Q about vpn (mullvad) and openresolv

I am behind a NAT 192.168.0.0/24. The router doing NAT is also forwarding DNS requests to my ISP, thus the clients on the local network has 192.168.0.1 as its DNS server. I have set up mullvad VPN om my arch laptop per instructions in https://wiki.archlinux.org/index.php/Mullvad
There is only one thing bothering me. When I run the script to start the vpn service, update-resolv-conf is called and updates /etc/resolv.conf. However, the DNS server the VPN provider provides is only added to resolv.conf.
# generated by resolvconf
nameserver 10.X.X.1
nameserver 192.168.0.1 <---- why is this still here?!
I would like resolvconf to replace the nameserver instead (to prevent DNS leaks). I have tried to understand the relevant scripts and played around with openresolv options, without luck. Would be greatful for pointers in the right direction.
EDIT: i realise this is quick-fixable with an edit to /etc/openvpn/update-resolv-conf, for example the following in the end of the case up) part
sed -i '/192\.168/d' /etc/resolv.conf
but there should be a cleaner way of doing this
Last edited by raptorjesus (2015-06-02 16:31:02)

Hi,
Cant really comment regardning the 4G
For L2L VPN between the different branches the basic requirement would be to have a static public IP address that you can configure on a device doing the L2L VPN in each branch office.
If the public IP address of the VPN device is Dynamic, it will require a bit more planning and configuring depending if you are going to use routers or firewalls.
Are you planning on using Cisco ASA/PIX firewalls perhaps on the branches or do they already have some devices you were planning on using?
Using one central Cisco ASA firewall and perhaps ASA5505 at the remote side would give you a chance to rather easily connect all the 3 sites (through the central ASA) without needing Static Public IP addresses at the smaller branches.
- Jouni

Similar Messages

Strange issue with 3.6.3 VPN Client and IOS firewall

I'm able to establish a VPN connection from the VPN Client to the e0/0 interface of the IOS FW/VPN router and pass encrypted traffic.
Whenever I initiate a connection to something on the "Internet" from the LAN (e0/1) of the router, a temporary ACL entry is added to ACL 103 as it should be and I'm able to get out on the Internet from the internal LAN; however, I immediately lose my VPN connection from my PC Client when IOS FW adds those temporary "return entries".
Router is running 12.2(13)T.
Anyone else having issues like that? I've looked everywhere on cisco.com and elsewhere but I don't see anyone having a similar issue.
You Cisco gurus have any thoughts?
Thanks,
Jamey
Config below:
jamey#wr t
Building configuration...
Current configuration : 3947 bytes
! Last configuration change at 16:27:03 GMT Wed Jan 22 2003 by jdepp
! NVRAM config last updated at 00:14:38 GMT Wed Jan 22 2003 by jdepp
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname "jamey"
no logging buffered
no logging console
username XXXX password 7 XXXXX
clock timezone GMT 0
aaa new-model
aaa authentication login tac local
aaa session-id common
ip subnet-zero
no ip domain lookup
ip inspect name myfw ftp
ip inspect name myfw realaudio
ip inspect name myfw smtp
ip inspect name myfw streamworks
ip inspect name myfw vdolive
ip inspect name myfw tftp
ip inspect name myfw rcmd
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name firewall http java-list 3
ip audit notify log
ip audit po max-events 100
crypto isakmp policy 3
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp nat keepalive 20
crypto isakmp client configuration group XXXX
key XXXXXXX
dns x.x.x.x
domain xxx.com
pool ipsec-pool
acl 191
crypto ipsec security-association lifetime kilobytes 536870911
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set foxset esp-3des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set foxset
crypto map clientmap client authentication list tac
crypto map clientmap isakmp authorization list XXXXX
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface Loopback10
description just for test purposes
ip address 172.16.45.1 255.255.255.0
interface Ethernet0/0
description "Internet"
ip address x.x.x.x 255.255.255.224
ip access-group 103 in
ip inspect myfw out
no ip route-cache
no ip mroute-cache
half-duplex
crypto map clientmap
interface Ethernet0/1
description "LAN"
ip address 192.168.45.89 255.255.255.0
no ip route-cache
no ip mroute-cache
half-duplex
ip local pool ipsec-pool 192.168.100.1 192.168.100.254
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no logging trap
access-list 3 permit any
access-list 103 permit ip 192.168.100.0 0.0.0.255 any log
access-list 103 permit icmp any any log
access-list 103 permit udp any eq isakmp any log
access-list 103 permit esp any any log
access-list 103 permit ahp any any log
access-list 103 permit udp any any eq non500-isakmp log
access-list 103 permit tcp any any eq 1723 log
access-list 103 permit udp any any eq 1723 log
access-list 103 deny tcp any any log
access-list 103 deny udp any any log
access-list 191 permit ip 192.168.45.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 191 permit ip 172.16.45.0 0.0.0.255 192.168.100.0 0.0.0.255
radius-server authorization permit missing Service-Type
call rsvp-sync
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
password XXXXXX
line vty 5 15
end
Some debugging info:
At this point, my VPN PC is successfully connected to the e0/0 VPN router and assigned IP of 192.168.100.2. It is running constant pings to 192.168.45.67 and 172.16.45.1 (172.16.45.1 is a loopback on the router for testing), 192.168.45.67 is a host on the internal network.
.Jan 22 01:27:38.284: ICMP type=8, code=0
.Jan 22 01:27:38.288: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
et0/0), g=192.168.100.2, len 60, forward
.Jan 22 01:27:38.288: ICMP type=0, code=0
.Jan 22 01:27:38.637: IP: s=192.168.45.145 (Ethernet0/0), d=255.255.255.255, len
40, access denied
.Jan 22 01:27:38.637: UDP src=2301, dst=2301
.Jan 22 01:27:38.641: IP: s=192.168.45.145 (Ethernet0/1), d=255.255.255.255, len
40, rcvd 2
.Jan 22 01:27:38.641: UDP src=2301, dst=2301
.Jan 22 01:27:38.761: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:38.765: IP: s=192.168.100.2 (Ethernet0/0), d=172.16.45.1, len 60,
rcvd 4
.Jan 22 01:27:38.765: ICMP type=8, code=0
.Jan 22 01:27:38.765: IP: s=172.16.45.1 (local), d=192.168.100.2 (Ethernet0/0),
len 60, sending
.Jan 22 01:27:38.765: ICMP type=0, code=0
.Jan 22 01:27:39.282: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:39.286: IP: s=192.168.100.2 (Ethernet0/0), d=192.168.45.67 (Ethern
et0/1), g=192.168.45.67, len 60, forward
.Jan 22 01:27:39.286: ICMP type=8, code=0
.Jan 22 01:27:39.286: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
et0/0), g=192.168.100.2, len 60, forward
.Jan 22 01:27:39.290: ICMP type=0, code=0
.Jan 22 01:27:39.763: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:39.767: IP: s=192.168.100.2 (Ethernet0/0), d=172.16.45.1, len 60,
rcvd 4
.Jan 22 01:27:39.767: ICMP type=8, code=0
.Jan 22 01:27:39.767: IP: s=172.16.45.1 (local), d=192.168.100.2 (Ethernet0/0),
len 60, sending
.Jan 22 01:27:39.767: ICMP type=0, code=0
.Jan 22 01:27:40.283: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:40.287: IP: s=192.168.100.2 (Ethernet0/0), d=192.168.45.67 (Ethern
et0/1), g=192.168.45.67, len 60, forward
.Jan 22 01:27:40.287: ICMP type=8, code=0
.Jan 22 01:27:40.287: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
et0/0), g=192.168.100.2, len 60, forward
.Jan 22 01:27:40.291: ICMP type=0, code=0
.Jan 22 01:27:40.596 GMT: %SEC-6-IPACCESSLOGNP: list 103 permitted 50 216.16.193
.52 -> <VPN ROUTER E0/0 INTERFACE>, 222 packets
.Jan 22 01:27:40.596 GMT: %SEC-6-IPACCESSLOGP: list 103 permitted udp 216.16.193
.52(500) -> <VPN ROUTER E0/0 INTERFACE>(500), 16 packets
here is where I initiate a telnet connection to a host 2.2.2.2 (a dummy host on the "Internet")
from a host on the internal side (LAN) (192.168.45.1)
.Jan 22 01:27:40.600: IP: s=192.168.45.1 (Ethernet0/1), d=2.2.2.2 (Ethernet0/0),
g=2.2.2.2, len 44, forward
.Jan 22 01:27:40.600: TCP src=38471, dst=23, seq=953962328, ack=0, win=4128
SYN
.Jan 22 01:27:40.764: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
here is where by VPN connection breaks
.Jan 22 01:27:40.768: IPSEC(epa_des_crypt): decrypted packet failed SA identity
check
.Jan 22 01:27:41.285: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:41.285: IPSEC(epa_des_crypt): decrypted packet failed SA identity
check
.Jan 22 01:27:45.773: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:45.777: IPSEC(epa_des_crypt): decrypted packet failed SA identity
check
.Jan 22 01:27:46.774: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
et0/0), len 112, rcvd 3, proto=50
.Jan 22 01:27:46.774: IPSEC(epa_des_crypt): decrypted packet failed SA identity
check

Ok..I found the bug ID for this:
CSCdz46552
the workaround says to configure an ACL on the dynamic ACL.
I don't understand what that means.
I found this link:
http://www.cisco.com/en/US/products/sw/secursw/ps2138/products_maintenance_guide_chapter09186a008007da4d.html#96393
and they talk about it, but I'm having a hard time decoding what this means:
"To specify an extended access list for a crypto map entry, enter the match address crypto map configuration command. This access list determines which traffic should be protected by IPSec and which traffic should not be protected by IPSec. If this is configured, the data flow identity proposed by the IPSec peer must fall within a permit statement for this crypto access list. If this is not configured, the router will accept any data flow identity proposed by the IPSec peer. However, if this is configured but the specified access list does not exist or is empty, the router will drop all packets."

ASA 5505 site-to-site VPN tunnel and client VPN sessions

Hello all
I have several years of general networking experience, but I have not yet had to set up an ASA from the ground up, so please bear with me.
I have a client who needs to establish a VPN tunnel from his satellite office (Site A) to his corporate office (Site Z). His satellite office will have a single PC sitting behind the ASA. In addition, he needs to be able to VPN from his home (Site H) to Site A to access his PC.
The first question I have is about the ASA 5505 and the various licensing options. I want to ensure that an ASA5505-BUN-K9 will be able to establish the site-to-site tunnel as well as allow him to use either the IPsec or SSL VPN client to connect from Site H to Site A. Would someone please confirm or deny that for me?
Secondly, I would like to verify that no special routing or configuration would need to take place in order to allow traffic not destined for Site Z (i.e., general web browsing or other traffic to any resource that is not part of the Site Z network) to go out his outside interface without specifically traversing the VPN tunnel (split tunneling?)
Finally, if the client were to establish a VPN session from Site H to Site A, would that allow for him to connect directly into resources at Site Z without any special firewall security rules? Since the VPN session would come in on the outside interface, and the tunnel back to Site Z goes out on the same interface, would this constitute a split horizon scenario that would call for a more complex config, or will the ASA handle that automatically without issue?
I don't yet have the equipment in-hand, so I can't provide any sample configs for you to look over, but I will certainly do so once I've got it.
Thanks in advance for any assistance provided!

First question:
Yes, 5505 will be able to establish site-to-site tunnel, and he can use IPSec vpn client, and SSL VPN (it comes with 2 default SSL VPN license).
Second question:
Yes, you are right. No special routing is required. All you need to configure is site-to-site VPN between Site A and Site Z LAN, and the internet traffic will be routed via Site A internet. Assuming you have all the NAT statement configured for that.
Last question:
This needs to be configured, it wouldn't automatically allow access to Site Z when he VPNs in to Site A.
Here is what needs to be configured:
1) Split tunnel ACL for VPN Client should include both Site Z and Site A LAN subnets.
2) On site A configures: same-security-traffic permit intra-interface
3) Crypto ACL for the site-to-site tunnel between Site Z and Site A needs to include the VPN Client pool subnet as follows:
On Site Z:
access-list permit ip
On Site A:
access-list permit ip
4) NAT exemption on site Z needs to include vpn client pool subnet as well.
Hope that helps.
Message was edited by: Jennifer Halim

Question about VPN on RV082

Question about VPN on RV082
i connect like diagram
when i use shrewsoft for vpn ipsec i can not connect across rv082 to next hop on wan 1
but when i use PPTP on windows 7 for vpn PPTP i can connect across rv082 but high latency on this connection
please advice me for this issue
many thank i hope someone help me on this

ChicagoGuy72 wrote:
Hello,
I am working with vpn setups for the first time, so I have some questions I would really appriciate some help with. I would like to be able to connect to a computer on a home network through a linksys E2500 router. I have found alot of documentation on connecting to an external vpn from a computer on the lan side of the router, but nothing on connecting from the outside in. The router does have a static ip address with my internet provider, so I can contact the router from the outside. But makeing the connection to the computer on the other side of the router is where I am missing something or I dont realize that it is not possible. On the lan side I am using DHCP to assign the address to the computer I want to connect to. Perhaps I need to make it have a static address also? I realize that when I configure the connection from the outside that I need to direct the connection to the remote computer in some way, unless vpn connections are fully passed through the router and the connection issue I am haveing is with the "inside" computer.
Other info:
I am using windows 7 for the vpn access
Thank you in advance for your help.
Kindly check these links:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008009436a...

How do I configure a VPN Site and Subnets in Lync when clients have /32 Addresses?

Hello,
I've found a few people asking this question out in the "interwebs" but no one seems to quite answer their question (Those poor souls).
In most occasions that I've seen, my customers have configured their VPN networks with a /24 (255.255.255.0) ip address. However, when those clients connect to the VPN they are actually getting a /32 (255.255.255.255) address.
This seems to pose an issue for Lync reporting when it comes to configuring a VPN site and VPN subnets.
(NOTE:You might ask why these customers are not going about best practice and using split-tunneling? In this case, they absolutely CANNOT institute split-tunneling so all traffic MUST flow through the VPN tunnel.)
For example sake, here is how I would imagine to setup a VPN site with subnets in Lync Network Configuration:
VPN (Site)
    -172.16.33.0 /24 (Subnet)
    -172.16.34.0 /24 (Subnet)
    -172.16.35.0 /24 (Subnet)
The problem is that when I run a Location Report in Lync to look at call data to/from the VPN site, it's not there. Reason being, the VPN client was given a /32 address which doesn't match up to the /24 I configured in Lync.
So, in my mind my options are:
Create a /32 subnet for each single address corresponding to a VPN client and attach them to the VPN site (What a mess).
Change the subnet mask for the 3 subnets I've defined to /32 instead of /24 and see what happens even though putting an IP address of 172.16.33.0 /32 doesn't make much sense.
Remove the subnets and site from Lync because CAC and Bandwidth control are actually useless over VPN.
Any thoughts on this?
John K. Boslooper | Lync Technical Specialist | Project Leadership Associates
Phone: 312.448.2269 | www.projectleadership.net

Jin,
/32 addresses are a valid subnet mask, however that means that a host with a IP Address of 192.168.23.4 and a subnet mask of 255.255.255.255 (/32) is the ONLY host on that subnet.
The VPN configuration is correct. The /32 mask is common with a Juniper VPN (which is what they are using) and the DHCP server that is handing out the addresses is the Juniper VPN appliance.
They have already started working out a plan to use a different internal DHCP relay which should hand out the addresses correctly.
There has to be someone else out there with this issue or that can point out that i'm overlooking one key principal with VPN subnets.
Anyone?
John K. Boslooper | Lync Technical Specialist | Project Leadership Associates Phone: 312.448.2269 | www.projectleadership.net

VPN hub and spoke topology, hub using two interfaces

Hi,
I'm facing a problem with Cisco ASA 5500 running software 8.4.
I know, i know, VPN hub and spoke was already discussed many times. But all these discussions are about a hub using only one interface, the outside/public interfcae.
My topology is slightly different.
LAN-A - VPN peer A <--> (Internet) <--> (outside if)-ASA-B-(inside if) <--> (corporate network) <--> (outside if)-ASA-C-(inside if) <--> LAN-C
VPN communication should flow between LAN-A and LAN-C.
Phase I and phase II are working on both tunnels (A-B, B-C). Therefore cryptomaps should be right.
IPsec SA for tunnel A-B is explicit for LAN-A and LAN-C.
IPsec SA for tunnel B-C connects any with LAN-C.
What I can see on ASA-B is incoming traffic from LAN-A on tunnel A-B.
That does not trigger an SA for tunnel B-C!
Traffic initiated from LAN-C, I can see on ASA-B as incoming traffic, SA for LAN-A to LAN-C is build up on tunnel B-C.
Traffic seems to enter tunnel A-B as I can see outgoing traffic on ASA-B.
Of course, NAT exemption is configured for traffic between LAN-A and LAN-C.
Why doesn't incoming traffic from LAN-A initiate SA on tunnel B-C?
It looks like incoming traffic from LAN-A enters ASA-B and is dropped or send anywhere but the right direction.
I admit I'm clueless.
Any help would be appreciated.
Thanks folks.

Analyzing the config files you revealed the inactiv NAT exemption for traffic flow between LAN-A and LAN-C.
Furthermore a static route fro LAN-C out the inside interface was missing.
Fixing both communication works fine.
Thanks for the real good support.

About windows 7 and 2tp/ipsec.

Hi colleagues
I have some issues about lt2p/ipsec and windows 7.
Here is my situation:
aaa authentication login default local
aaa authentication ppp default local
aaa authorization console
aaa authorization exec default local
vpdn enable
vpdn-group VPDN-L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
lcp renegotiation on-mismatch
no l2tp tunnel authenticatio
crypto logging session
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key ****** address 0.0.0.0
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 60
crypto ipsec transform-set L2TP esp-3des esp-md5-hmac
mode transport
crypto ipsec transform-set L2TP_V ah-sha-hmac esp-3des esp-sha-hmac
mode transport
crypto ipsec transform-set L2TP_7 esp-3des esp-sha-hmac
mode transport
crypto dynamic-map DYN-L2TP-MAP 10
set nat demux
crypto dynamic-map L2TP_D 10
set transform-set L2TP L2TP_V
crypto map L2TP 20 ipsec-isakmp dynamic L2TP_D
interface Loopback1
ip address 10.50.60.250 255.255.255.0
interface FastEthernet4
mac-address 0014.d110.f882
ip address *.*.*.* 255.255.255.0
ip access-group 111 out
no ip unreachables
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map L2TP
interface Virtual-Template1
ip unnumbered Loopback1
no ip route-cache
peer default ip address pool test
ppp mtu adaptive
ppp encrypt mppe 128
ppp authentication ms-chap-v2
access-list 111 deny   udp host 195.34.194.90 any eq bootpc
access-list 111 deny   udp host 195.34.194.90 any eq bootps
access-list 111 deny   ip 172.16.0.0 0.0.255.255 any
access-list 111 permit ip any any
#sh ver
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.2(1)T, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Fri 22-Jul-11 00:04 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
* uptime is 50 minutes
System returned to ROM by reload at 11:54:35 UTC Sun Mar 4 2012
System restarted at 11:55:13 UTC Sun Mar 4 2012
System image file is "flash:c880data-universalk9-mz.152-1.T.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
With this configuration, windows XP can connect using built-in vpn client, but windows 2k8 and w7 can't.
First of all i went to google and started searching. I found many people with the same situation, but i have not found a solution.
I'll be very glad for any advice. The deadline is extremely close.
Thanks a lot!
PS
Win 7 fails with error 788.

Dont worry, you're not alone. :P
http://forums.creative.com/creativel...hread.id=34293

Trouble about vpn connecting (PPTP VPN did not respond)

I am new in mac. These days I have searched a lot on line for the solution to this problem but none fixed it. So....
Our lab only have an instruciton for connecting vpn under windows and I succeeded to do this by following this in windwos 7.
There is a host name instead of ip address in the instruciton and I think that should not be the problem.
And in the protocol of TCP/IP property settings, the user was asked to Remove the tick before “Use default gateway on remote network”. Besides, in the instruction, it sets to obtain the IP address and DNS address automatically, so that I do not have such inforamtion about the server of our lab.
In my new macbook pro (Mac ox lion 10.7.3), I did the following things:
1. in system properties->network, Select the + button at the bottom left of the screen to add a new connection.
2. Select the following:
a. Interface: VPN
b. VPN Type: PPTP
c. Service Name: SAS VPN
d. Select Create.
3. Configuration: default
    server address: host name “xxx.xx.xxxx.xx”
    account name: (I am sure there is no error in this)
   encryptiong: none
4. click Authorization settings to input the password.
5. Click the Advanced button. and Select Options. Verify Send all traffic over VPN connection is checked. (and is not checked ) (I tried both, none of them worked). About the other seetings.
6. On the TCP/IP tab, set "Configure IPv4" to "Using PPP." So I can not input the DNS server information.
7. click apply and then try to connect.
However, it returned me an error said " PPTP-VPN server did not respond. Try to reconnect. If that continues....."
I think there are lots of experts in mac os x. Can anyone here help me with this? Thanks a lot in advance!

>> encryptiong: none
I found out, that you NEED the encryption in Lion Server VPN.
I understand, that you use Lion Server as you mention the problem here in the Lion Server section.
I do the following: Install the "Admin Tool VPN" from App-Store for some Euros. Than I found section PPTP and there is a check for
a) Active
b) Compression and Encryption
I take the check for b) out and restart (Off / On), took my XP-Notebook and connected via PPTP and all working!
Since Lion Apple hide a lot of things from the official tools and if you have some special tools, you can activate function. There is
Level 1, the userlevel: Something like Dashboard in the new MS-Servers or the Server App in the new Lion Server
Level 2, the administrator level: The difference between Server App and Server Admin! The Server Tools you need download separatly as you know after a while, something is missing. Same with the new Airport Utility: Userlevel tool = AU 6.0 with grafical fun and some basics, AU 5.6 is the tool for the admin what you separtly need download.
Level 3, the special deeper view: Typically it is the command line interface, CLI, but if you need some GUI (grafical user interface), you buy an App like Admin VPN Tool and this tool (App for some Euros) in real does nothing else than comfortably set some inside switches and flags that the offical GUI admin tools not have realized.
Why?
Oh, I think it's because security issues. You want the Mac Server become like a Microsoft Server? So, you shouldn't use not encrypted connections and that's (in my understanding) the reason why the Lion Server EXPECTS YOU to use encryption and the official tools not give you the oportunity to switch the encryption off!

Qs About SQL Server and RoboSource Control

Hi. I have two questions:
(1) Will the SQL Server Compact edition work as the db used
for RoboSource Control? I know that it has a limit of 4 GB.
(2) Do I have to install a copy of RoboHelp (and, thus, of
the RoboSource Server Configuration Utility) onto the network
server where my SQL database is located, or can I configure the SQL
database remotely from one of the client machines?
Thanks!

Hi. Yes, you are correct that the "RSC Server" is really just
a SQL db that you have modified using the RSC Database
Configuration tool.
We are working on a client project from several
locations--some people are at the client site sometimes, some
people are at home sometimes, and some people are at our company
site sometimes. The client software that we are documenting
requires us to be connected to the client VPN if we are not at the
client site. However, we would like to store the RH files on our
company server, which can be VPN'd into from either our client site
or from home.
Apparently the VPNs will pass the IP/HTTP protocols that
SQL/RSC uses. What we'd have to do is log into the company VPN (if
necessary) at the beg of the day, use the "offline" feature of RSC
to check out the documents, and then log off the company VPN and
onto the client VPN to access the software we are documenting. Then
reverse the process at the end of the day or whenever.
However, our company doesn't want to install SQL on our
storage machine which is just a file server. And we don't want to
store it on the client site, either. (We're just documentation and
training, after all, not real software developers.)
One alternative to using RSC is to use merged projects, since
each tech writer will only be working on one section of the
documentation at a time. However, I'm concerned about context
sensitivity and merged projects. I found a good discussion where
one of the Peters (the two gurus on here who are named Peter) gave
an extensive description of how to do CS with merged projects.
However, someone reported that they couldn't get it to work using
RH7.
As a relatively novice (though technically inclined) user, I
would like to avoid the issues with merged projects and CS.
Therefore, I think what I'm going to do is store the RSC server on
my local machine and check out the documents for tech writers
myself, then check them back in when the writer is done.
I'm testing today and I will report back on my results.
Thanks for your responsiveness and let me know if you have
any opinions on this!
HKB

Internet sessions, VPN session, and connections dropping frequently

I'm in an apartment. This problem started about a week ago. All of my browser sessions, vpn session, and connections such as AIM or netflix drop frequently. I often have to click links twice to get a page to load. I have to reload videos a lot to get them to continue to stream. I am constantly signing in and out of AOL IM.
I believe the problem has to do with several MoCs (coax connections) listed on my router page, and these MoCs have names of other people on them. Until I noticed them a week ago, I had only seen one MoC belonging to me listed on the router connection page.
Thus, I think that something got crossed up of misconfigured in the ONT for my apartment complex. The gateway light on my router stays green as all of these problems happen.
Pinging google.com, I get
--- google.com ping statistics ---76 packets transmitted, 55 packets received, 27.6% packet lossround-trip min/avg/max/stddev = 31.282/39.339/48.217/3.548 ms
Anyone seen this before and know how to get verizon to fix this?
I have had nothing but problems with FIOS since getting it, and I have wasted a lot of time with their "customer support."

I am sorry to hear about your connection problems. I have sent you a private message so we can get your information and look more deep into your connection.
Anthony_VZ
**If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan

I established a VPN configuration and connected but cannot connect to server?

I work from an imac at home and need to connect to my work server and files. I established the VPN configuration and connected to the building but cannot access the server. What am I doing wrong or what else do I need to do.

Once your VPN is connected, you still need to log in to the server(s) you are using. This does not necessarily happen automatically - you may have to manually log in to your server(s).   To do this, in the Finder menu do Go > Connect to Server and enter the server address. If these are windows servers it's probably an SMB connection in which case you would enter smb://<serveraddress> in the server address field.
Best bet is to talk with the IT folks where you work, as you may need specific information about how to log in to your server(s). There are ways to automate the login but you first need the correct login details (server address, userID, password).
If you want to automate the login process, here's a simple Applescript that I wrote in my own case. Create this using Applescript Editor. After testing, save it as an Application; then in System Preferences you can add it to your list of Login Items so it runs automatically whenever you sign in to your Mac. Of course, your VPN will have to already be connected in order for this to actually work.
delay 30
tell application "Finder"
    mount volume "smb://servername1/mountpoint_A"
    mount volume "smb://servername2/mountpoint_B"
end tell
(Note: "servernameX/mountpoint_Y" is the address of each of the 2 servers I log into, except that in this example they are completely fictitious names.)

Learning about VPN's

I'm interested in setting up a VPN. Unfortunately my time spent researching it has generated more questions than answers. It is my understanding that Virtual Private Networking is a client/server technology. So my first thought was that I would need a server, a Mac Mini Server perhaps. Depending where I read it sounds like it isn't necessary to have a server. An always-on iMac desktop for example can host the server software and everything can operate through it. I can't make sence of this but is it true? Do I or do I not need my own server? Clarification please.

Okay I had to look up what you are referring to as a VPN software provider. They are providing a totally different function from what you are talking about. They allow users to access web sites securely and anonymously from locations that may have those web sites blocked for various reasons - like say you wanted to access an Israeli web site from Iran. I don't think this is what you want to do.
All the software you need for VPN to access a local area network privately and securely is contained in Mac OS X Server (for the VPN server) and Mac OS X (for the client machine.) The tricky part is setting up the LAN's router to allow the connection to pass through. Some do this very easily, some require a very detailed setup.
You may want to ask how to set up the server in the Mac OS X Server forum when you get around to it.
Best of luck.

EA6500 - VPN interface and VLan configuration feature?

Does EA6500 has any kind of built-in VPN interface and also built-in VLan configuration feature??

This particular router has VPN passthrough and you may open ports when needed for VPN to work behind it. As for VLAN configuration, this router is not designed for that. Everything that you would like to know about the router just click here

RRAS VPN performance and Internet access which connecting to RRAS VPN

For the first time, I setup win2008R2 RRAS VPN(L2TP and SSTP ) in Azure VM for my client.
I am running Package Application which include SQL2008 in that VM.
I plan that remote user connect from client application using RRAS VPN to Application server in Azure VM.
But I am worrying about the performance bottle net due to network speed reason.
I am not yet make sure network environment of my client ( my client is living in USA ).
1
But if we decide to use RRAS VPN for that application , which kind of VPN(PPTP,L2TP,SSTP,IKE) will be better in network speed?
2
I noticed that which connecting to RRAS VPN, I could not connect to the Internet from remote client PC.
Is there any way to enable RRAS VPN access and Internet access at same time ?

Hi,
1. PPTP is the easiest protocol to use for setting up VPN. And it have minimal security.
L2TP/IPSec, SSTP and IKEv2 was more security than PPTP.
IKEv2 can provide a secured uninterrupted ubiquitous VPN connectivity.
Here are good article about comparing four types of VPN,
Different VPN tunnel types in Windows - which one to use?
http://blogs.technet.com/b/rrasblog/archive/2009/01/30/different-vpn-tunnel-types-in-windows-which-one-to-use.aspx
2. Two common scenarios cause the problem that connected client can’t browse the Internet. First, the VPN server might not let remote clients access the Internet when they have a connection. In this case, when we close the VPN connection,
the client can browse the Internet because the default gateway reverts to the gateway that ISP defines. Second, Windows might overwrite the ISP gateway with the VPN server-defined gateway when the client connects, so the client has no path to the Internet.
We may need to uncheck the use default gateway on remote network to solve this problem.
Best Regards,
Tina

VPN Services and Airport Time Capsule

I just got a 3TB AirPort Time Capsule that I am trying to get hooked up with a VPN provider. I live in Germany, so by default, my internet is German. I want to use a service like Private Internet Access, Strong VPN, etc. so all of my internet traffic is rerouted as though it is coming from the US. I currently have Unblock-us which uses Smart DNS. This works well for things like Netflix and Hulu, but doesn't do anything for even google.
Is there a good service that will do what I want and can I set it up on my TC so all of my devices (MBP, Mac Mini, 2 Apple TVs, 2 iPhones, and 2 iPads) are covered? I'm pretty computer savvy, but VPNs are new to me.

I have a Mac Mini that I keep on always and is connected to the TC via ethernet cable. We use it primarily to store pictures, movies, and music, and to stream videos to Apple TV. Is there a way to use that computer in place of the second router and still have it be a functioning part of my home network?
The answer is Yes.. but it is complicated.
You need to understand once you open a vpn tunnel to another location your client is then part of another network. Setting up vpn access and still requiring local access at the same time, means you will need to use secondary IP settings on the ethernet or use a secondary network connection, eg the wireless.
It means you cannot run dhcp .. it will need to be setup with fixed IP and it will then depend on all kinds of stuff how it works. I have done it.. it worked.. but it wasn't as stable as I would have liked. If what you want is to put the computer on the vpn and then route packets back to your standard network.. I think you will be in trouble. Still, as with many of these kinds of setups the only way to progress is to play around.
Have you signed up to a vpn service?
Tell me which one so I can look up their setup info.
Have you setup the vpn tunnel to the service and got it working?
Getting vpn tunnel working on one client is always the first major step to getting them running.. Once you do that, you can see about what is involved in sharing that to the rest of the network.
Once you do that I need to see some info about the IP you get and how to set routing from vpn to the rest of the network.. but I would suggest the Apple TV is going to need to be directly connected to the mini so you can set it as part of the same network subnet.
I need your current full network setup.. what broadband service do you have? What modem router is supplied by your ISP? Is the TC working as the main router?
In your unblockus setup how do you have the dns setup?
Going back to your original post, I need to understand what you are really trying to achieve.
This works well for things like Netflix and Hulu, but doesn't do anything for even google.
Blocking google public DNS is necessary part of getting Netflix to work nowadays and there are methods to do that. Is that what your problem is??
However if you actually want to completely tunnel to the US it is rather different.

Q about vpn (mullvad) and openresolv

Similar Messages

Maybe you are looking for