Snow Leopard Server VPN and other Servers

I am thinking of deploying Snow Leopard Server at work using the Mac MiniServer option. We have a few Macs that we would like to manage their settings with. We also have Active Directory. I plan to use Open Directory with the Mac then use kerbos for logins.
My question is if I use the Snow Leopard Server VPN with the Macs, will the users be able to access other resources on the LAN like Active Directory Shares, Exchange, and internal Intranets? Or only the Snow Leopard Server?
Thanks,
WillGonz

It sounds like you will have 2 different kerberos realms, one in OD and one in AD.
If you want them to use the same realm (the AD one) you need to look at a "golden triangle" setup.
If you want to authenticate the VPN connection using Kerberos I suspect you need to be able to reach the KDC server from Internet before the VPN is up. That would mean it needs to have a public IP and same name as on the LAN(?).
As an alternative a Radius connection for the VPN authentication from the Mac to an AD/Radius server might be possible.

Similar Messages

  • Snow Leopard Server VPN and Android Client

    Hi
    I have a VPN which works absolutely fine with various (Apple) products. However, I have never managerd to get an Android device to connect to the VPN. Would anyone have any clue as to how to work around this?
    FWIW, the VPN is set up to use L2TP over IPSec with a shared secret. The gateway firewall is set up to allow pass through for VPN protocols and the appropriate ports have been mapped to the server. The system works fine for Macbooks of various flavours, iPod, iPad and I believe it's been tested with a Windows box (may have turned on PPTP for that. Can't remember). All this points to a flaw in the Android VPN client - which seems to be something of a known issue but beyond my understanding.
    With the above in mind, anyone got a sensible work around (other than the daft suggestion that someone will inevitably make wrt buying an iPhone)?
    TIA
    Simon

    Fat Freddie, we're thrilled you got it working on your Nexus 7, would you care to share HOW you got it up and working? What were the server settings.  I'm trying to get it setup on a Nexus 4 running 4.2.1, and it is getting the same LCP timeout in the logs that the poster "l4r5"  was reporting.
    Did you get this and solve it?
    Here are my config settings:
    vpn:vpnHost = ""
    vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
    vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
    vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
    vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains:_array_index:0 = "home"
    vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.1.1"
    vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:1 = "<redacted>"
    vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses:_array_index:2 = "192.168.1.11"
    vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
    vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
    vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
    vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
    vpn:Servers:com.apple.ppp.pptp:enabled = yes
    vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
    vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
    vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
    vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
    vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
    vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
    vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
    vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
    vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
    vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
    vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
    vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
    vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
    vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
    vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
    vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
    vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
    vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
    vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
    vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
    vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.1.240"
    vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.1.254"
    vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
    vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
    vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
    vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
    vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
    vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
    vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
    vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
    vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains:_array_index:0 = "home"
    vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:0 = "192.168.1.1"
    vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:1 = "<redacted>"
    vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses:_array_index:2 = "192.168.1.11"
    vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
    vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
    vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
    vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
    vpn:Servers:com.apple.ppp.l2tp:enabled = yes
    vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
    vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
    vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
    vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
    vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
    vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
    vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
    vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
    vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
    vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
    vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
    vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
    vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
    vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
    vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
    vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
    vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
    vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
    vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
    vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
    vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
    vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = "&lt;&gt;"
    vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
    vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.1.224"
    vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.1.239"
    vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
    vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
    vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
    vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"
    Can you see any discrepancy?
    Thanks in advance.

  • Are there any problems with Snow Leopard Server (Xserve) and PPC Clients

    Hi,
    are there any problems identified yet with Snow Leopard Server, installed on a Xserve and PPC Clients running Mac OS X Tiger and Leopard?
    Currently I have a Xserve Intel running Leopard Server and about 12 Mac Minis PPC running Mac OS X Tiger and Mac OS X Leopard. The Xserve serves services like DNS, OpenDirectory, Software Update Server, NetBoot, etc. All users have Home Directories stored on the Xserve.
    Now I want to install Snow Leoaprd Server on the Xserve, but I wonder if there are any problems using the PPC Clients? I have read something like this on a german website.
    Thanks!

    We've actually found that the Server 10.6.3 DVD does an amazingly smooth job of upgrading 10.5.8. We've been upgrading our production servers and nothing has gone wrong yet. Snow Leopard employs an archive and install method of upgrading which results in an install which is very close to a clean install. So it's been very convenient for us because our servers are used as Windows PDCs and it's a pain in the *** to have to re-join all PCs to the domain if we start from scratch.

  • Console errors on startup OS X Snow Leopard Server, log files and pkgutil

    I have OS X Snow Leopard Server running and there are a number of annoying console messages at startup and subsequent to that. A group of them appear to be related to write permissions for log file (last group). Not so sure about 1-3 below, if they are just warnings or something to worry about.
    1. 2/14/10 12:56:56 PM com.apple.emailrules1292 /System/Library/Frameworks/Python.framework/Versions/2.6/Extras/lib/python/zope /_init_.py:1: UserWarning: Module twisted was already imported from /usr/share/caldavd/lib/python/twisted/_init_.pyc, but /System/Library/Frameworks/Python.framework/Versions/2.6/Extras/lib/python is being added to sys.path
    2. 2/14/10 12:56:56 PM com.apple.emailrules1292 2010-02-14 12:56:56-0600 [-] /usr/share/caldavd/lib/python/twisted/mail/smtp.py:10: exceptions.DeprecationWarning: the MimeWriter module is deprecated; use the email package instead
    3. 2/14/10 12:57:00 PM com.apple.wikid1294 /usr/share/caldavd/lib/python/calendarserver/tap/caldav.py:49: DeprecationWarning: mktap and related support modules are deprecated as of Twisted 8.0. Use Twisted Application Plugins with the 'twistd' command directly, as described in 'Writing a Twisted Application Plugin for twistd' chapter of the Developer Guide.
    4. Several related to permissions for writing to log files it appears:
    2/14/10 12:57:02 PM com.apple.passwordreset1295 2010-02-14 12:57:02-0600 [-] Failed to load application: Errno 13 Permission denied: '/Library/Logs/passwordreset/debug.log'
    2/14/10 12:56:57 PM com.apple.emailrules1292 Failed to load application: Errno 13 Permission denied: '/Library/Logs/emailrules/debug.log'
    2/14/10 12:57:01 PM com.apple.wikid1294 IOError: Errno 13 Permission denied: '/Library/Logs/wikid/error.log'
    The pkgutil also gives a bunch of errors at startup related to Office 2008 files.
    2010-02-14 13:48:38.361 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Citrix online plug-in.pkg
    2010-02-14 13:48:38.366 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enautomator.pkg
    2010-02-14 13:48:38.368 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_automatorworkflow.pkg
    2010-02-14 13:48:38.369 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enautoupdate.pkg
    2010-02-14 13:48:38.370 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enclipart.pkg
    2010-02-14 13:48:38.371 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008encore.pkg
    2010-02-14 13:48:38.372 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008endock.pkg
    2010-02-14 13:48:38.373 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enentourage.pkg
    2010-02-14 13:48:38.374 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_entourage_helpstd.pkg
    2010-02-14 13:48:38.375 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enequationeditor.pkg
    2010-02-14 13:48:38.376 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enerrorreporting.pkg
    2010-02-14 13:48:38.377 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enexcel.pkg
    2010-02-14 13:48:38.378 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_excel_helpstd.pkg
    2010-02-14 13:48:38.379 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enfonts.pkg
    2010-02-14 13:48:38.380 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008engraph.pkg
    2010-02-14 13:48:38.381 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enhelpviewer.pkg
    2010-02-14 13:48:38.382 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enlaunch.pkg
    2010-02-14 13:48:38.383 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enmessenger.pkg
    2010-02-14 13:48:38.384 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enooxml.pkg
    2010-02-14 13:48:38.385 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enorgchart.pkg
    2010-02-14 13:48:38.386 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enpowerpoint.pkg
    2010-02-14 13:48:38.387 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_powerpoint_helpstd.pkg
    2010-02-14 13:48:38.388 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingbrazilian.pkg
    2010-02-14 13:48:38.389 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingdanish.pkg
    2010-02-14 13:48:38.390 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingdutch.pkg
    2010-02-14 13:48:38.391 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingenglish.pkg
    2010-02-14 13:48:38.392 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingfinnish.pkg
    2010-02-14 13:48:38.393 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingfrench.pkg
    2010-02-14 13:48:38.394 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofinggerman.pkg
    2010-02-14 13:48:38.395 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingitalian.pkg
    2010-02-14 13:48:38.396 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingjapanese.pkg
    2010-02-14 13:48:38.397 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingnorwegian.pkg
    2010-02-14 13:48:38.398 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingportuguese.pkg
    2010-02-14 13:48:38.408 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingspanish.pkg
    2010-02-14 13:48:38.409 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_proofingswedish.pkg
    2010-02-14 13:48:38.410 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enrequired.pkg
    2010-02-14 13:48:38.411 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008ensilverlight.pkg
    2010-02-14 13:48:38.412 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008ensounds.pkg
    2010-02-14 13:48:38.413 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008enword.pkg
    2010-02-14 13:48:38.414 pkgutil3679:903 PackageKit: * Missing bundle identifier: /Library/Receipts/Office2008en_word_helpstd.pkg

    I have similar messages to your 1-3 in my console log as well. Haven't tracked down why yet.

  • Snow Leopard Server - Remote Mail Access

    Greetings,
    I'm looking to see the best way to support remote users of an OS X server for handling mail/calendar synchronization. Some users will be in environments where they could connect directly, while others would be able to use the standard VPN services in OS X server to connect and synchronize. Others, however, would probably be limited to HTTP/HTTPS access to the server.
    I know that the web mail interface would work for this, though Squirrel Mail has never been a favorite of mine, but I'm attempting to support synchronization with their native clients. These would likely be Mail or Outlook, depending on the platform, though possibly Thunderbird would be in play.
    When reviewing options, it seems as if installing an SSL VPN software package may be the best bet, even if that's not an OS X standard software component. These would appear to allow connectivity via HTTPS, and I'm wondering if anybody has had positive experiences on OS X Server with these.
    Another option is different software all together for mail services, such as Zimbra Professional Edition. It has plugins to support directly synchronizing via HTTPS and thats certainly a good benefit, though it brings it's own infrastructure and doesn't use the OS X server internal capabilities.
    Are there other features that I am missing that would provide this type of capability within the standard Snow Leopard Server installation, or other recommended products for supporting this in a heterogeneous environment?
    Thanks!

    Hi
    Multi client full bandwidth VPN done directly on a server tends to be pretty wretched stuff. Dedicated VPN boxes are cheap enough if your firewall router does not already have VPN built into it.
    Bob

  • Snow Leopard Server & Disk Warrior Compatible?

    I just bought a new Mac Mini with the Snow Leopard Server OS, and would like to know if I can use my Version 4.2 Disk Warrior software with it.

    Contact Alsoft. Version 4.3 shipped last week, but I don't do server stuff, so you'll have to ask them.

  • Snow leopard server licenses are still valid if I buy one today at a dealer?

    Hello,
    I want to buy a license for Snow Leopard server from a dealer(new license, never use) but I want to be sure you can always enable it now that other OS are output.
    (I do not want to go under Lion or Mountain Lion)
    (sorry for my english)
    Thank you.

    Welcome to the Apple Support Communities
    Apple still sells Snow Leopard by phone, so you can activate Snow Leopard Server without problems

  • Unable to access gateway and DNS via VPN (L2TP) with Snow Leopard Server

    Summary:
    After rebooting my VPN server, i am able to establish a VPN (L2TP) connection from outside my private network. I am able to connect (ping, SSH, …) the gateway only until the first client disconnects. Then i can perfectly access all the other computers of the private network, but i cannot access the private IP address of the gateway.
    Additionally, during my first VPN connection, my DNS server, which is on the same server, is not working properly with VPN. I can access it with the public IP address of my gateway. I can access it from inside my private network. A port scan indicates me that the port 53 is open, but a dig returns me a timeout.
    Configuration:
    Cluster of 19 Xserve3.1 - Snow Leopard Server 10.6.2
    Private network 192.168.1.0/255.255.255.0 -> domain name: cluster
    -> 1 controller, which act as a gateway for the cluster private network, with the following services activated:
    DHCP, DNS, firewall (allowing all incoming traffic for each groups for test purposes), NAT, VPN, OpenDirectory, web, software update, AFP, NFS and Xgrid controller.
    en0: fixed public IP address -> controller.example.com
    en1: 192.168.1.254 -> controller.cluster
    -> 18 agents with AFP and Xgrid agent activated:
    en1: 192.168.1.x -> nodex.cluster with x between 1 and 18
    VPN (L2TP) server distributes IP addresses between 192.168.1.201 and 192.168.1.210 (-> vpn1.cluster to vpn10.cluster). Client informations contain the private network DNS server informations (192.168.1.254, search domain: cluster).
    _*Detailed problem description:*_
    After rebooting the Xserve, my VPN server works fine except for the DNS. My client receives the correct informations:
    Configure IPv4: Using PPP
    IPv4 address: 192.168.1.201
    Subnet Mask:
    Router: 192.168.1.254
    DNS: 192.168.1.254
    Search domain: cluster
    From my VPN client, i can ping all the Xserve of my cluster (192.168.1.1 to 18 and 192.168.1.254). If i have a look in Server Admin > Settings > Network, i have three interfaces listed: en0, en1 and ppp0 of family IPv4 with address 192.168.1.254 and DNS name controller.cluster.
    The DNS server returns me timeouts when i try to do a dig from my VPN client even if i am able to access it directly from a computer inside or outside my private network.
    After i disconnect, i can see in Server Admin that the IP address of my ppp0 interface has switch to my public IP address.
    Then i can always establish a VPN (L2TP) connection, but the client receives the following informations:
    Configure IPv4: Using PPP
    IPv4 address: 192.168.1.202
    Subnet Mask:
    Router: (Public IP address of my VPN server)
    DNS: 192.168.1.254
    Search domain: cluster
    From my VPN client, i can access all the other computers of my network (192.168.1.1 to 192.168.1.18) but when i ping my gateway (192.168.1.254), it returns me timeouts.
    I have two "lazy" solutions to this problem: 1) Configure VPN and DNS servers on two differents Xserve, 2) Put the public IP address of my gateway as DNS server address, but none of these solutions are acceptable for me…
    Any help is welcome!!!

    I would suggest taking a look at:
    server admin:vpn:settings:client information:network route definitions.
    as I understand your setup it should be something like
    192.168.1.0 255.255.255.0 private.
    at least as a start. I just got done troubleshooting a similar issue but via two subnets:
    http://discussions.apple.com/thread.jspa?threadID=2292827&tstart=0

  • Windows 7 (Client) map a network drive VPN Snow Leopard Server

    Hi,
    I have a Mac Mini Snow Leopard Server and are using a VPN service.
    My services on the mac os x sls server are: AFP, DNS, Firewall, Open Directory, SMB and VPN.
    I can connect the VPN from Mac clients and Windows 7 clients, but I can only map a network drive/share point on Mac´s.
    On Windows 7 I get an error: path or name not found ( I am sure using the correct path, same from Mac client that works).
    When I am using my internal network LAN I can map a network drive using Windows 7 and Mac but outside over a VPN not (only Mac works).
    The only service, at this moment,  that I need is File Sharing outside my network LAN using a VPN.
    How can I map a network drive from a Windows 7 client using a VPN, is there any Firewall rules / SMB rules / File Sharing rules that I missed on the server side?
    Thank You.

    I really don't know what are going wrong with my settings. As you said/write it must be an easy setup.
    I'm using a Time Capsule and used the Server app to add VPN to the port forwarding also.
    When I am connected thru the VPN I tried to ping the Server IP and got no answer from it, from W7 client!?
    My Mac's are just working fine with AFP and SMB share points thru the VPN.
    I think I have missed some settings from the SMB or Firewall services for VPN with W7 client's or it is a Windows issue.....

  • Snow Leopard Server and FCServer

    Hi.
    I'm running FCServer on an iMac, and I'm currently looking for the best solution for giving co-workers outside of our office network remote access to our FCS database. The main purpose for this is for remote users to screen and download episode segments and movies from our database.
    I was initially thinking VPN would be the only solution, but then I saw Snow Leopard Server has 'Mobile Access Server' built right into the OS, which appears designed to help users avoid having to use a VPN.
    Before I go out and buy SLS for the company, I want to be sure it will work. Am I correct that Snow Leopard Server, and the built-in Mobile Access Server, will allow users outside of our network remote access to our FCSrvr database?
    Any help would be greatly appreciated. And if this question is better suited for a different forum please let me know as well.
    Thank you!

    Hmmm... Thanks for the replies.
    I posted this question in the OS X Server forum and got this response:
    +"I haven't used Final Cut Server, but I'm pretty sure the Mobile Access Server wouldn't work with it. MAS works with plain HTTP, and the Address Book, iCal, and Mail (SMTP and IMAP) services; but FCServer is only partly HTTP-based, and I don't think even the HTTP part will work due to how MAS authenticates HTTP clients. Also, you might be thinking about using MAS as the same computer as FCServer, and it won't work that way -- MAS needs to be on a separate (internet-facing) computer from the actual origin server (which should be firewalled from the internet).+
    +I'd go back to thinking about VPN... "+
    Can anyone offer any more insight into this for me? I'm just an audio/video post-production guy, so this is all a little outside of my training.
    Any help would be greatly appreciated. Thanks!

  • Creating a versatile DNS and redirection service on Snow Leopard Server

    For the few of us who use Snow Leopard Server as a main DNS for our small network, the following is a workflow that I would like to share with the board for creating redirection services to not just sites found on the locally hosted apache but also external sites.
    +IF you are adding a second domain name, the reverse domain lookup will not appear and you will need to add a Machine/A record with the fully qualified domain "domainname.com." (don't forget the . at the end) into the new zone and it will point to the "server" Machine/A record ip address.+
    *DNS Portion* : (ServerAdmin > DNS > Zones >
    Add Zone > Primary > Create a fully Qualified Domain name and dns "server" in the Machine / A Record
    Create the (add Record > Alias/ CNAME) subdomain pointing to the server.domainname.com e.g. (library)
    *Web / Apache Portion :*
    Create a new site (ServerAdmin > Web > Sites > Plus button)
    With General > host name exactly as spelled in above subdomain in full (library.domainname.com)
    Select Web Folder where the site is hosted
    If you are creating a redirection, create a folder on the server, add an index.php (with the script below)
    Add Alias with the same subdomain as number 2
    _PHP script :_
    <?php
    $location = "http://example.net";
    header("Location: ".$location, "301 Moved Permanently");
    ?>
    // Edit the "http://example.net" to which ever e.g. "http://apple.com"
    _Alternatively you can also mask the page with :_
    <html>
    <head>
    <title>Same Title As Your Homepage</title><!-->incase they have javascript turned off<!-->
    <script type="text/javascript"><!-->changes title bar to match title on current page in frame<!-->
    function changeTitle()
    if (top.frames['main'].document.title)
    top.document.title=top.frames['main'].document.title;
    </script>
    </head>
    <frameset>
    <frame name="main" src="http://actual-url.anotherhost.com/page.html"scrolling="auto" target="main" ONLOAD="changeTitle();"><!-->You need the onload handler to make the javascript work<!-->
    <noframes>
    <body>
    Place a suitable message here for people with browsers that can't read frames.
    </body>
    </noframes>
    </frameset>
    </html>

    Ok, local DNS services (unicast DNS) are typically straightforward to set up, very useful to have, and can be necessary for various modern network services, so I'm unsure why this is even particularly an open question.  Which leads me to wonder what other factors might be under consideration here; of what I'm missing.
    The Bonjour mDNS stuff is certainly very nice, too.  But not everything around supports Bonjour, unfortunately.
    As for being authoritative, the self-hosted out-of-the-box DNS server is authoritative for its own zone.  That's how DNS works for this stuff.
    And as for querying other DNS servers from that local DNS server (or, if you decide to reconfigure it and deploy and start using DNS services on your LAN), then that's how DNS servers work.
    And yes, the caching of DNS responses both within the DNS clients and within the local DNS server is typical.  This also means that there is need no references to ISP or other DNS servers on your LAN for frequent translations; no other caching servers and no other forwarding servers are required.

  • VPN Server in Snow Leopard Server not accepting connections

    I've got some issues with a new Snow Leopard Server, running on a Mac mini Server, and VPN.
    I have a Linksys WRT310N performing router duties. I have enabled the VPN Passthrough in the router's configuration pages (IPSec, PPTP and L2TP all Enabled). In the Applications and Gaming section, I have enabled ports 1723 (TCP and UDP) and 1701 (TCP and UDP) to go through to the mini Server. In order to have the VPN Passthrough enabled, I have to have the SPI Firewall enabled on the router.
    I have both PPTP and L2TP enabled on the Server. When I first tested it, everything worked.
    Within 24 hours, it stopped working, and I can't work out why.
    On the Server, I can see in the logs the following messages: (server name and IPs changed to protect the guilty)
    ---BEGIN vpnd.log---
    2009-11-03 20:03:32 EST Incoming call... Address given to client = 192.168.0.213
    Tue Nov 3 20:03:32 2009 : Directory Services Authentication plugin initialized
    Tue Nov 3 20:03:32 2009 : Directory Services Authorization plugin initialized
    Tue Nov 3 20:03:32 2009 : PPTP incoming call in progress from '123.456.789.123'...
    Tue Nov 3 20:03:33 2009 : PPTP connection established.
    Tue Nov 3 20:03:33 2009 : using link 0
    Tue Nov 3 20:03:33 2009 : Using interface ppp0
    Tue Nov 3 20:03:33 2009 : Connect: ppp0 <--> socket[34:17]
    Tue Nov 3 20:03:33 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:33 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:33 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:33 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:36 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:36 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:36 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:36 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:39 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:39 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:39 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:39 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:42 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:42 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:42 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:42 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:45 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:45 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:45 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:45 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:48 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:48 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:48 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:48 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:51 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:51 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:51 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:51 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:54 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:54 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:54 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:54 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:57 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:03:57 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:03:57 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:03:57 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:04:00 2009 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x38278225> <pcomp> <accomp>]
    Tue Nov 3 20:04:00 2009 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:04:00 2009 : lcp_reqci: returning CONFACK.
    Tue Nov 3 20:04:00 2009 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x4e96b584> <pcomp> <accomp>]
    Tue Nov 3 20:04:03 2009 : LCP: timeout sending Config-Requests
    Tue Nov 3 20:04:03 2009 : Connection terminated.
    Tue Nov 3 20:04:03 2009 : PPTP disconnecting...
    Tue Nov 3 20:04:03 2009 : PPTP disconnected
    2009-11-03 20:04:03 EST --> Client with address = 192.168.0.213 has hungup
    ---END vpnd.log---
    On the client I'm seeing this in the logs
    --- BEGIN ---
    3/11/09 8:03:32 PM pppd[12074] pppd 2.4.2 (Apple version 314.0.2) started by root, uid 502
    3/11/09 8:03:32 PM pppd[12074] PPTP connecting to server 'server.example.com' (10.0.1.1)...
    3/11/09 8:03:33 PM pppd[12074] PPTP connection established.
    3/11/09 8:03:33 PM pppd[12074] Connect: ppp0 <--> socket[34:17]
    3/11/09 8:04:03 PM pppd[12074] LCP: timeout sending Config-Requests
    3/11/09 8:04:03 PM pppd[12074] Connection terminated.
    3/11/09 8:04:03 PM pppd[12074] PPTP disconnecting...
    3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
    3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
    3/11/09 8:04:03 PM pppd[12074] PPTP disconnected
    --- END ---
    Any ideas?

    Well, this didn't last long. The VPN is already down. Cannot connect to it again.Very Frustrating.
    I know the actual server is receiving the requests (Server Log):
    Jan 7 10:26:33 SnowServer racoon[118]: Connecting.
    Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 1).
    Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
    Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 3).
    Jan 7 10:26:33 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
    Jan 7 10:26:36 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
    Jan 7 10:26:55: --- last message repeated 6 times ---
    Jan 7 10:26:55 SnowServer servermgrd[67]: servermgr_jabber[W]: detailed service status not available until network configuration completed
    Jan 7 10:26:57 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
    Jan 7 10:27:03: --- last message repeated 1 time ---
    Jan 7 10:27:03 SnowServer racoon[118]: IKEv1 Phase1: maximum retransmits. (Phase1 Maximum Retransmits).
    Jan 7 10:27:03 SnowServer racoon[118]: Disconnecting. (Connection tried to negotiate for, 30.655020 seconds).
    Jan 7 10:27:03 SnowServer racoon[118]: IKE Phase1 Failure-Rate Statistic. (Failure-Rate = 100.000).
    Jan 7 10:27:57 SnowServer racoon[118]: Connecting.
    Jan 7 10:27:57 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 1).
    Jan 7 10:27:57 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 2).
    Jan 7 10:27:58 SnowServer racoon[118]: IKE Packet: receive success. (Responder, Main-Mode message 3).
    Jan 7 10:27:58 SnowServer racoon[118]: IKE Packet: transmit success. (Responder, Main-Mode message 4).
    Jan 7 10:28:01 SnowServer racoon[118]: IKE Packet: transmit success. (Phase1 Retransmit).
    Jan 7 10:28:28: --- last message repeated 8 times ---
    Jan 7 10:28:28 SnowServer racoon[118]: IKEv1 Phase1: maximum retransmits. (Phase1 Maximum Retransmits).
    Jan 7 10:28:28 SnowServer racoon[118]: Disconnecting. (Connection tried to negotiate for, 30.993122 seconds).
    Jan 7 10:28:28 SnowServer racoon[118]: IKE Phase1 Failure-Rate Statistic. (Failure-Rate = 100.000).
    But the VPN Server never gets the connection request (VPN Log):
    2010-01-07 10:12:13 EST Loading plugin /System/Library/Extensions/L2TP.ppp
    2010-01-07 10:12:13 EST Listening for connections...
    2010-01-07 10:12:13 EST Listening for connections...
    I have a call with Apple Support this afternoon. Hopefully it will be fruitful. If I get anywhere, I will post it. If anyone has any bright ideas, they would be greatly appreciated.
    Message was edited by: AeroJet

  • Problem connecting with VPN after migrated to SNOW LEOPARD SERVER,

    Hi,
    I recently migrated to Snow Leopard server, I have a strange issue when connecting to the VPN Server.
    Please find the below error.
    Fri Jan 1 14:38:22 2010 : CHAP peer authentication succeeded for jasmine
    Fri Jan 1 14:38:22 2010 : DSAccessControl plugin: User 'jasmine' authorized for access
    Fri Jan 1 14:38:22 2010 : MPPE required, but keys are not available. Possible plugin problem?
    Fri Jan 1 14:38:22 2010 : sent LCP TermReq id=0x2 \"MPPE required but not available\"
    Fri Jan 1 14:38:22 2010 : Connection terminated.
    Fri Jan 1 14:38:22 2010 : Connect time 0.0 minutes.
    Fri Jan 1 14:38:22 2010 : Sent 0 bytes, received 0 bytes.
    Fri Jan 1 14:38:22 2010 : PPTP disconnecting...
    Fri Jan 1 14:38:22 2010 : PPTP disconnected
    2010-01-01 14:38:22 IST --> Client with address = 192.168.1.76 has hungup
    Please let me know what is the cause and how can i fix it.
    Thanks,
    Gulab Pasha

    Did you turn on the Printer Sharing in the "Share" preferences panel?
    And, for Windows computers to access your printer, they need to install "Bonjour for Windows", which is a part of the iTunes+Quicktime install package, I believe.
    Alternatively, you can turn on SMB sharing on your Mac, which is also in the "Share" preferences panel. You first highlight and turn on "File Sharing", then there is an "Options..." button to the right, clicke it and check the checkbox of "Share files and folder via SMB (Windows)".

  • I transferred files from a NAS server to the Mac Mini Snow Leopard Server and now some of the files have Custom Access and can't  be opened by some users.  How do I fix this?

    We're setting up our Mac Mini Snow Leopard Server, and in the process transferred files that had been stored and accessed from our Blackarmor NAS server over to the Mac.  These files were all created on PC's and are Office Excel files, WordPerfect files or PDF's.  When you look at the files on the Mac from the Mac and bring up Get Info for the affected file, it says that the file has Custom Access.  The files that work properly don't have that configuration.  I can access and open the files on some computers, but some users can't open the files from their computer even though they can see it.  We're all using PC's and they get the Error:  Access Denied-Contact your administrator--or something similar.  I've seen on the web similar issues and it may have something to do with ACL permissions.  I don't know enough about Mac OS to understand this, but what is baffling is that they can be opened from some PC's but not others, and all of the Users have the same accessibility to the files.  Thanks for a solution!!

    Oh, on the losing Internet, try this...
    Make a New Location, Using network locations in Mac OS X ...
    http://support.apple.com/kb/HT2712
    10.7 & 10.8…
    System Preferences>Network, top of window>Locations>Edit Locations, little plus icon, give it a name.
    10.5.x/10.6.x/10.7.x instructions...
    System Preferences>Network, click on the little gear at the bottom next to the + & - icons, (unlock lock first if locked), choose Set Service Order.
    The interface that connects to the Internet should be dragged to the top of the list.
    Instead of joining your Network from the list, click the WiFi icon at the top, and click join other network. Fill in everything as needed.
    For 10.5/10.6, System Preferences>Network, unlock the lock if need be, highlight the Interface you use to connect to Internet, click on the advanced button, click on the DNS tab, click on the little plus icon, then add these numbers...
    208.67.222.222
    208.67.220.220
    Click OK.
    PS. Your English is quite good & completely understandable.

  • Remote Desktop and Snow Leopard Server

    What is the best way to use Remote Desktop with Snow Leopard Server?
    I purchased a mac mini with snow leopard server and Remote desktop so I can easily manage my 11 computers, install and upgrade software etc. etc.
    The mac mini server will basically be nothing but a server.
    I will use as my main computer a mac pro. Do I need to install Remote Desktop on the server and on my mac pro? What is the best way to deploy the services of Remote desktop and mac os x server?

    You install Apple Remote Desktop on the machine you want to control from. In this case, install on your Mac Pro. All you have to do on the clients (controlled Macs) is enable remote management in the System Preferences under Sharing. Just make sure that all your controlled Macs are up to date on their ARD version (v3.3.2) which can be taken care of from Software Update.

Maybe you are looking for

  • Error c000021a : {fatal system error} while booting laptop M30 series

    I get the following error when starting my laptop. "Stop: c00021a {fatal system error} The windows logon process system process terminated unexpectedly with a status of 0x00000080 (0x00000000 0x00000000) The system has been shut down" I have recovery

  • Setting Display Name for sent emails

    Hi All, I want to set a display name for sent emails. For example: when I send emails using [email protected] and after receivign this amil in my inbox it says from [email protected] Is there any way that I can show display name for this like Kartik

  • Submenu mouse clicks not registering

    I really don't know half of what I'm doing when it comes to Action Script 3. Through a lot of trial and error, I finally have my menu with submenus displaying properly, but just not functioning the way that I have intended. The submenu items appear w

  • Same site wider in firefox than IE

    www.amarasonline.com when viewed with firefox expands the contents all the way to the tight margin. In IE it expands the content to the right location [600 pix]

  • Problem with mBDoc

    Hello. We have issues in integration of SAP SM and SAP BI in our company. The SAP CRM components are the base for SAP SM in part of orders. The extractors have CRM prefix in their names, example 0CRM_SRV_PROCESS_H. We have explored a lot of documenta