Osx server 2.2.1 VPN subnet mask 255.255.255.255

Similar Messages

• Defining VPN Subnet Mask?

  Howdy,
  Ok this problem occurs on Windows Vista, and is, to my knowledge classed as a bug, as it never occured on XP. So when I migrated over to OS X I assumed it would not be there... I was wrong, cos it is!
  I connect to several VPNs to access MySQL DB's, and I use these everyday and are very important. Now a few of the VPN's use a subnet mask of 255.255.255.0, like most connections. Now the other VPNs use a subnet mask of 255.255.240.0, and when connecting to these VPN's OS X just assumes the subnet is 255.255.255.0 and therefore, even though it connects fine, I cannot access anything on this server cos of this problem!
  Now the only way, to my knowledge, around this is to run the ifconfig command to get my assigned IP Address, then run the command:
  sudo route add -net 192.168.16.0 192.168.16.* 255.255.240.0
  Where * represents the last 1/2 digits of my assigned IP address. This does work, but is quite frustrating, just as it was running the "route" command on Vista.
  Does anyone know of a way around this? So I can tell OS X to add me a subnet mask of 255.255.240.0? Or even a way in OS X to automatically run the above command via terminal when I connect?
  Any help will be appreciated!
  ta
  Steve M

  Do you know how I can join my office domain via the PPTP connection? I've triend both the QuickVPN client as well as, Windows built-in VPN connection. I've only been able to successfully connect using Windows VPN connection. I could not get QuickVPN client to work.

• OSX Server 2.21 L2TP VPN - security recommendations

  hi  folks,
  I am running OSX server 2.2.1 hosting mail,  and L2TP VPN which work great..
  I port forward  port 25
  and UDP 500, 1701 , 4500 for the VPN, from my router gateway to my mac mini.
  are there any security concerns in relation to having open access to the UDP ports 500,1701, 4500  on my mac mini?
  I had tried to put a firewall rule on my gateway  to only allow access from the public ip of my iphone over 3g, but that didnt seem to work  as i still could connect over a different public network, so it appears that the firewall rule was ignored as the traffic was automatically being natted by the gateway..
  my main question really, is should i be worried, leaving UDP ports open publically to my mac mini server?
  thanks

  i ran through those processes , and for the last one got file not found
  /System/Library/LaunchDaemons/com.apple.pfctl: file does not exist or is not readable or is not a regular file
  is there a way to verify that the adaptive firewall is running?
  thanks

• OSX Server + Billion 5200G RC VPN Access

  Hello,
  We are a small design studio looking at setting up a VPN to access local files whilst on the road. I believe I have all the configuration setup correctly in Mac OSX server but I am a little out of my element when know which ports to forward on the router and if it is even setup to accept VPN connections.
  If anyone has experience setting up VPN access wtih the Billion 5200G RC Router I would be indebted to you.
  Thanks
  Michael
  (designer @ false behaving animals)

  i ran through those processes , and for the last one got file not found
  /System/Library/LaunchDaemons/com.apple.pfctl: file does not exist or is not readable or is not a regular file
  is there a way to verify that the adaptive firewall is running?
  thanks

• Subnet mask 255.255.255.255 assigned to VPN client - can't ping LAN

  Hi,
  I configured PIX 501 with PPTP VPN to connect to the small office (PIX FW, Win 2000 Server, several Win clients, LAN IP 10.0.0.X/24):
  ip local pool mypool 10.0.0.101-10.0.0.105
  vpdn group mygroup accept dialin pptp
  vpdn group mygroup ppp authentication mschap
  vpdn group mygroup ppp encryption mppe 128 required
  vpdn group mygroup client configuration address local mypool
  vpdn group mygroup client configuration dns 10.0.0.15
  vpdn group mygroup pptp echo 60
  vpdn group mygroup client authentication local
  vpdn username xxxx password *********
  vpdn enable outside
  I can connect to the office using Win VPN client, but I can't ping any hosts in the office network. I suspect that the reason for that is subnet mask assigned to the VPN client: 255.255.255.255. ipconfig of the VPN client:
  PPP adapter Office:
  Connection-specific DNS Suffix . :
  IP Address. . . . . . . . . . . . : 10.0.0.101
  Subnet Mask . . . . . . . . . . . : 255.255.255.255
  Default Gateway . . . . . . . . . :
  Default GW is missing too, but I think this is not the main problem.
  Any way, what is wrong with my config? How to fix subnet mask assigned to clients? Or may be my assumption is wrong and this mask is ok? What is wrong then?
  Any input will be greatly appreciated!
  George

  Thanks for the prompt reply.
  Here it does:
  PIX Version 6.3(4)
  interface ethernet0 auto
  interface ethernet1 100full
  nameif ethernet0 outside security0
  nameif ethernet1 inside security100
  enable password xxxxxxxxxxxxxx encrypted
  passwd xxxxxxxxxxxxxx encrypted
  hostname OSTBERG-PIX
  fixup protocol dns maximum-length 512
  fixup protocol ftp 21
  fixup protocol h323 h225 1720
  fixup protocol h323 ras 1718-1719
  fixup protocol http 80
  fixup protocol rsh 514
  fixup protocol rtsp 554
  fixup protocol sip 5060
  fixup protocol sip udp 5060
  fixup protocol skinny 2000
  fixup protocol smtp 25
  fixup protocol sqlnet 1521
  fixup protocol tftp 69
  names
  access-list 80 permit ip 10.0.0.0 255.255.255.0 10.0.20.0 255.255.255.0
  access-list inbound permit icmp any any
  access-list inbound permit tcp any any eq pptp
  access-list inbound permit gre any any
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  ip address outside 66.189.xxx.xxx 255.255.252.0
  ip address inside 10.0.0.23 255.255.255.0
  ip audit info action alarm
  ip audit attack action alarm
  ip local pool mypool 10.0.0.101-10.0.0.105
  pdm location 10.0.0.0 255.255.255.0 inside
  pdm location 10.0.0.15 255.255.255.255 inside
  pdm logging informational 100
  pdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0 0 0
  access-group inbound in interface outside
  route outside 0.0.0.0 0.0.0.0 66.189.yyy.yyy 1
  timeout xlate 0:05:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
  timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
  timeout uauth 0:05:00 absolute
  aaa-server TACACS+ protocol tacacs+
  aaa-server TACACS+ max-failed-attempts 3
  aaa-server TACACS+ deadtime 10
  aaa-server RADIUS protocol radius
  aaa-server RADIUS max-failed-attempts 3
  aaa-server RADIUS deadtime 10
  aaa-server LOCAL protocol local
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server community public
  no snmp-server enable traps
  floodguard enable
  sysopt connection permit-ipsec
  sysopt connection permit-pptp
  telnet 10.0.0.23 255.255.255.255 inside
  telnet 10.0.0.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  vpdn group mygroup accept dialin pptp
  vpdn group mygroup ppp authentication mschap
  vpdn group mygroup ppp encryption mppe 128 required
  vpdn group mygroup client configuration address local mypool
  vpdn group mygroup client configuration dns 10.0.0.15
  vpdn group mygroup pptp echo 60
  vpdn group mygroup client authentication local
  vpdn username ********* password *********
  vpdn enable outside
  dhcpd lease 3600
  dhcpd ping_timeout 750
  dhcpd auto_config outside
  terminal width 80
  Cryptochecksum:xxx
  : end
  There are remnants of old config, I just recently took over this network, some lines look odd to me, but I did not touch what works. VPN config is all mine.
  PIX internal 10.0.0.23 - is a gateway for the network. DNS server in LAN - 10.0.0.15.
  I've been reading about the problem and came across several posts that this subnet mask is normal, but it puzzles me - how can this host communicate with anyone else if there is no room for other hosts in this network (according to the mask)?!
  Thanks again!
  George

• Test Drive OS X Server - VPN, Subnets, User Management

  Is there a place I can test drive osx server? I don't want to purchase expensive server os and hardware and find out it will not do what I want.
  What I want to do is setup VPN so road warriors can connect securely and surf the internet through the vpn connection. I want to setup multiple subnets so users are separated from each other for security reasons.
  I look forward to your insight.

  I'm not aware of an organization that provides a test-drive for Mac OS X Server, though there might be a related one-on-one or business-oriented class available (for free or for a fee) at a local Apple store.
  VPNs are easily feasible with Mac OS X Server, and a VPN client is built into Mac OS X. That written, there are a gazillion different interpretations of "VPN" and of "road warrior"; protocols and requirements and clients and access patterns and security requirements can and do differ.
  Subnets are standard IP, and fully available. Subnets are intended to control routing and are not intended for security. Here a case of obscurity than of security, unless enforced at the switches and possibly through switch-level VPNs and/or encryption -- subnetting is quite certainly functional, but not something I would rely on for security. Various malware and many users are fully aware of how to sniff a LAN, after all.
  US$500 (10 client) is not expensive for a server operating system FWIW, and Mac OS X Server can be installed on most any Mac system. US$500 and US$1000 (unlimited client) is a small fraction of other widespread choices in the market. One I'm familiar with is US$900 per core plus hardware, and another starts in the low US$2000 range, plus hardware. But yes, taking the plunge with an Xserve and an unlimited client will set you back some US$3000, or more.
  If you're specifically looking for VPN capabilities and subnetting, there are potentially hardware-based solutions available. These are hardware devices (switches and routers) that provide the subnetting, and that can provide a firewall with VPN capabilities. These embedded and dedicated devices do not provide the rest of what Mac OS X Server provides, however.

• Can't establish VPN on windows client to OSX server

  Hi everyone,
  I'm stuck for a while now with a very annoying problem.
  I can't establish a VPN connection on a windows client to a OSX Server. It worked fine while we had OSX server 10.6.
  We recently updated to 10.8 and got this problem.
  I know some of u are now thinking, the solution is: Just don't use windows... But the director of the company i am doing this for
  doesn't want to switch to mac.
  Also, this problem maybe be related to windows but i hope someone here can help me.
  Things i've done:
  I've tried PPTP ( didn't work either )
  I've tried different users
  I've tried adding a rule te regedit in windows ( according to a windows vista kb file for VPN trough NAT devices )
  I've tried different authentication rules
  In VPN log is Server admin everything goes well until:
  pppd[87435]: fatal signal 6
  vpnd[104]: --> Client with address 192.168.0.24 has hungup
  after this it goes further with some successes.
  I hope someone here knows the solution!
  Thanks in advance,
  Remy
  Mac mini server, 10.8.5
  server admin 2
  ( client ) windows 7 & 8
  ps. sorry for my bad grammer, i'm dutch..

  You could have a look at the following and see if it helps.
  http://support.apple.com/kb/HT5078

• Is it possible to connect my home computer to files stored on my running osx server mac via VPN

  Is it possible to connect my home computer to files stored on my running osx server mac via VPN. I have VPN set up and can access the Calendar and Contacts via a web browser, however I want to be able to access data files store on the hard drive and shared external drives connected to it. The MacPro runs OSX Server Lion. Any Ideas if this is even possible or how to do it!

  Yeah, that's what I kinda figured. Maybe there is another solution - here is my situation:
  I have internet and cable service through Telus. Telus' system consists of a modem/set-top-box that provides internet (ethernet and wifi) and TV signal (corded) for one TV and another set top box that provides internet (ethernet only) and TV signal (corded) for my other TV in the basement.
  I have an Airport Extreme connected to the modem upstairs which I am using as my home network wifi. I also have an external hard drive (USB) connected to it on which my iTunes library is shared with all Apple machines in my home network.
  My upstairs ATV, connected to my APE, works fine and streams internet (Netflix), iTunes Store and my shared iTunes drive just fine - the APE is 3 feet away with a great signal.
  My downstairs ATV, also connected to my APE via wifi, does not stream so well, particularly the media from the shared drive. I suspect that this is the case because of signal degredation.
  Any suggestions on how to reconstruct my home network to enable my downstairs ATV to work properly?

• Mac OSX Server VPN Not Working

  Heres how my setup is: I have an ATT DHCP Server/Router That assigns my public ip.
  I have an Apple AirPort Extreme in Bridge Mode Which hosts the main wifi connection.
  I have my Mac OSX Server connected to the AirPort Extreme
  On my ATT Router DHCP Server's Firewall I have my computer set to DMZ Plus mode which forwards all ports on the network to my mac.
  I am trying to connect to the vpn network via my MacBook Pro and iPhone5 and I cannot. However I can connect to the online wiki page on my server by going to server.djswirkmke.com if you would like to see it. My host name is server.local on the network but on the internet it is server.djswirkmke.com I also have a mail domain setup as mail.djswirkmke.com. My problem is I am not able to connect to the vpn on the client computers can you please help?

  In a moment of random frustration, I tried listing the DNS server in VPN settings three times, and it somehow fixed the problem. Even though it is the same IP all three times, it works when it is listed three times but not when it is listed just once.
  In other words, in VPN > Settings > Client Information > DNS Servers, I have:
  192.168.100.64
  192.168.100.64
  192.168.100.64
  Hope this helps someone having the same problem.

• How can we get the prompt to enter IP Address, Subnet Mask , gateway and DNS Server during Task Sequence?

  How can we get the prompt to enter IP Address, Subnet Mask , gateway and DNS Server during Task Sequence?

  This is for 2007 but may still be relevant for 2012
  http://hexdump.net/?p=391
  Cheers
  Paul | sccmentor.wordpress.com

• LRT224 OpenVPN Server Security Subnet Mask restriction

  I would like to use a Security Subnet Mask of 255.255.252.0 with OpenVPN Server, but the LRT224 limits my choices to the masks shown in the snippet below. I don't understand this restriction. If Class B, 255.255.0.0, is allowed, why not allow sub Class B like 255.255.252.0, 255.255.248.0, etc? I know I could switch to 10.x.0.0/255.255.0.0, but I don't want to re-address my existing network. 

  This is a good thought. Now, this got me wondering as well. I would like to believe this is as designed. Maybe some sort of  product limitation.

• OSX Server 10.4 + VPN Tracker

  I am having problems setting up a vpn connection. I have VPN Tracker but the machine I want to get to on my LAN (behind the router - which is another set of problems!) is running OSX Server. Do I ignore the vpn settings since they are references to IPSec/L2TP, or do I have to switch off the server firewall? I find this very unclear. Also, is there an aternative to using Tracker? Can't I simply use the built-in vpn capability of OSX?

  I am having problems setting up a vpn connection.
  VPN is a screaming bag of cats. What one vendor calls VPN
  may not be what another vendor calls it.
  I have VPN Tracker but the machine I want to get to on
  my LAN (behind the router - which is another set of
  problems!) is running OSX Server.
  If you are trying to connect from a Mac to OS X server,
  VPN Tracker is not needed to establish a VPN tunnel. The
  existing software that comes with the system can be used.
  In the Finder's Help menu ("Mac Help"), open the Help Viewer
  and search for VPN. Look at the entry entitled "Setting up
  a connection to a Virtual Private Network".
  The main reason to use VPN Tracker is if you have a
  perimeter hardware firewall / VPN appliance. For example,
  our users connect to our SonicWALL using VPN Tracker, and it
  works great. We terminate the tunnel on the LAN side of the
  SonicWALL so that the remote client computers sit through
  the tunnel on the LAN The advantage that Equinux brings is
  that they keep it up to date as Apple and SonicWALL (and
  other VPN firewall vendors) make changes, and they provide
  good setup guides. For the interoperability list, see
  http://equinux.com/us/products/vpntracker/interoperability.html
  Do I ignore the vpn settings since they are references
  to IPSec/L2TP, or do I have to switch off the server
  firewall?
  Well, you will have to open up appropriate ports depending
  on the flavor of VPN you choose. Again, it's a screaming
  bag of cats. Of course, you will have to configure VPN
  on the Xserve.
  I find this very unclear.
  Yep. It's a screaming bag of cats.
  Also, is there an aternative to using Tracker? Can't I
  simply use the built-in vpn capability of OSX?
  To connect to an Xserve, yes. See the Help viewer article
  above. You don't mention the router you are using or whether
  it is using NAT. You may have NAT traversal issues.
  Hope this helps,
  Russ
  Xserve G5 2.0 GHz 2 GB RAM   Mac OS X (10.4.8)   Apple Hardware RAID, ATTO UL4D, Exabyte VXA-2 1x10 1u

• OSX Server VPN L2TP secure?

  i am using osx server v2.21  (169) and using the L2TP with shared key VPN  to connect my iphone to my home server, and browse through my home internet connection...
  i have read numerous articles on the internet, and some here on the apple support communities that say L2TP VPN on OSX Server is not secure....
  is that really the case?
  thanks

  There is no perfect security.  Ever.   A sufficiently determined attacker can and will succeed against anything you can do, given that sooner or later somebody involved will make an opsec mistake somewhere.  Or the existing attacks against MD5, RC4 and SSL/TLS security — attacks including BEAST, CRIME Lucky 13, etc — will continue to be "weaponized".
  Firewalls and VPNs only get you so far, and it's common for attackers to use a variety of attacks to try to breach those; to bypass the network security.  So-called "spearphishing" tries to get somebody on the network to breach security for the attacker.  The best VPN and the best firewall are worth nothing if you have Java lit in your web browser and the Java JVM sandbox gets breached (again), or if you receive and open a document that contains malware, for instance. 
  Facebook and other entities were recently breached using what was known as a watering hole attack, and that was only spotted based on detecting "odd" out-bound network traffic.  The attack got around the firewalls and the VPNs and the rest of the security, and was active on the organizations' internal networks.
  If you're securing nuclear secrets or large sums of money or exceedingly embarassing or sensitive data, then you definitely and certainly do need to focus on this stuff, and you're going to be spending time and effort and money on making your organization harder (emphasis on harder) to attack.  But attacks will continue.
  If you're dealing with a home network or a typical a small business network, then you just don't want to be the lowest of the low-hanging fruit around, and you want to avoid opsec mistakes such as open ports or weak passwords, and you don't want to give the good folks of the Internet reasons to attack you.   You want to be not worth attacking, or not as "fun" and not as valuable to attack. 
  Even if your security is not attacked, a DDoS can still ruin your day.
  As I've mentioned elsewhere, I much prefer using a VPN server in a gateway-firewall-router device — as VPNs and NAT don't mix very well — and I do use private certificate authority chains.    But in terms of attacks?  Keep your software and your security current, review your logs and your rules, DMZ any services you provide to "outside", maintain and verify backups — those backups can be your recovery path from a breach — and start looking at "odd" or "unexpected" outbound traffic, too.  VPNs are just part of avoiding the mess of a cleanup.

• VPN on OSX server

  I want to configure VPN on OSX server so I can access my server remotely. I understand I have to open up the VPN ports on my router. I have contacted BT about this (it is a BT router) and they need to know the port numbers used by VPN to unlock them. Can

  To run a public VPN server, you need to do the following:
  1. Give the gateway either a static external address or a dynamic DNS name. In the latter case, you must run a background process to keep the DNS record up to date when your IP address changes.
  2. Give the VPN server a static address on the local network.
  3. Forward external UDP ports 500, 1701, and 4500 (for L2TP) and TCP port 1723 (for PPTP) to the corresponding ports on the VPN server.
  4. Configure any firewall in use to pass this traffic.

• How can I connect a pptp client TO my mac osx server vpn?

  On my client it requires the following information:
  IP address of server: done
  Remote subnet: __________
  Remote subnet mask:__________
  MPPE encryption:___________
  MTU:______
  MRU:______
  NAT:______
  User: done
  Pass: done
  I've looked up but I can only find I for for the mac as the client, in my case a dd wrt router is the client.
  What belongs in the empty fields, or where can I find that info.

  What kind of DVD?
  Unlikely that the file size would be suitable for email. How long is the DVD?