dynamic IP addresses to clients on the internal network, don't confuse, DHCP is not providing this service to the VPN clients, that is done by the VPN server), and - last but not least - VPN to provide access to not only to the server but to any machine on the internal network over the outside network card (aka, giving remote clients a chance to connect to the local network over the public Internet in a save and nice way).
OK. The short story: you can do it ALL in Mac OS X 10.5's Server Admin tool. If it fails it is nearly always the Firewall!
You can check if this is the case for your setup by temporarily opening the Firewall up to not block any traffic: in Server Admin, click on Firewall -> Settings -> Services -> Edit Service for: any and click "Allow all trafic from "any"", save it (and to be 100% sure, stop and restart the firewall. If your clients can NOW connect at least to the server, it was the firewall. Now don't forget to switch off allowing all traffic from any, or you will be left with an open doors server ready for anybody to explore
Now what goes wrong in the first place? It appears that the GSA (Gateway Setup Assistant) that is "hidden away" in the NAT settings does something awfully wrong. It will set up all the address groups in the firewall: the any group will remain as it is usually, another one defining the internal network, and a one called VPN-net for VPN.
What it DOES do wrong here (I am no firewall expert, this is purely trial and error, so please anybody do explain!) is to give the VPN-net exactly the same address range as the internal network. And here seems to be the overall problem.
When Twintails wrote to add 192.168.3.60/27 as address range for VPN, I realized what he/she did. Writing 192.168.3.60/27 effectively narrows down the address range starting at 192.168.3.33 up to 192.168.3.62. There are millions of subnetmask calculators out on the net, give it a try e.g. here: http://www.subnet-calculator.com/
So, I looked for what range of address will actually be given out by the VPN server to VPN clients upon connections. Of course you need to make sure that this address range is NOT given out by your DHCP server.
In my setup, the server is 192.168.1.1, the DHCP server provides addresses from 192.168.1.10 up to 192.168.1.127 (I start with 10 because I have some static addresses for special purposes from 192.168.1.2 to 192.168.1.9. So, this means, anything above 192.168.1.127 is potentially "free" for my VPN connections.
Next I used the subnetmask calculator to find a narrow address group that matched my purposes. I found 192.168.1.192/26 which effectively gives me a range from 192.168.1.192 to 192.168.1.255 (which is in fact more then I have clients connecting from externally!).
I went to the Server Admin Tool, and clicked Firewall -> Settings -> Address Group and edited the VPN-net one. First I deleted what was in "Addresses in group" and entered from scratch 192.168.1.192/26. Next - just to make certain because basically this is what Twintails had in his/her post by saying to add a name String with exactly the same information - I overwrote VPN-net by 192.168.1.192/26 and saved. (I THINK that this last step might not really be needed, but I haven't tried).
Next click Save (basically it should already work, but I always want to be extra sure, so I stoped and immediately thereafter started the firewall again to be 100% certain all new rules are now active.
And now: it works! Clients can access the server AND the entire local network from remote using VPN.
One last comment: I have the feeling that (although less safe and less advanced technologicall) PPTP works much better for us then L2TP. So I have switched off L2TP support altogether because it simply NEVER really worked. We are using Mac OS X 10.4 and 10.5 to connect to the 10.5 server using this setup. -
Snow Leopard Server AFP Performance
We have a number of xserves in our school district running 10.5 Leopard Server for Network Home Directories. Performance in the past has often been a major issue. CPU spikes on the servers often slowed things down dramatically.
Recently we upgraded 2 of our servers that had been running poorly to Snow Leopard Server.
What a difference.
CPU average is now BELOW 20%... and I have only seen a handful of spikes... but none of them over say 60% Total CPU utilization.
Anyone else see this dramatic of a difference? Since this played out in 2 of our buildings the same way... we are thinking that something on Snow Leopard Server is dramatically better.
I have since actually loaded even more of our users from 10.5 Servers to a Snow Leopard server and still have not seen a performance issue. Are we crazy lucky.. or are others seeing this as well?Hi
Everywhere I have installed 10.5 server, they performed bad. Actually the CPU was working overtime.
This has happend on 2 intel Xservers and an old Dual G4 1.25Ghz server. The G4 performed much much better with 10.4 server.
So if you have an old powerPC server, use 10.4 server instead of 10.5 -
Netgear DG834N and Leopard Server VPN
Has anyone had the Netgear DG834N up and running with Leopard Server's VPN service?
I've had it recommended to me by someone who has been using for VPN and Tiger Server.Well, I have now. Works just fine.
-
Leopard Server VPN L2TP Not receiving connections, PPTP works fine??
All,
Setting up a new OSX Snow Leopard server. The server is NOT running the firewall service. I created an L2TP VPN, with PPTP. PPTP works fine... however I am unable to connect to the L2TP.
I receive the error: The L2TP-VPN server did not respond. Try reconnecting, if the problem continues, verify your settings.
The server is behind an apple airport N router. I've tried connecting from both inside and outside (outside I mapped ports UDP 1701, 4500, and 500) with no luck. I even tried creating a VPN connection from the actual server to itself, and get the same error.
The logs show nothing - The extension is loaded, listening for connections, and nothing at all after that even after a connection try is made. PPTP works fine, and lots of logs there.
Appreciate any help!!I too since yesterday am having the same issue. It's as if the L2TP tunnel is not making it thru the Airport N DualWireless to the MacMini server. It was running just fine up until yesterday when I installed Security Update 2010-001 v1.0. I can use PPTP outside my network all day long and I can even use L2TP from inside my network just fine so I know the server is responding to local requests. I have tried from cell modem, client T1, client cable internet with no joy. I have rebooted AEBS & Server with no results. When trying L2TP from outside LAN and watching log in realtime it does not even show it's trying. I had this issue once before when I had mobileme "back to my mac" turned on and it was causing an issue but it's off and hasn't been on in some time. I suspect the update. Did you install that update?
-
DrayTek Vigor 120 and Leopard Server VPN
Does anyone successfully use the DrayTek Vigor 120 (UK) with Leopard Server's VPN? Can't find any explicit support of VPN pass-through.
Hello, I got this VPN working with a 2820 draytek.. Where the draytek is allowing pass though to a mac os server. FYI, sometimes the first connect fails (timeout) but the second connect always works and the first usually does but...
Here are some screen shots for you to download as it is easier to see what to allow for firewall configuration than describing it... This link has a series of screenshots that make it very clear..
http://www.getdropbox.com/gallery/617466/1/Apple%20Discussion%20Links?h=208a6f
or
http://tinyurl.com/mhph27
Message was edited by: ColoradoMan -
Remote Desktop and Leopard Server VPN
We have remote users logging into our server via VPN PPTP, they login fine and get the relevent address's but once there we can't see or connect to the using ARD 3.2.2. We can control the Server over the internet but not over VPN any ideas greatly appreciated.
We have now got the situation that we can control the server over the VPN using screen sharing from another Leopard Mac but still can't control in the other direction.
-
Snow Leopard Server VPN and Android Client
Hi
I have a VPN which works absolutely fine with various (Apple) products. However, I have never managerd to get an Android device to connect to the VPN. Would anyone have any clue as to how to work around this?
FWIW, the VPN is set up to use L2TP over IPSec with a shared secret. The gateway firewall is set up to allow pass through for VPN protocols and the appropriate ports have been mapped to the server. The system works fine for Macbooks of various flavours, iPod, iPad and I believe it's been tested with a Windows box (may have turned on PPTP for that. Can't remember). All this points to a flaw in the Android VPN client - which seems to be something of a known issue but beyond my understanding.
With the above in mind, anyone got a sensible work around (other than the daft suggestion that someone will inevitably make wrt buying an iPhone)?
TIA
SimonFat Freddie, we're thrilled you got it working on your Nexus 7, would you care to share HOW you got it up and working? What were the server settings. I'm trying to get it setup on a Nexus 4 running 4.2.1, and it is getting the same LCP timeout in the logs that the poster "l4r5" was reporting.
Did you get this and solve it?
Here are my config settings:
vpn:vpnHost = ""
vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "home"
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.1.1"
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:1 = "<redacted>"
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:2 = "192.168.1.11"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.pptp:enabled = yes
vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.1.240"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.1.254"
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "home"
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.1.1"
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:1 = "<redacted>"
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:2 = "192.168.1.11"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.l2tp:enabled = yes
vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = "<>"
vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.1.224"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.1.239"
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"
Can you see any discrepancy?
Thanks in advance. -
Snow Leopard Server combined with Snow Leopard OS
I have a MacPro (4x1 TB Drives, 16GB, RAID Card, 2 x Quad-Core Intel Xeon 2.8 GHz) that has MacOS 10.5 installed (including MS Windows running under VMWare Fusion).
The RAID setup is shown at https://www.radii.org/doc
The computer is used as an everyday workhorse (running OS 10.5.7 on Volume RS1, with Volume R1V2 partitioned into 2 data and file/document stores).
Given the specs of the machine, I plan to setup Snow Leopard Server (Raid 0) also — on a separate partition so that when the system on RS1 freezes, the server does not have to be crashed also.
Is there any advantage in partitioning the volume OSXSERVER to install Snow Leopard Server to perform a number of tasks:
1. provide first level backup and coordinate backup of data to an external/offsite filestore in the clouds for two Microsoft Small Business servers, plus about 5 Mac and Windows desktop machines
2. Provide a mail server
3. iCal server
4. address book server.
The above assumes that I can run both OSs simultaneously — is that possible, or does the system for everyday usage need to be virtualised within the Server OS?? If not, which OS will manage access to the processors?I guess my biggest concern is the frequency with which Mac OSX gets itself tied in knots and a reboot is the only way out of the mess.
I haven't seen that myself, personally. About the only time any of my machines get rebooted is after software update.
Of course, server systems tend to be more focussed than client systems, so that might help too - the server is typically setup, configured and left to do its thing. It's not like you're constantly launching and quitting different applications throughout the day.
However, I know from years of experience with desktop systems in a variety of flavours that they will need to be rebooted at least once a week.
Ahh, there's the Windows-thinking coming through.
I have Mac OS X Server systems that, quite literally, have not been rebooted in years. Most of them have months of uptime. Of course, this means that not all my systems are running the latest OS updates but that's a call I've made.
in general, the smaller the capacity (memory, speed, HD) the more often they need to be rebooted.
Sure, but that's a matter of right-sizing your server for the load you're putting on it.
Again, there's a difference between client and server installations - client systems tend to jump between active processes with minimal background processing, whereas server systems tend to run more focussed tasks.
I have found that software such as MS Office has been highly unreliable in the last couple of years — I still get Excel saying that it 'had to close' sometime in about 10% of the times I am using it.
Right, but you're not running Office on your server, right?
I was hoping there would be a better solution than having to reboot the server — or crash it when the system freezes with a kernal panic brought on by a desktop app
Sure - don't run a desktop app on your server
If you do see that need, then run another virtual machine for your desktop apps. That means you've got one 'master' OS running multiple virtual machines - one per server process, plus another one for desktop/GUI apps.
Or, run all your server processes on a single server with sufficient resource (CPU, disk, memory, etc.) for the tasks you're running, and get an iMac or a Mini for those desktop tasks. Be cheaper that way, anyway. -
VPN Server in Snow Leopard Server not accepting connections
I've got some issues with a new Snow Leopard Server, running on a Mac mini Server, and VPN.
I have a Linksys WRT310N performing router duties. I have enabled the VPN Passthrough in the router's configuration pages (IPSec, PPTP and L2TP all Enabled). In the Applications and Gaming section, I have enabled ports 1723 (TCP and UDP) and 1701 (TCP and UDP) to go through to the mini Server. In order to have the VPN Passthrough enabled, I have to have the SPI Firewall enabled on the router.
I have both PPTP and L2TP enabled on the Server. When I first tested it, everything worked.
Within 24 hours, it stopped working, and I can't work out why.
On the Server, I can see in the logs the following messages: (server name and IPs changed to protect the guilty)
---BEGIN vpnd.log---
2009-11-03 20:03:32 EST Incoming call... Address given to client = 192.168.0.213
Tue Nov 3 20:03:32 2009 : Directory Services Authentication plugin initialized
Tue Nov 3 20:03:32 2009 : Directory Services Authorization plugin initialized
Tue Nov 3 20:03:32 2009 : PPTP incoming call in progress from '123.456.789.123'...
Tue Nov 3 20:03:33 2009 : PPTP connection established.
Tue Nov 3 20:03:33 2009 : using link 0
Tue Nov 3 20:03:33 2009 : Using interface ppp0
Tue Nov 3 20:03:33 2009 : Connect: ppp0 <--> socket[34:17]
Tue Nov 3 20:03:33 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:33 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:33 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:33 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:36 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:36 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:36 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:36 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:39 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:39 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:39 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:39 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:42 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:42 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:42 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:42 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:45 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:45 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:45 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:45 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:48 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:48 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:48 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:48 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:51 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:51 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:51 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:51 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:54 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:54 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:54 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:54 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:57 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:03:57 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:03:57 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:03:57 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:04:00 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
Tue Nov 3 20:04:00 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:04:00 2009 : lcp_reqci: returning CONFACK.
Tue Nov 3 20:04:00 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
Tue Nov 3 20:04:03 2009 : LCP: timeout sending Config-Requests
Tue Nov 3 20:04:03 2009 : Connection terminated.
Tue Nov 3 20:04:03 2009 : PPTP disconnecting...
Tue Nov 3 20:04:03 2009 : PPTP disconnected
2009-11-03 20:04:03 EST --> Client with address = 192.168.0.213 has hungup
---END vpnd.log---
On the client I'm seeing this in the logs
--- BEGIN ---
3/11/09 8:03:32 PM pppd[12074] pppd 2.4.2 (Apple version 314.0.2) started by root, uid 502
3/11/09 8:03:32 PM pppd[12074] PPTP connecting to server 'server.example.com' (10.0.1.1)...
3/11/09 8:03:33 PM pppd[12074] PPTP connection established.
3/11/09 8:03:33 PM pppd[12074] Connect: ppp0 <--> socket[34:17]
3/11/09 8:04:03 PM pppd[12074] LCP: timeout sending Config-Requests
3/11/09 8:04:03 PM pppd[12074] Connection terminated.
3/11/09 8:04:03 PM pppd[12074] PPTP disconnecting...
3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
--- END ---
Any ideas?Well, this didn't last long. The VPN is already down. Cannot connect to it again.Very Frustrating.
I know the actual server is receiving the requests (Server Log):
Jan 7 10:26:33 SnowServer racoon[118]: Connecting.
Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Jan 7 10:26:36 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
Jan 7 10:26:55: --- last message repeated 6 times ---
Jan 7 10:26:55 SnowServer servermgrd[67]: servermgr_jabber[W]: detailed service status not available until network configuration completed
Jan 7 10:26:57 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
Jan 7 10:27:03: --- last message repeated 1 time ---
Jan 7 10:27:03 SnowServer racoon[118]: IKEv1 Phase1: maximum retransmits. (Phase1 Maximum Retransmits).
Jan 7 10:27:03 SnowServer racoon[118]: Disconnecting. (Connection tried to negotiate for, 30.655020 seconds).
Jan 7 10:27:03 SnowServer racoon[118]: IKE Phase1 Failure-Rate Statistic. (Failure-Rate = 100.000).
Jan 7 10:27:57 SnowServer racoon[118]: Connecting.
Jan 7 10:27:57 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 1).
Jan 7 10:27:57 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
Jan 7 10:27:58 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 3).
Jan 7 10:27:58 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
Jan 7 10:28:01 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
Jan 7 10:28:28: --- last message repeated 8 times ---
Jan 7 10:28:28 SnowServer racoon[118]: IKEv1 Phase1: maximum retransmits. (Phase1 Maximum Retransmits).
Jan 7 10:28:28 SnowServer racoon[118]: Disconnecting. (Connection tried to negotiate for, 30.993122 seconds).
Jan 7 10:28:28 SnowServer racoon[118]: IKE Phase1 Failure-Rate Statistic. (Failure-Rate = 100.000).
But the VPN Server never gets the connection request (VPN Log):
2010-01-07 10:12:13 EST Loading plugin /System/Library/Extensions/L2TP.ppp
2010-01-07 10:12:13 EST Listening for connections...
2010-01-07 10:12:13 EST Listening for connections...
I have a call with Apple Support this afternoon. Hopefully it will be fruitful. If I get anywhere, I will post it. If anyone has any bright ideas, they would be greatly appreciated.
Message was edited by: AeroJet -
Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server
Summary:
After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
Configuration:
Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
-> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
en0: fixed public IP address -> controller.example.com
en1: 192.168.1.254 -> controller.cluster
-> 18 agents with AFP and Xgrid agent activated:
en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
_*Detailed problem description:*_
After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
Configure IPv4: Using PPP
IPv4 address: 192.168.1.201
Subnet Mask:
Router: 192.168.1.254
DNS: 192.168.1.254
Search domain: cluster
From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
Configure IPv4: Using PPP
IPv4 address: 192.168.1.202
Subnet Mask:
Router: (Public IP address of my VPN server)
DNS: 192.168.1.254
Search domain: cluster
From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
Any help is welcome!!!I would suggest taking a look at:
server admin:vpn:settings:client information:network route definitions.
as I understand your setup it should be something like
192.168.1.0 255.255.255.0 private.
at least as a start. I just got done troubleshooting a similar issue but via two subnets:
http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0 -
Windows 7 (Client) map a network drive VPN Snow Leopard Server
Hi,
I have a Mac Mini Snow Leopard Server and are using a VPN service.
My services on the mac os x sls server are: AFP, DNS, Firewall, Open Directory, SMB and VPN.
I can connect the VPN from Mac clients and Windows 7 clients, but I can only map a network drive/share point on Mac´s.
On Windows 7 I get an error: path or name not found ( I am sure using the correct path, same from Mac client that works).
When I am using my internal network LAN I can map a network drive using Windows 7 and Mac but outside over a VPN not (only Mac works).
The only service, at this moment, that I need is File Sharing outside my network LAN using a VPN.
How can I map a network drive from a Windows 7 client using a VPN, is there any Firewall rules / SMB rules / File Sharing rules that I missed on the server side?
Thank You.I really don't know what are going wrong with my settings. As you said/write it must be an easy setup.
I'm using a Time Capsule and used the Server app to add VPN to the port forwarding also.
When I am connected thru the VPN I tried to ping the Server IP and got no answer from it, from W7 client!?
My Mac's are just working fine with AFP and SMB share points thru the VPN.
I think I have missed some settings from the SMB or Firewall services for VPN with W7 client's or it is a Windows issue..... -
Need help sorting a 'self-populating' plist file (vpn on mac leopard server - 10.6.8)
i recently configured my mac snow leopard server using terminal and had it successfully working.
i could vpn internally and externally to my server at its location.
i one day started getting the message
"The connection has failed. Please verify your settings and try again"
i did as the message said and everything remained the same;
- server IP
- shared secret
- username and password
- public IP address
- com.apple.ppp.l2tp.plist stil, configured correctly
on a mission i thought id configure it the normal way by entering the data into the server admin panel and tried flicking the VPN service on and it wouldnt work, i was also getting an error saying it could not launch the com.apple.ppp.l2tp plist.
upon investigation i found out that i had installed (but not running) iVPN... so i uninstalled this...
still i could not get a VPN connection so i checked the com.apple.RemoteAccessServers.plist and noticed it had doubled in size (originally 4kb and now 8kb).
i thought this was a mistake and deleted it knowing it would self create a new fresh plist file.... HOWEVER it constantly populates the info twice as shown below:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ActiveServers</key>
<array>
<string>com.apple.ppp.l2tp</string>
</array>
<key>Globals</key>
<dict>
<key>PSKeyAccount</key>
<string>vpn_0649d87c2f06</string>
</dict>
<key>Servers</key>
<dict>
<key>com.apple.ppp.l2tp</key>
<dict>
<key>DNS</key>
<dict>
<key>OfferedSearchDomains</key>
<array>
<string>8.8.8.8</string>
<string>8.8.4.4</string>
</array>
<key>OfferedServerAddresses</key>
<array>
<string>192.168.0.248</string>
</array>
</dict>
<key>EAP</key>
<dict>
<key>KerberosServicePrincipalName</key>
<string>vpn/[email protected]</string>
</dict>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>IdentifierVerification</key>
<string>None</string>
<key>LocalCertificate</key>
<data>
</data>
<key>LocalIdentifier</key>
<string></string>
<key>RemoteIdentifier</key>
<string></string>
<key>SharedSecret</key>
<string>com.apple.ppp.l2tp</string>
<key>SharedSecretEncryption</key>
<string>Keychain</string>
</dict>
<key>IPv4</key>
<dict>
<key>ConfigMethod</key>
<string>Manual</string>
<key>DestAddressRanges</key>
<array>
<string>192.168.0.230</string>
<string>192.168.0.240</string>
</array>
<key>OfferedRouteAddresses</key>
<array/>
<key>OfferedRouteMasks</key>
<array/>
<key>OfferedRouteTypes</key>
<array/>
</dict>
<key>Interface</key>
<dict>
<key>SubType</key>
<string>L2TP</string>
<key>Type</key>
<string>PPP</string>
</dict>
<key>L2TP</key>
<dict>
<key>Transport</key>
<string>IPSec</string>
</dict>
<key>PPP</key>
<dict>
<key>ACSPEnabled</key>
<integer>1</integer>
<key>AuthenticatorACLPlugins</key>
<array>
<string>DSACL</string>
</array>
<key>AuthenticatorEAPPlugins</key>
<array>
<string>EAP-KRB</string>
</array>
<key>AuthenticatorPlugins</key>
<array>
<string>DSAuth</string>
</array>
<key>AuthenticatorProtocol</key>
<array>
<string>MSCHAP2</string>
</array>
<key>DisconnectOnIdle</key>
<integer>1</integer>
<key>DisconnectOnIdleTimer</key>
<integer>7200</integer>
<key>IPCPCompressionVJ</key>
<integer>0</integer>
<key>LCPEchoEnabled</key>
<integer>1</integer>
<key>LCPEchoFailure</key>
<integer>5</integer>
<key>LCPEchoInterval</key>
<integer>60</integer>
<key>Logfile</key>
<string>/var/log/ppp/vpnd.log</string>
<key>VerboseLogging</key>
<integer>1</integer>
</dict>
<key>Radius</key>
<dict>
<key>Servers</key>
<array>
<dict>
<key>Address</key>
<string>1.1.1.1</string>
<key>SharedSecret</key>
<string>1</string>
</dict>
<dict>
<key>Address</key>
<string>2.2.2.2</string>
<key>SharedSecret</key>
<string>2</string>
</dict>
</array>
</dict>
<key>Server</key>
<dict>
<key>LoadBalancingAddress</key>
<string>1.2.3.4</string>
<key>LoadBalancingEnabled</key>
<integer>0</integer>
<key>Logfile</key>
<string>/var/log/ppp/vpnd.log</string>
<key>MaximumSessions</key>
<integer>128</integer>
<key>VerboseLogging</key>
<integer>1</integer>
</dict>
</dict>
<key>com.apple.ppp.pptp</key>
<dict>
<key>DNS</key>
<dict>
<key>OfferedSearchDomains</key>
<array>
<string>8.8.8.8</string>
<string>8.8.4.4</string>
</array>
<key>OfferedServerAddresses</key>
<array>
<string>192.168.0.248</string>
</array>
</dict>
<key>EAP</key>
<dict>
<key>KerberosServicePrincipalName</key>
<string>vpn/[email protected]</string>
</dict>
<key>IPv4</key>
<dict>
<key>ConfigMethod</key>
<string>Manual</string>
<key>DestAddressRanges</key>
<array/>
<key>OfferedRouteAddresses</key>
<array/>
<key>OfferedRouteMasks</key>
<array/>
<key>OfferedRouteTypes</key>
<array/>
</dict>
<key>Interface</key>
<dict>
<key>SubType</key>
<string>PPTP</string>
<key>Type</key>
<string>PPP</string>
</dict>
<key>PPP</key>
<dict>
<key>ACSPEnabled</key>
<integer>1</integer>
<key>AuthenticatorACLPlugins</key>
<array>
<string>DSACL</string>
</array>
<key>AuthenticatorEAPPlugins</key>
<array>
<string>EAP-RSA</string>
</array>
<key>AuthenticatorPlugins</key>
<array>
<string>DSAuth</string>
</array>
<key>AuthenticatorProtocol</key>
<array>
<string>MSCHAP2</string>
</array>
<key>CCPEnabled</key>
<integer>1</integer>
<key>CCPProtocols</key>
<array>
<string>MPPE</string>
</array>
<key>DisconnectOnIdle</key>
<integer>1</integer>
<key>DisconnectOnIdleTimer</key>
<integer>7200</integer>
<key>IPCPCompressionVJ</key>
<integer>0</integer>
<key>LCPEchoEnabled</key>
<integer>1</integer>
<key>LCPEchoFailure</key>
<integer>5</integer>
<key>LCPEchoInterval</key>
<integer>60</integer>
<key>Logfile</key>
<string>/var/log/ppp/vpnd.log</string>
<key>MPPEKeySize128</key>
<integer>1</integer>
<key>MPPEKeySize40</key>
<integer>0</integer>
<key>VerboseLogging</key>
<integer>1</integer>
</dict>
<key>Radius</key>
<dict>
<key>Servers</key>
<array>
<dict>
<key>Address</key>
<string>1.1.1.1</string>
<key>SharedSecret</key>
<string>1</string>
</dict>
<dict>
<key>Address</key>
<string>2.2.2.2</string>
<key>SharedSecret</key>
<string>2</string>
</dict>
</array>
</dict>
<key>Server</key>
<dict>
<key>Logfile</key>
<string>/var/log/ppp/vpnd.log</string>
<key>MaximumSessions</key>
<integer>128</integer>
<key>VerboseLogging</key>
<integer>1</integer>
</dict>
</dict>
</dict>
</dict>
</plist>
Thinking i was half clever i thought id do a restore to when i first set the server up... not successful
Secondly i wiped the drive with zero data and did a fresh install... still not successful.
There must be a way to fix this BS error!
my source for the original setup was here: http://dreaming-artemis.com/2011/07/18/setting-up-vpn-on-the-imac-osx-snow-leopa rd-10-6-8/
Thanks in advance
TMCI would think you could copy them over using rsync, which is part of the OS X server package. If you're not familiar with rsync there is a tutorial here:
http://everythinglinux.org/rsync/
Skip the stuff about installing and configuring rsync and just go to the part about using it to copy files between servers. -
Help setting up Leopard Server(Standard) and VPN
Hello,
Here is my set up:
We have a static IP.
ADSL Netgear Router takes in the internet connection. (Not sure what the version is, but it had a VPN wizard).
Latest Aiport BS serves just the wireless.
Leopard Server in Standard Mode.
For the life of me I can't get the VPN working. I can't even make the server public. Granted I am out of my depth, but I am endeavoring to learn but there seems to be so many boxes to tick with servers that I never even know where I am up to.
On the 3 items in my setup above, what should the settings be starting to look like.
If I type our servers FQDN into Safari I am told that the server does not exist, but I can't work out how to make it available to the public. I am guessing that if I can't see the server via a browser then I am never going to be able to connect via VPN?
If you know of any other questions that I should be asking too, please let me know. My googling is getting me no where. I have even been doing the lynda.com tutorials on Leopard Server. So I promise that I am trying.Hi
Perhaps if I broke it down in these two ways.
(a) There is nothing stopping you from using the built in Routing Services in Leopard Server. To make things clearer these 'Routing' Services would be VPN, Firewall, NAT, DHCP and possibly DNS. Basically and simply if your server (by that I mean the hardware you are using to be your server) has two ethernet ports and if your ISP supplied broadband service is by DSL Cable Modem then you don't need a 3rd-Party Router. You can simply connect the ethernet cable from your Cable Modem directly into one ethernet port (this would be the WAN/Public/External connection. The other ethernet port can be connected directly to your network switch/hub (switch would be better). This would be your LAN/Private/Internal connection. Running Gateway Assistant will help you configure the Server (simply to begin with) to 'share' the internet connection on your WAN port with any client computer configured to use your LAN port. It is NAT that basically fulfils this function. The Firewall Service will allow any request that comes from your 'trusted' LAN access to the Internet using the WAN port. Any 'untrusted' request trying to gain access to your LAN from the Internet is blocked by your Firewall unless you configure your Firewall to allow it through. The VPN Service along with the DHCP Service can be configured to allow trusted remote clients to access your Server as well as the private network as if that remote client was actually at your Server's location. Remote client access is achieved by simply keying in the fixed external IP Address that is used at your Server's location in Internet Connect as well as a name and password that is configured on the Server.
(b) You purchase a 3rd Party Router to this all for you and dispense with the built in tools on the Server. Simply configure the Router to allow VPN passthrough. There are 3 basic VPN connection methods: PPTP, L2TP and IPSec (ISKAMP). Each of them offer increasingly more secure methods. Depending on which method you finally decide on may mean using additional 'client' software not available as standard on the client OS.
Back to (a): If your internet connection is down a phone line then you would need to use an ADSL Modem Router anyway. For me it does not make much sense to connect the LAN side of this Router to your Server and to further configure the Server to do something the Router can already do for you in most cases better and simpler. Why complicate things trying to do this server side when by your own admission 'I am not getting it/anything'
There is some excellent advice on these forums regarding VPN have you searched for them? If you have and you are still struggling to understand this then perhaps it may be more beneficial as well as being cost effective to get a professional in to do this for you. You would benefit enormously as not only will you see how it gets done but you will also be able to ask questions that may make the whole concept of VPN and networking in general more understandable.
Hope this helps, Tony
Maybe you are looking for
-
APEX Listener 2.0 - RESTful Services Failure with 404 - Not Found
Versions used: * APEX Listener 2.0.0.354.17.05 * Application Express 4.2.1.00.08 * Oracle Database 11.2.0.1 When testing the sample RESTful Service Module oracle.example.hr I always get 404 - Not Found page. I followed the documentation to install an
-
Writeback Error in Siebel Dashboard
Hi When I am clicking on insert button I am getting fallowing error. The system is unable to read the WriteBack Template 'SHNEW'. Please contact your system administrator. My XML Template is <?xml version="1.0" encoding="utf-8"?> <WebMessageTables xm
-
I'm unable to update iPhoto and iMovie since I downloaded Maverick. How can I solve this?
I have been trying to download iMovie (currently 10.0.4) and iPhoto (currently 9.5.1) but the Apple Store never lets me do so. I am currently outside the U.S., where I purchased my laptop and I wonder how can I solve this. Thanks in advance for any h
-
Anonymous access to KM Navigation Iview
In order to obtain an anonymous access to a KM folder, I followed the instructions in the guide How to configure an anonymous access to KM. Unfortunately I still have 2 problems: 1) connecting to the portal by http://<server name etc.>/anonymous I
-
Display isn't refreshing (or "Can't hide layers")
My display isn't refreshing when I make changes to layer visibility (Ai CS5 v15.1.0 for Windows). For example, if I click the eye to hide a text layer, the eye disappears but the layer (e.g., the text) is still displayed. If I try to hide the parent