Lion Server VPN Service/Class C IPs/Bonjour

In order to deploy Lion Server's VPN service, you obviously are required to enter an IP range to assign. We are running a standard class C network here, with systems running on 192.168.1.x. The problem is that if a user is accessing the VPN from a remote location that also uses the same IP scheme, then they won't be able to connect. Is there a simple way to deal with this? Is the only way to fix the problem to re-assign every IP address on our network a more unique address scheme? We have a large network and that would be unwieldy.
Also, will it be possible to use Bonjour over the VPN? We want to be able to share network resources as if the user was physically connected to our LAN.
Thanks in advance for your answers!

Linc Davis wrote:
Also, will it be possible to use Bonjour over the VPN?
Bonjour doesn't work over a routed connection. You would need to use something like this:
Slinkware
Thanks for this link Linc. From descriptions and reviews it sounds like exactly what I was looking for to propagate Bonjour service discovery to a remote Mac. Being a little naive I had set up an OS X Server VPN expecting Bonjour to "just work" once a remote Mac connected!
In particular the Slinkware web site has a detailed description on how to set up certificate authentication which improves security (geeky but very well detailed).

Similar Messages

  • Lion Server VPN error

    I am trying to use the Lion Server VPN function and have all the firewall port opens (500, 1701, 1723, 4500) and cannot get anything to connect either inside or outside of the network.  I keep getting "The L2TP-VPN server did not respond.  Try reconnecting.  If the problem continues, verify your settings and contact your admin".  I checked the log on the server and here is what I find under system log
    Oct 27 21:03:56 www racoon[3529]: Connecting.
    Oct 27 21:03:56 www racoon[3529]: IPSec Phase1 started (Initiated by peer).
    Oct 27 21:03:56 www racoon[3529]: IKE Packet: receive success. (Responder, Main-Mode message 1).
    Oct 27 21:03:56 www racoon[3529]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
    Oct 27 21:03:56 www racoon[3529]: IKE Packet: receive success. (Responder, Main-Mode message 3).
    Oct 27 21:03:56 www racoon[3529]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
    Oct 27 21:03:59 www racoon[3529]: IKE Packet: transmit success. (Phase1 Retransmit).
    Oct 27 21:04:29: --- last message repeated 3 times ---
    Oct 27 21:04:32 www racoon[3529]: IKE Packet: transmit success. (Phase1 Retransmit).
    Then I get the error on the other machine (i.e. iPhone 4S, IMac)
    Have I done searches on google for everything I can think of and can not find a answer, or at least not one that helps me.
    Any help would be greatly appreciated
    Sodak

    If you are using iCloud "Back to my mac", then disable it.
    These services are incompatible.

  • Lion Server DNS service not working for locally created zones. Caching working fine.

    OS Lion Server DNS service not working for local zones. Was fine under Snow leopard server but Lion server upgrade has severely broken my DNS and web sites. Zones look fine under Server Admin but keep getting "query failed (SERVFAIL) for xxxx at /SourceCache/bind9/bind9-42/bind9/bin/named/query.c:3921" in the logs. BTW - Server Admin cant seem to see the log file either.
    Surely someone actually tested that DNS still worked on Lion?

    I upgraded from Snow Leopard Server to Lion Server on day 01.  I hit the same issue where, after the upgrade, my Lion Server stopped serving names for my private local domain.
    I finally took a few minutes to figure out what was wrong.  After turning on debug logging and looking through the logs, I found my particular issue, now resolved.
    The issue I had was, when the domain initially was setup when I installed Snow Leopard Server, for some reason it created a zone just for the server (in my case, something like zone "s-01.mydomain.priv"), and a separate zone for all the other machines (zone "mydomain.priv", containing all the private IPs for my local domain).  I never messed with it because it worked, but generally I would have put all of them in the same zone.
    My zone "mydomain.priv" had a nameserver and mail exchanger entry for my server, s-01.mydomain.priv.  I could see this in the Server Admin app on the DNS bubble, Zones tab, mydomain.priv selected, and the General Info panel.  This was fine in Snow Leopard.  This was failing the zone load in the updated bind for Lion Server, though.  The issue was that the "mydomain.priv" zone was referencing the s-01.mydomain.priv server, which was not defined in the "mydomain.priv" zone but rather in the "s-01.mydomain.priv" zone.
    My fix:
    1. In Server Admin, add the server to the zone "mydomain.priv".  I put an A record (Add Machine) in the "mydomain.priv" zone for my server named s-01.mydomain.priv.
    2. shut down DNS on the OS X Lion Server (hit the Stop DNS button on Server Admin).
    3. edit /etc/named.conf by hand, removing the specialized zones that contianed just the server.  In this case, it would be the section titled 'zone "s-01.mydomain.priv"' and the section titled 'zone "3.10.1.10.in-addr.arpa"'.  Your in-addr.arpa zone name will change based on whatever your server IP address was.  My internal one happened to have s-01.mydomain.priv mapped to 10.1.10.3.
    4. Once the specialized zones for just the server were removed, I started the DNS up again.  Instead of serving four zones as it had in OS X Snow Leopard Server, it now servers two zones.  And, now, it is resolving my local machines for the mydomain.priv zone.
    YMMV.  I did note that it wasn't totally necessary to do step 3, but I never really understood the need for the specialized domain, and keeping it around would have a copy of data that would just confuse things.
    Hope that helps.  That's been the only hiccup I've noticed updating to OS X Lion Server thus far.

  • Mountain Lion server VPN configuration problem

    I'm having a problem connecting to my Mountain Lion server VPN even on my home local network.  The configuration is so simple but I can't figure out what I need to do to get it to connect.  Trying from my iphone and also ipad going directly to the ip address of the server and have the user account name, password and secret filled out as I have it set on the server but the connection fails.  I was at first thinking it might be a DNS issue, but then dismissed that since it's happening on the local network.  It seems to be an authentication issue, however I'm using the same settings as on the server. I have other services working such as file server, DNS and SUS so the product itself is fine, just the VPN service.
    Any ideas?
    - Chris

    I had the same "No CHAP secret found for authenticating username" issue. I've been at this VPN thing for many many hours over many days. Desperately want OS X Server to work.
    Finally I just bought iVPN to see if that would work somehow--- AND IT TOTALLY DID.
    So, forget Mac OS X Server VPN. Just forget it. There are definitely many problems out there facing VPN access. But if you're at the point I was, where it's connecting just not authenticating, then forget Mac OS X Server.
    http://macserve.org.uk/projects/ivpn/

  • How to import Lion Server VPN Configuration Profile into Profile Manager

    Greetings All,
    I'm working on configuring a Lion Server VPN (10.7.2) and I hit the following road block. I succesfully started the VPN server and profile manager. In fact, if I download the built-in "everyone" profile that has the pre-configured VPN to device such as an iPad things work just fine. However, I'd like to create other profiles with the same VPN configuration info so I can delegate more specifically to different groups and users. I was hoping I could simply import the VPN configuration profile that I saved in the Server dashboard when I setup the VPN service into profile manager somehow. The reason I'm going this route is because every time I try to just re-make the VPN profile it doesn't want to work. I'm not sure why, but I figure why re-invent the wheel if I don't have too. Any suggestions?

    After a lot of investigating I haven't found a way to do this, I'm assuming it cannot be done.

  • Lion Server VPN with 2 networks

    I hope someone has come across a similar problem to what I have had.
    I am having great difficulty trying to configure our OSX Lion Server (7.4) VPN service. The configuration I am trying to reach is one where we have an external IP for the server itself. A VPN configuration where we can use the external IP to get onto the VPN. When successfully on the VPN we would like to route through internal the network for all VPN traffic. We are having difficulty with the source routing so all traffic when successfully authenticated onto the VPN goes via VLAN0.
    I have used the guide:
    http://macminicolo.net/lionservervpn
    When on the VPN all internal network services should be available. But it seems to take the gateway of the public interface for all routing. I have tried adding routing entries with no luck
    Open to suggestion on how we can get this to successfully work. Thanks in advance.

    I am having a similar if not the same problem.  What happens when you log in with the VPN is that instead of giving a proper route the the VPN network, a second "default route is added".
    Internet:
    Destination        Gateway            Flags        Refs      Use   Netif Expire
    default            172.16.200.1       UGSc          166        0     en0
    default            172.16.150.109     UGScI           0        0    ppp0
    69.27.134.89       172.16.200.1       UGHS            0        0     en0
    127                127.0.0.1          UCS             0        0     lo0
    127.0.0.1          127.0.0.1          UH              3       22     lo0
    169.254            link#4             UCS             0        0     en0
    172.16.150/23      ppp0               USc             1        0    ppp0
    172.16.150.109     172.16.150.5       UH              1        0    ppp0
    172.16.200/23      link#4             UCS             5        0     en0
    172.16.200.1       a0:21:b7:60:b:4e   UHLWIi        167      109     en0    845
    172.16.200.11      b8:ac:6f:ff:b6:66  UHLWIi          0      202     en0   1200
    172.16.200.20      127.0.0.1          UHS             0        0     lo0
    172.16.200.54      d8:30:62:6a:4f:4b  UHLWIi          0        0     en0    881
    172.16.201.255     ff:ff:ff:ff:ff:ff  UHLWbI          0       32     en0
    I can add a manual route using:
    route add 172.16.0.0/23 172.16.150.9  and everything works fine.  But if you disconnect the VPN and reconnect you also have to re-enter the route,
    BTW.... works fine from my Win7 PC.

  • Lion Server VPN, Can Connect Locally, Not Remotely

    I have both Lion and Lion Server installed on my Core 2 Duo iMac, mainly because I want the VPN feature of Server.
    I configured everything correctly for the VPN, and can connect to it with no problems from my iPhone and iPad when I am within my own LAN (the server and the iPhone/iPad are on the same IP range and subnet).
    I also used the automatic config within the Server app to configure my AirPort Extreme N Base Station.   Looking at the Port Mapping section of my ABS from within AirPort Utility, I do in fact see that VPN Service (L2TP) is configured with the following UDP ports: 500, 1701 and 4500.  Those ports ARE pointing to the iMac that is running the VPN server.  Firewall on that iMac is turned OFF.
    However, I am unable to connect my iPhone to the VPN Server using my Public IP address.  I have tried it from within my network (out of network to internet the back), from my Verizon MiFi or from my iPhone's 3G connection (well, in my area it is still Edge).  The iPhone simply sits on "Connecting" for a few seconds, then an alert comes up stating "The L2TP-VPN server did not respond.  Try reconnecting. If the problem..." yadada.
    I AM, however, able to get Web Sharing to work via my Public IP address, as well as VNC.
    I also cannot connect to the VPN via the Public IP with other devices like my iBook, PowerBook G4, Windows 7 PC, or iMac G5.  They ALL CAN connect via the local network 10.1.x.x IP address.
    Am I missing something here?  I did all of the automatic configurations, and all of the ports appear to be properly open.

    Not in my case, Per, no.
    I just did a tcpdump between various systems.
    For those that do NOT work (client iPhone, client 10.7 and server 10.7) the tcpdumps look like so:
    19:12:33.883057 IP Home.60845 > LionServer.500: isakmp: phase 1 I ident
    19:12:33.884410 IP LionServer.500 > Home.60845: isakmp: phase 1 R ident
    19:12:33.910379 IP Home.60845 > LionServer.500: isakmp: phase 1 I ident
    19:12:33.918362 IP LionServer.500 > Home.60845: isakmp: phase 1 R ident
    19:12:33.958995 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 1 I ident[E]
    19:12:33.959349 IP LionServer.4500 > Home.60846: NONESP-encap: isakmp: phase 1 R ident[E]
    19:12:33.959461 IP LionServer.4500 > Home.60846: NONESP-encap: isakmp: phase 2/others R inf[E]
    19:12:34.997414 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
    19:12:34.998323 IP LionServer.4500 > Home.60846: NONESP-encap: isakmp: phase 2/others R oakley-quick[E]
    19:12:35.016983 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
    19:12:35.019173 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x1), length 132
    19:12:35.052641 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
    19:12:35.595022 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x2), length 132
    19:12:37.597957 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x3), length 132
    19:12:38.212127 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
    19:12:41.214447 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
    19:12:41.603061 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x4), length 132
    19:12:44.216935 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
    19:12:45.609900 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x5), length 132
    19:12:49.616860 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x6), length 132
    19:12:53.623054 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x7), length 132
    19:12:54.965357 IP Home.60846 > LionServer.4500: isakmp-nat-keep-alive
    19:12:55.032098 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 2/others I inf[E]
    19:12:55.036420 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 2/others I inf[E]
    19:12:56.228356 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
    Note: I've done this over wired and wireless as well as 3G -- the transport on the client end is NOT the issue.
    A connection that works, from iPhone ONLY (on 3G or Wireless) is:
    11:24:59.960105 IP Home.61168 > LeopardServer.500: isakmp: phase 1 I ident
    11:24:59.964119 IP LeopardServer.500 > Home.61168: isakmp: phase 1 R ident
    11:25:00.673976 IP Home.61168 > LeopardServer.500: isakmp: phase 1 I ident
    11:25:00.712858 IP LeopardServer.500 > Home.61168: isakmp: phase 1 R ident
    11:25:01.466127 IP Home.61169 > LeopardServer.4500: NONESP-encap: isakmp: phase 1 I ident[E]
    11:25:01.468180 IP LeopardServer.4500 > Home.61169: NONESP-encap: isakmp: phase 1 R ident[E]
    11:25:01.468546 IP LeopardServer.4500 > Home.61169: NONESP-encap: isakmp: phase 2/others R inf[E]
    11:25:02.954797 IP Home.61169 > LeopardServer.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
    11:25:02.978314 IP LeopardServer.4500 > Home.61169: NONESP-encap: isakmp: phase 2/others R oakley-quick[E]
    11:25:03.480886 IP Home.61169 > LeopardServer.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
    11:25:03.486763 IP Home.61169 > LeopardServer.4500: UDP-encap: ESP(spi=0x0a46a01f,seq=0x1), length 116
    11:25:04.032382 IP Home.61169 > LeopardServer.4500: UDP-encap: ESP(spi=0x0a46a01f,seq=0x2), length 116
    11:25:06.029801 IP Home.61169 > LeopardServer.4500: UDP-encap: ESP(spi=0x0a46a01f,seq=0x3), length 116
    11:25:06.517111 IP LeopardServer.4500 > Home.61169: UDP-encap: ESP(spi=0x088d7e27,seq=0x1), length 116
    11:25:06.742918 IP LeopardServer.4500 > Home.61169: UDP-encap: ESP(spi=0x088d7e27,seq=0x2), length 116
    And from there it's all normal.
    What never works:
    10.7 client to 10.7 server
    iPhone to 10.7 server
    The breakage seems to happen on 10.7 server here:
    19:12:35.019173 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x1), length 132
    19:12:35.052641 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
    After that first ESP packet, the Lion Server responds with another phase 1 ident.
    The Leopard server does not.
    It may still be something in my setup, but, there's nothing to configure on 10.7 server other than "on" and "off" and some IP addresses, which I'm nearly certain isn't the issue...but who knows.   Either the Lion Server ignores whatever is in that ESP packet, and starts over, or, iOS and OS X are sending it something it doesn't like and is forcing it to reset and start over.

  • Mountain Lion Server VPN won't startc

    I just upgraded a MacMini running 10.6.8 client to Mountain Lion (10.8.1) and then downloaded Server.app.
    All I need it to do is run basic file sharing and VPN, however, the VPN service never starts up.
    Every time I flip the switch in Server.app to start VPN, it immediately turns back to the "off" position and the following lines print in the system.log
    Aug 29 20:00:56 server.catsareawesome.com com.apple.SecurityServer[20]: Succeeded authorizing right 'system.privilege.admin' by client '/Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/Serve rManagerDaemon.bundle' [91] for authorization created by '/Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/Serve rManagerDaemon.bundle' [91] (2,0)
    Aug 29 20:00:56 server.catsareawesome.com com.apple.SecurityServer[20]: Succeeded authorizing right 'system.privilege.admin' by client '/Library/PrivilegedHelperTools/com.apple.serverd' [63] for authorization created by '/Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/Serve rManagerDaemon.bundle' [91] (100000,0)
    Aug 29 20:00:56 server.catsareawesome.com com.apple.SecurityServer[20]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/launchdadd' [388] for authorization created by '/Library/PrivilegedHelperTools/com.apple.serverd' [63] (100002,0
    Aug 29 20:00:56 server.catsareawesome.com com.apple.serverd[63]: ERROR: SMJobSubmit: The operation couldn’t be completed. (kSMErrorDomainLaunchd error 9 - The job dictionary specifies that it is disabled.)
    Also of note, if I try to do anything using serveradmin in terminal, I get the following error:
    server:lib temp$ serveradmin
    dyld: Library not loaded: /usr/lib/libservermgrcommon.dylib
      Referenced from: /usr/sbin/serveradmin
      Reason: image not found
    Trace/BPT trap: 5
    That libservermgrcommon.dylib file is definitely not in /usr/lib
    I would really appreciate any help.
    Thanks

    Hi Jason
    I was getting the same behavior after Apple support had me delete some plist files to get Airplay going. I was also getting the following error:
    the error occurred while processing a command of type 'writesettings' in the plug-in 'server vpn'
    I went into ~/Library/Preferences/ and /Library/Preferences/ and deleted every plist contating the word server. I had to re-set up my server (meaning walk through some intial steps) but all of my settings were still there after that and everything started working again.
    Just a thought, obviously try at your own risk but it worked for me.
    Kellen

  • Mountain Lion server vpn setup

    I have OSX Mountain Lion with server.  I use dynamic dns with dyndns.org.  I have a Virgin Media Router in modem only mode connected to a Time Capsule that provides DHCP and NAT.  I have all the correct ports open on the Time Capsule (500, 1701, 1723 and 4500).
    I have set up the Server VPN but every time I try to connect wither from within my LAN or externally I get the message:
    The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.
    I have tried everything I can think of (including trying VPN Configurator) but cannot get the VPN to work.  Any advice welcome.

    I had the same issue: 
    The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.
    PPTP was connecting from a PC without problem but trying to use L2TP (IPSec) from an iMac gave the above message.  I resolved this by:
    I went into Server > VPN and turned the service off for 30 seconds and turned it back on, all working.
    The wonder of OSX Server.  Lots of buggy problems.
    Steve H

  • OSX Lion Server VPN and Remote Desktop

    I can connect with vpn to my OSX Lion Server from the internet to my home network.
    With remote Desktop I can reach only the server itself not my other clients in the network.
    With my previous environment based on Snow Leopard server that was no problem.
    What could be the problem?

    I have an answer, but it has taken a long time to figure it out.
    I have a Mac Pro, running behind an Airport Extreme 811N router.  I ran OSX Server 10.6x and after I did the upgrade to 7.5.x firmware on my airport the L2PT service died going thru my router.  I simply switched to the PPTP VPN because it appeared to work fine.  Then I upgraded (or downgraded) to 10.7x Server.  When I did that they got rid of PPTP as an option, and my L2PT connections still did not work.  I went looking online for answers, and found alot of references to the 7.5.x firmware.  I ran a test to see if I could connect to the VPN internal to the LAN - thereby bypassing the router as an issue.  It worked flawlessly.  It definately had something to do with the way 7.5.x handles a packet. 
    After several trial/error sessions, I figured out that it was the DCHP service on the Airport Extreme that was causing the problem.  For whatever reason if you have DCHP assign the IP address to your VPN server, it will never work.  I took the server out of the DCHP pool, and gave it a static IP.  Once I did that and correctly configured the interface on my server (be sure to setup the DNS correctly if you use static IP) I was able to get the VPN to work flawlessly.  Was even able to turn the Back to my Mac feature back on.
    Don't know if this helps, but I have personally logged 3 days on this problem over the last 2 months.  I am pleased it is resolved.

  • Lion Server: VPN external ports to open on firewall

    With Leopard/SnowLeopard Server, opening ports back to my server @ 500, 1701 and 4500 were sufficient for L2TP VPN.  I had no issues trying to connect to my VPN until I upgraded to Lion (which I'm quickly learning was a big mistake).
    Now it appears that there might be undocumented, additional ports in the new (dumbed down) VPN on Lion Server
    I've got 500, 1701 and 4500 open now... and added 1723 (PPTP) as some people suggested (found via google search).  I still cannot connect from outside my nework - the client acts like the server does not exist.
    Please note that I can connect without an issue from within the network.  When I simply change the hostname to my external host, it no longer is able to connect.  (My firewall supports external reflection when trying to access my external IP - so don't worry about my firewall config, other than port redirection).
    Is there another port besides the four I've listed about that I need to open?

    Yup... all UDP.  I'll mess with getting it outside the firewall. 
    I'm thinking now that it might be a domain/certificate name issue - seeing that all the new certificate trust requirements have already broken other things for me (like web-based stuff, calendars and profile management)
    Is it required by the VPN server that the certificate hostname matches the external hostname?

  • Lion server VPN not working away from network

    Hey everyone,
    So I have a mac mini setup with lion server, and setup a VPN, however after I setup the profile and installed it on my iphone and ipad, it worked great wile I was connected to the same network, but once I connect to either 3G or to a different network (than the server is based) it says,
    "The L2TP-VPN server did not respond.  Try reconnecting.  If the problem continues, verify your settings and contact your administrator." 
    I have check the port mapping settings, as I have a airport extreme and have the VPN setting checked for the extreme from the server app.  I have also disabled mobileme "back to my mac" on the computer, and also on the airport extreme just to make sure that wasn't causing the issue.  I'm out of ideas, I know it has to do with the incoming connection, and I have setup a dyndns for the ip address.  Any ideas would be really appriciated.

    I also had the same issues but managed to fix it.
    My airport extreme DHCP settings were conflicting with the VPN servers assigned addresses.
    For example, the DHCP on the extreme was set to the range 10.0.1.200 - 10.0.1.254
    And the VPN was set to the same range of 10.0.1.200 - 10.0.1.254
    I then changed the DHCP range on the extreme to 10.0.1.100 - 10.0.1.229
    and i set the VPN to give out IP addresses between 10.0.1.230 - 10.0.1.254
    Reset both the extreme and VPN server, then boom. It started working, internally and externally.

  • Is it possible to configure the OS X Server VPN Service to use Certificates?

    I was attempting to set up the VPN Service on OS X Server 4.0.3 (Yosemite) to use certificates instead of a private shared key.  It does not appear that the VPN Server in OS X Server is designed to use anything other than a private shared key (on the server side).  I was wondering if I was missing something?  The VPN Server works fine using the PSK (L2TP or PPTP) - I just thought I would experiment with certificates - but every example I am finding shows the PSK being used - although some of the "how to" tuturials allude to the fact that VPN certificates are supported for L2TP - but they don't provide any detail on how that functionality would be configured.  I tried creating both a VPN Server and VPN Client certificate - however - the certificates show up in the login keychain and do not appear in the certificate window in the Server app.  I was hoping that maybe the presence of a VPN Server Certificate would possibly enable an option to use it when configuring the VPN.
    ~Scott

    No unfortunately the 'official' Apple VPN service does not have this ability, furthermore as Apple use a heavily customised version of Racoon you cannot cheat by trying to do this via the command line.
    You will have to use a completely different VPN server, Mac and iOS clients can do this but not the Mac server side. I use StrongSwan running in a Linux virtual machine.

  • How to keep Lion Server wiki service running in bootcamp windows?

    I know this is a stupid question, but ...
    I used to run mac mini server as the wiki & file sharing server within my team, and use vmware to load the win7 on the bootcamp partition to do some jobs which need M$ visual studio.
    Now I have some new things to do with windows phone7, but unlike other simulators, windows phone7 is extremely slow if I run it in the vmware. I have to boot bootcamp and run the emulator natively, meanwhile I don't want to  stop the Lion server especially the wiki services.
    So the question comes:
    Is there a way to migrate the existing Lion server contents to a Windows? Perhaps I need to setup windows+apache+mysql+php? It seems not a easy way.
    Or anyway to boot the existing Lion partition in a windows virtual machine? Some tips? Many thanks!

    Snow Leopard did the same if you used the GUI. I responded to you in your other thread. You can also simply use a different Apache. Use Macports to install your own apache, which can be managed via command line or webmin. Thus, the apple one deals with Apple stuff, and, yours deals with everything else.

  • Lion Server VPN: Static IPs to Clients?

    Does anyone have any thoughts as to whether it might be possible to have the
    Lion L2TP server hand out static IPs to clients when they connect, based on the
    username they use to log in?
    Looking at this snippet from /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist:
                                            <key>ConfigMethod</key>
                                            <string>Manual</string>
                                            <key>DestAddressRanges</key>
                                            <array>
                                                      <string>10.50.0.100</string>
                                                      <string>10.50.0.149</string>
                                            </array>
    ConfigMethod gives me a little hope that other methods may be available, and I
    might be able to do this, but am reaching out to see if anyone here has
    experience or insight on this topic.

    Yup... all UDP.  I'll mess with getting it outside the firewall. 
    I'm thinking now that it might be a domain/certificate name issue - seeing that all the new certificate trust requirements have already broken other things for me (like web-based stuff, calendars and profile management)
    Is it required by the VPN server that the certificate hostname matches the external hostname?

Maybe you are looking for

  • How to validate required fields before executing menu item ("Save As") using cutom Javascript?

    Hi, Sorry, I am new to PDF Development. I tried creating PDF using Acrobat XI Pro. During creation, I have encountered issues in running custom JavaScript. The requirement is to validate all the required fields before saving the PDF. I tried using th

  • Customer & Vendor Ageing Reports

    Hi Can you please tell how can i get vendor and customer ageing report,  Ex.Open items from 10-20,21-30,31-40 so on... where i can get the report? Mammu.

  • How to change an old email in ichat

    iam trying to change my old email in my ichat but i can not  change it because is asking me i need to call to my Provider to change my emaol and all my information i do not understand how i need  to fix it

  • Multi Account assignment

    Hi All, If I use Account assignment category K and assign Multi account assignmnet .In that case accounts documents not updated in MIGO Level, Why ?What is standard SAP fucnitionality Regards, Vivek

  • Error with Linked Server

    I am trying to configure a linked server to connect from MS Sqlserver2000 to Oracle. I am using an Oracle 8i client. Following notes on this website and from microsoft I changed my registery enteries as follows: OracleOciLib oci.dll OracleSqllib oras