To connect Oracle via VPN.

Like connecting Oracle Via VPN with my Remote Server

It shouldn't be a problem to connect to a remote database from a client machine through VPN.
But is it your question ?
Nicolas.

Similar Messages

Configure WRV200 to connect BEFVP41 via VPN

I'm currently having problem connecting WRV200 to BEFVP41 via VPN, wonder if someone can help, thanks!
(Key Not recognized)
BEFVP41:
Local Security Group: 192.168.2.0 / 255.255.255.0
Remote Security Group: 192.168.1.0 / 255.255.255.0
Remote Security Gateway: WAN IP address of WRV200
Encryption: 3DES
Authentication: SHA
Key Management: Auto (IKE)
   PFS (Perfect Forward Secrecy) - checked
   Pre-shared Key: XXXXXXX
   Key Lifetime: 3600 seconds
WRV200:
Local Security Group: 192.168.1.0 / 255.255.255.0
Remote Security Group: 192.168.2.0 / 255.255.255.0
Remote Security Gateway: WAN IP address of BEFVP41
Key Exchange Method: Auto (IKE)
Operation Mode: Main
ISAKMP Encryption Method: 3DES
ISAKMP Authentication Method: SHA1
ISAKMP Key Lifetime (s): 3600
PFS: Enable
IPSec Encryption Method: 3DES
IPSec Authentication Method: SHA1
IPSec Key Lifetime(s): 3600
Pre-Shared Key: XXXXXXX
Dead Peer Detection - checked
Detection Delay(s): 30
Detection Timeout(s): 120
DPD Action: Recover Connection
Checked If IKE failed more than 5 times block this unauthorized IP for 60 seconds
Checked Anti-replay

Disable the firewall & try to ping the Remote secure address .... let me know the results....

Setting for 'Connect Oracle Via Internet'

I want to connect my oracle server 10g via internet by creating service using static/dynamic IP

piyukharwar wrote:
I want to connect my oracle server 10g via internet by creating service using static/dynamic IPThis is no different than normal LAN IP connectivity. IP is IP - whether over a LAN, WAN of the Internet. The client IP needs connectivity to the server IP. Ther server IP needs to be able to respond to the client IP.
There are certain restrictions though - such as private IP address ranges that are not supported and routed on the Internet.
If you for example use such an IP address for your database service, you will need to enable NAT firewalling on your Internet router - allowing for example connections from the net to your router's tcp port 1521, where the router will NAT these to your database server (running a private IP) on port 1521.
Word of warning though - usually not a good idea to expose your database directly to the Internet. You need to harden the Listener and the database if you want to do this in a safe and secure manner. And consider using encrypted IP connectivity for running OCI client-server connections across.

While connected Via VPN - Couldnt reconnect to disconnected or active session

Hi Folks,
Looking for some help here, I got users who are having problem while connecting remotely via VPN .
Users can take remote desktop to server if they do not have any disconnected or active session without any problem
But if they do have active or disconnected session than they see below error:-
This computer cant connect to remote computer , Try connecting again
and this was only noted when using VPN, but when we are in same network and try to take rdp even disconnected or active connections get connected.
Couldn't narrow down where the problem could be any help appreciated,
This topic first appeared in the Spiceworks Community

Hi,
I am setting up the lab to see if the issue can be reproduced. I will give you an update as soon as possible. Appreciate your patience.
Thanks.
Jeremy Wu
TechNet Community Support

Do I need to run DNS on a colo server being accessed remotely via VPN?

My Mac Mini Server is located in a colo site. We generally use it for Web, email and a couple of application-specific services. It has a dedicated IP address. We have a separate DNS service we use to point to the domains on the server located remotely from the server. Forward and reverse lookups work fine from the server, even though the local DNS service is turned off.
However, we now have a couple of things we want to access remotely on the server via VPN (for example, some files via AFP). The firewall blocks remote AFP requests (using the built-in firewall, not a separate box). We can connect via VPN without problems. However, AFP does not work. If I allow AFP in the firewall and try to connect, no problems at all.
Since the Mini is located by itself and will never likely have anything connected to a "local network" (never running DHCP, etc.), there generally doesn't seem to be a need to run DNS on the server.
I suspect the problem is that when you VPN into the server you are on its "local network", whatever that means, so the DNS does not resolve since the local DNS service is not running. However, I am not positive of this.
Must we run local DNS? Does it have to mirror the remote DNS that we currently reference? Can we somehow "reference" the local DNS from VPN clients trying to access local services?
I hope this question makes some sense.

Bear with me please....
The Mac Mini is in a data center on a shelf, getting a direct connection to the Internet via ethernet with a fixed IP address (under the covers, I suspect that the data center is using some sort of router or switch, but I am not paying for a hardware firewall or other gateway). There is no local network for the Mini. It is not running DHCP, not handing out NAT addresses, etc. DNS is currently off. Rather than using the local DNS, the Mini is resolving its DNS needs with a DNS server located at another site, over the Internet. This seems to work fine (i.e., changeip confirms it is working and services seem to work).
I am currently using the software firewall built into SLS.
I want to turn on VPN so that remotely located computers can access services on the Mini without having to make the services visible through the firewall.
I am able to connect devices via VPN with little difficulty (iPhones, Macs, etc.). However, when I try to access services (let's use AFP as an example), I cannot access them UNLESS they are allowed through the firewall. This tells me that I am not seeing the services through the VPN, but rather through the Internet directly.
What I meant by "local network" is that the VPN allocates local IP addresses when devices log into the VPN service (10.0.x.x). There is no DHCP allocating these addresses, just VPN.
My question is: why can I not see the services on the Mini blocked by the firewall when successfully logged into VPN on the server? Isn't the whole point of the VPN to gain access to services behind the firewall?
I am guessing (with no particular information to support my thesis) that somehow without DNS running on the Mini, VPN clients are unable to access services on the Mini. I do not know for sure, however, if this is the problem. If it IS a problem, then the question is whether I should completely copy the DNS entries from the remote DNS server to the Mini and start the service. Will that solve the issue? Create conflicts with the DNS (since it is now located on both a remote service and on the Mini)? It certainly will create a maintenance headache since now I will have to maintain the DNS in both places.
I am hesitant to migrate all of my DNS services to the Mini (because I will also have to go to the domain registrars to change where they point, etc.) to eliminate the remote one. And I am not sure it will solve this problem anyway.
Sorry for all of the typing!

Financial Reports Client - 11.1.2.1 - Won't connect via VPN only?

When I try and connect via VPN only. I get: You are not authorized to use this functionality. Contact your administrator.
Here's the log from client. We have ensured the client version matches the server version exactly. Funny as when I'm directly on their network I can connect just fine. Hoping this log will point to solution.
Log:
[2012-06-01T10:31:45.196-04:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JUcTOpZD4io5KVt1ie1FmD9H000000,0] [SRC_CLASS: com.hyperion.reporting.registry.FRSystem] [SRC_METHOD: lookupHsServer] [[
com.hyperion.reporting.util.HyperionReportException: Could not connect to the server.
Please make sure that the server is running as specified in the logon dialog (including port number if not default).
     at com.hyperion.reporting.registry.FRSystem.lookupHsServer(Unknown Source)
     at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
     at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
[2012-06-01T10:31:45.273-04:00] [EPMFR] [ERROR] [] [oracle.EPMFR.core] [tid: main] [ecid: 0000JUcTOpZD4io5KVt1ie1FmD9H000000,0] [SRC_CLASS: com.hyperion.reporting.javacom.HsServer] [SRC_METHOD: getServer] [[
java.lang.NullPointerException
     at com.hyperion.reporting.javacom.HsServer.getServer(Unknown Source)
     at com.hyperion.reporting.javacom.HsHelper.getServer(Unknown Source)
]]

I think you have already posted this problem on another post, I said it is possible it could be a ports issue.
Have a look at the following http://www.oracle.com/technetwork/middleware/bi-foundation/epm-component-communications-11121-354680.xls
Select FR studio as the client and it should give indication to the ports that need to be opened.
Cheers
John
http://john-goodwin.blogspot.com/

Window 8.1 system unable to access network shares via VPN connection

Is there something inherent to Windows 8.1 that prevents it from accessing shares on a domain?
I know that it cannot join a domain, but does that also mean that it cannot access shares which are on a domain?
My problem is that I have several user that are running windows 8.1 that are connecting to our network via a VPN.
The users have domain accounts but their computers as windows 8.1 cannot joined to the domain.
So to access network shares they have to use their domain credentials to create a VPN connection.
Once connected the user can RDP to systems on the domain using their domain accounts, so I know that their user names/passwords and permissions are correct. They can access these systems using the computer name, so I don't feel that I have a DNS issue.
They can see the shares on our file server, but when they try to access their departments shared file, they receive an access denied message. There are a few shares that are completely wide open, shared to all users and all departments but they cannot access
those shares either.
You can ping the file server, from the the client when they are connected to the VPN but you just cannot access any of the shares.
So...
I am thinking that it has something to do with windows 8.1 and not being able to join a domain, but I cannot find anything to explicitly support this thought.
Other users running a variety different OS (windows 7, OSX, Linux) can all access the shares without any problems via the VPN, so I am a little stumped.

I have done some more testing and oddly enough I can map a drive if I use the IPaddress, but not the computer name, when checking the check box "connect using different credentials"and providing they users domain credentials.
This seems to point to a DNS issue, one would think, but I can hit the file share server by name \\fileserver.dev.lan
I can see all the shares, so dns seems to be fine right?
So I don't understand why I can map a drive using do the IPaddress and not the machine name, but yet I can see and ping the server by name?
When I try to create a mapped drive by machine name I receive the following message:
Windows cannot access \\fileserver.dev.lan\all
You do not have permissions to access \\fileserver.dev.lan. contact your network administrator to request access.
But if I use the \\x.x.x.x\all using the very same user and password I get connected with no problem.
This only seems to happen on windows 8.1, which leads me to think that has something to do with OS.
I am thinking about upgrading to windows 8.1 pro, but I don't want to go though the hassle and expanse is the OS is not the problem.

Poor performance in remote site connect via VPN

Hello
we have site connected via VPN over the internet.
AVR ping time is less then 100ms.
EP perform well within local area network, but users at this site report 20-30 sec per new screen. we also use this line for R/3 connection with good responce time.
do you have any tips for EP tunning for WAN?
TNX
Erez

Erez,
Is the requests/packets encrypted for external user requests? You can analyze by using HTTPWatch to analyze where the bottleneck/delay is with the response times. Run internal request, and external request and compare reports.
http://www.httpwatch.com/
James

Can only connect one user at a time via VPN?

Hi, long-term Mac user but new to OS X Server. Dug thru the forums quite a bit but couldn't find an answer to this one - hopefully I wasn't searching with the wrong keywords.
Installed OS X Server 10.6 on a MacBook (white, 1 generation back) at the office. Sits behind an Airport Extreme, which is connected to Comcast. Other machines at the office are NOT routed through the Server, but rather connect directly to the Airport Extreme for internet access. I've set up server.mydomainname.com to point to our Comcast address, and I am able to connect via VPN to the server without any problems, and access the server using the server.mydomainname.com address which I pointed to my Comcast IP address, as long as I check "Send all traffic over VPN connection" on my client.
However, when I'm logged in via VPN on one computer, and then log in via VPN on another computer (with the same UID or a different one), the first one loses all connectivity through the VPN - it's as if it had been logged off.
In Server Admin, under the Settings|Network tabs, I have Computer Name set up as "theserver", and Local Hostname as "theserver" (so I can access via theserver.private). VPN is set up to enable L2TP over IPsec, sharing ranges 10.0.1.200 thru 10.0.1.220; no load balancing, no PPTP. Client DNS servers is set to 10.0.1.29.
Any ideas as to why I can only connect with one client at a time?

Thanks. I didn't see anything interesting, but then again I'm not up on VPN details. Here's the scenario:
First, I logged in as "user1", and I can use the VPN.
Then, I logged in as "user2", and I can use the VPN with user2, but user1 is no longer able to do anything over the VPN.
Then I hung up with user2, but user1 still can't see anything over the VPN.
Then I hung up and reconnected with user1, and user1 can use the VPN again.
Here's part of the log for this activity. I've replaced potentially identifying info with "XYZ" for safety. Appreciate any thoughts on this!
Tue Oct 19 07:33:08 2010 : L2TP received ICCN
Tue Oct 19 07:33:08 2010 : L2TP connection established.
Tue Oct 19 07:33:08 2010 : using link 1
Tue Oct 19 07:33:08 2010 : Using interface ppp1
Tue Oct 19 07:33:08 2010 : Connect: ppp1 <--> socket[34:18]
Tue Oct 19 07:33:08 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic XYZ> <pcomp> <accomp>]
Tue Oct 19 07:33:08 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic XYZ> <pcomp> <accomp>]
Tue Oct 19 07:33:08 2010 : lcp_reqci: returning CONFACK.
Tue Oct 19 07:33:08 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic XYZ> <pcomp> <accomp>]
Tue Oct 19 07:33:08 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic XYZ> <pcomp> <accomp>]
Tue Oct 19 07:33:08 2010 : sent [LCP EchoReq id=0x0 magic=XYZ]
Tue Oct 19 07:33:08 2010 : sent [CHAP Challenge id=0x18 <XYZ>, name = "myserver.private"]
Tue Oct 19 07:33:08 2010 : rcvd [LCP EchoReq id=0x0 magic=XYZ]
Tue Oct 19 07:33:08 2010 : sent [LCP EchoRep id=0x0 magic=XYZ]
Tue Oct 19 07:33:08 2010 : rcvd [LCP EchoRep id=0x0 magic=XYZ]
Tue Oct 19 07:33:08 2010 : rcvd [CHAP Response id=0x18 <XYZ>, name = "user2"]
Tue Oct 19 07:33:08 2010 : sent [CHAP Success id=0x18 "S=XYZ M=Access granted"]
Tue Oct 19 07:33:08 2010 : CHAP peer authentication succeeded for user2
Tue Oct 19 07:33:08 2010 : DSAccessControl plugin: User 'user2' authorized for access
Tue Oct 19 07:33:08 2010 : sent [IPCP ConfReq id=0x1 <addr 10.0.1.29>]
Tue Oct 19 07:33:08 2010 : sent [ACSCP ConfReq id=0x1]
Tue Oct 19 07:33:08 2010 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Oct 19 07:33:08 2010 : ipcp: returning Configure-NAK
Tue Oct 19 07:33:08 2010 : sent [IPCP ConfNak id=0x1 <addr 10.0.1.213> <ms-dns1 10.0.1.29> <ms-dns3 10.0.1.29>]
Tue Oct 19 07:33:08 2010 : rcvd [IPV6CP ConfReq id=0x1 <addr XYZ>]
Tue Oct 19 07:33:08 2010 : Unsupported protocol 0x8057 received
Tue Oct 19 07:33:08 2010 : sent [LCP ProtRej id=0x2 80 47 01 01 00 0f 01 0a 02 1b 63 ff fe a0 dd da]
Tue Oct 19 07:33:08 2010 : rcvd [ACSCP ConfReq id=0x1 <ms-dns1 0.0.0.1> <ms-dns1 0.0.0.1>]
Tue Oct 19 07:33:08 2010 : sent [ACSCP ConfRej id=0x1 <ms-dns1 0.0.0.1>]
Tue Oct 19 07:33:08 2010 : rcvd [IPCP ConfAck id=0x1 <addr 10.0.1.29>]
Tue Oct 19 07:33:08 2010 : rcvd [ACSCP ConfAck id=0x1]
Tue Oct 19 07:33:08 2010 : rcvd [IPCP ConfReq id=0x2 <addr 10.0.1.213> <ms-dns1 10.0.1.29> <ms-dns3 10.0.1.29>]
Tue Oct 19 07:33:08 2010 : ipcp: returning Configure-ACK
Tue Oct 19 07:33:08 2010 : sent [IPCP ConfAck id=0x2 <addr 10.0.1.213> <ms-dns1 10.0.1.29> <ms-dns3 10.0.1.29>]
Tue Oct 19 07:33:08 2010 : ipcp: up
Tue Oct 19 07:33:08 2010 : l2tpwaitinput: Address added. previous interface setting (name: en0, address: 10.0.1.29), current interface setting (name: ppp1, family: PPP, address: 10.0.1.29, subnet: 255.0.0.0, destination: 10.0.1.213).
Tue Oct 19 07:33:08 2010 : found interface en0 for proxy arp
Tue Oct 19 07:33:08 2010 : local IP address 10.0.1.29
Tue Oct 19 07:33:08 2010 : remote IP address 10.0.1.213
Tue Oct 19 07:33:08 2010 : l2tpwaitinput: Address added. previous interface setting (name: en0, address: 10.0.1.29), current interface setting (name: ppp1, family: PPP, address: 10.0.1.29, subnet: 255.0.0.0, destination: 10.0.1.213).
Tue Oct 19 07:33:08 2010 : rcvd [ACSCP ConfReq id=0x2 <ms-dns1 0.0.0.1>]
Tue Oct 19 07:33:08 2010 : sent [ACSCP ConfAck id=0x2 <ms-dns1 0.0.0.1>]
Tue Oct 19 07:33:08 2010 : sent [ACSP data <payload len 26, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
<domain: name XYZ>]
Tue Oct 19 07:33:08 2010 : rcvd [IP data <src addr 10.0.1.213> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Tue Oct 19 07:33:08 2010 : sent [IP data <src addr 10.0.1.29> <dst addr 10.0.1.213> <BOOTP Reply> <type ACK> <server id 0x0a00011d> <domain name "XYZ">]
Tue Oct 19 07:33:08 2010 : rcvd [ACSP data <payload len 0, packet seq 0, CI_DOMAINS, flags: ACK>]
Tue Oct 19 07:33:34 2010 : rcvd [LCP TermReq id=0x2 "User request"]
Tue Oct 19 07:33:34 2010 : LCP terminated by peer (User request)
Tue Oct 19 07:33:34 2010 : ipcp: down
Tue Oct 19 07:33:34 2010 : l2tpwaitinput: Address deleted. previous interface setting (name: en0, address: 10.0.1.29), deleted interface setting (name: ppp1, family: PPP, address: 10.0.1.29, subnet: 255.0.0.0, destination: 10.0.1.213).
Tue Oct 19 07:33:34 2010 : sent [LCP TermAck id=0x2]
Tue Oct 19 07:33:34 2010 : l2tpwaitinput: Address deleted. previous interface setting (name: en0, address: 10.0.1.29), deleted interface setting (name: ppp1, family: PPP, address: 10.0.1.29, subnet: 255.0.0.0, destination: 10.0.1.213).
Tue Oct 19 07:33:34 2010 : L2TP received CDN
Tue Oct 19 07:33:34 2010 : Connection terminated.
Tue Oct 19 07:33:34 2010 : Connect time 0.5 minutes.
Tue Oct 19 07:33:34 2010 : Sent 777000 bytes, received 105388 bytes.
Tue Oct 19 07:33:34 2010 : L2TP disconnecting...
Tue Oct 19 07:33:34 2010 : L2TP disconnected
2010-10-19 07:33:34 PDT --> Client with address = 10.0.1.213 has hungup
Tue Oct 19 07:33:50 2010 : rcvd [LCP TermReq id=0x3 "User request"]
Tue Oct 19 07:33:50 2010 : LCP terminated by peer (User request)
Tue Oct 19 07:33:50 2010 : ipcp: down
Tue Oct 19 07:33:50 2010 : sent [LCP TermAck id=0x3]
Tue Oct 19 07:33:50 2010 : l2tpwaitinput: Address deleted. previous interface setting (name: en0, address: 10.0.1.29), deleted interface setting (name: ppp0, family: PPP, address: 10.0.1.29, subnet: 255.0.0.0, destination: 10.0.1.214).
Tue Oct 19 07:33:50 2010 : L2TP received CDN
Tue Oct 19 07:33:50 2010 : Connection terminated.
Tue Oct 19 07:33:50 2010 : Connect time 3.5 minutes.
Tue Oct 19 07:33:50 2010 : Sent 625383 bytes, received 225586 bytes.
Tue Oct 19 07:33:50 2010 : L2TP disconnecting...
Tue Oct 19 07:33:50 2010 : L2TP disconnected
2010-10-19 07:33:50 PDT --> Client with address = 10.0.1.214 has hungup
2010-10-19 07:33:59 PDT Incoming call... Address given to client = 10.0.1.216
Tue Oct 19 07:33:59 2010 : Directory Services Authentication plugin initialized
Tue Oct 19 07:33:59 2010 : Directory Services Authorization plugin initialized
Tue Oct 19 07:33:59 2010 : L2TP incoming call in progress from 'XYZ'...
Tue Oct 19 07:33:59 2010 : L2TP received SCCRQ
Tue Oct 19 07:33:59 2010 : L2TP sent SCCRP
Tue Oct 19 07:33:59 2010 : L2TP received SCCCN
Tue Oct 19 07:33:59 2010 : L2TP received ICRQ
Tue Oct 19 07:33:59 2010 : L2TP sent ICRP
Tue Oct 19 07:33:59 2010 : L2TP received ICCN
Tue Oct 19 07:33:59 2010 : L2TP connection established.
Tue Oct 19 07:33:59 2010 : using link 0
Tue Oct 19 07:33:59 2010 : Using interface ppp0
Tue Oct 19 07:33:59 2010 : Connect: ppp0 <--> socket[34:18]
Tue Oct 19 07:33:59 2010 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic XYZ> <pcomp> <accomp>]
Tue Oct 19 07:33:59 2010 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic XYZ> <pcomp> <accomp>]
Tue Oct 19 07:33:59 2010 : lcp_reqci: returning CONFACK.
Tue Oct 19 07:33:59 2010 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic XYZ> <pcomp> <accomp>]
Tue Oct 19 07:33:59 2010 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic XYZ> <pcomp> <accomp>]
Tue Oct 19 07:33:59 2010 : sent [LCP EchoReq id=0x0 magic=XYZ]
Tue Oct 19 07:33:59 2010 : sent [CHAP Challenge id=0xf1 <XYZ>, name = "myserver.private"]
Tue Oct 19 07:33:59 2010 : rcvd [LCP EchoReq id=0x0 magic=XYZ]
Tue Oct 19 07:33:59 2010 : sent [LCP EchoRep id=0x0 magic=XYZ]
Tue Oct 19 07:33:59 2010 : rcvd [LCP EchoRep id=0x0 magic=XYZ]
Tue Oct 19 07:33:59 2010 : rcvd [CHAP Response id=0xf1 <XYZ>, name = "user1"]
Tue Oct 19 07:34:00 2010 : sent [CHAP Success id=0xf1 "S=XYZ M=Access granted"]
Tue Oct 19 07:34:00 2010 : CHAP peer authentication succeeded for user1
Tue Oct 19 07:34:00 2010 : DSAccessControl plugin: User 'user1' authorized for access
Tue Oct 19 07:34:00 2010 : sent [IPCP ConfReq id=0x1 <addr 10.0.1.29>]
Tue Oct 19 07:34:00 2010 : sent [ACSCP ConfReq id=0x1]
Tue Oct 19 07:34:00 2010 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Tue Oct 19 07:34:00 2010 : ipcp: returning Configure-NAK
Tue Oct 19 07:34:00 2010 : sent [IPCP ConfNak id=0x1 <addr 10.0.1.216> <ms-dns1 10.0.1.29> <ms-dns3 10.0.1.29>]
Tue Oct 19 07:34:00 2010 : rcvd [IPV6CP ConfReq id=0x1 <addr XYZ>]
Tue Oct 19 07:34:00 2010 : Unsupported protocol 0x8057 received
Tue Oct 19 07:34:00 2010 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 1b 63 ff fe 99 35 cb]
Tue Oct 19 07:34:00 2010 : rcvd [LCP ProtRej id=0x2 82 35 01 01 00 04]
Tue Oct 19 07:34:00 2010 : rcvd [IPCP ConfAck id=0x1 <addr 10.0.1.29>]
Tue Oct 19 07:34:00 2010 : rcvd [IPCP ConfReq id=0x2 <addr 10.0.1.216> <ms-dns1 10.0.1.29> <ms-dns3 10.0.1.29>]
Tue Oct 19 07:34:00 2010 : ipcp: returning Configure-ACK
Tue Oct 19 07:34:00 2010 : sent [IPCP ConfAck id=0x2 <addr 10.0.1.216> <ms-dns1 10.0.1.29> <ms-dns3 10.0.1.29>]
Tue Oct 19 07:34:00 2010 : ipcp: up
Tue Oct 19 07:34:00 2010 : found interface en0 for proxy arp
Tue Oct 19 07:34:00 2010 : local IP address 10.0.1.29
Tue Oct 19 07:34:00 2010 : remote IP address 10.0.1.216
Tue Oct 19 07:34:00 2010 : l2tpwaitinput: Address added. previous interface setting (name: en0, address: 10.0.1.29), current interface setting (name: ppp0, family: PPP, address: 10.0.1.29, subnet: 255.0.0.0, destination: 10.0.1.216).
Tue Oct 19 07:34:00 2010 : rcvd [IP data <src addr 10.0.1.216> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
Tue Oct 19 07:34:00 2010 : sent [IP data <src addr 10.0.1.29> <dst addr 10.0.1.216> <BOOTP Reply> <type ACK> <server id 0x0a00011d> <domain name "XYZ">]

I have connected via VPN but can't see lion server .private

when I am in my local network at home I simply go to finder and click on my server and connect to it. When I VPN form the net into my servers local network I dont see it in my finder? I know I am in the next work being I did a IP Check but am I am missing something how am I to get to the server to get to my files? it is set up as a .private.

Spoke to an apple rep today. when accessing via VPN go to finder then go to the top menu click GO at the bottom of the drop down will be connect to server simply add the IP address to access.

Can connect via VPN, but can't access AFP server on same Xserve

Hi:
I've set up our XServe with MacOS X Server 10.5.2 to do AFP and VPN (L2TP only; PPTP is disabled). The XServe is a standalone server, not connected to any other direstory server.
I can connect to the XServe's AFP server from my Mac over our wired and wireless network. The AFP server shows up in the sidebar of Finder windows. So far, so good.
I am able to successfully connect to our network via the VPN with Mac OS X 10.5.2 client (on two different machines) using L2TP through our network's firewall (on a Netopia T1 router; UDF ports 500 and 4500 and IP Protocol 50 and 51 are open) using a shared secret.
But I cannot connect to the XServe itself to use Server Admin or AFP (using afp://server.company.com or afp://xxx.xxx.xxx.xxx via the Go > Connect to Server command).
The error I get while connecting to the 10.5.2 AFP server is Some data in apf://server.mycompany.com could not be read or written (Error Code -36 ). I saw this error associated with a SMB problem in 10.4.x, but SMB is not running.
Other iChat users in my office also do not automatically show up in the Bonjour list when I connect to the network. Other computers on our network do not appear in the sidebar of a Finder window. (I'm told these are to be expected, as Bonjour isn't supported (in the "local area Bonjour" over a WAN link - it's purely a multicast feature on the network in the office, and won't be routed across the VPN link. True?)
Now, here's the odd part. There is a second server (v10.4.11) on our network running AFP. I can connect to it (using afp://server.company.com via the Go > Connect to Server command) and mount its various sharepoints via the VPN.
The only thing I see in the VPN log that seems amiss is this (but I have no idea what it means):
Tue Mar 11 23:09:27 2008 : Unsupported protocol 0x8057 received
--Both the 10.5.2 and the 10.4.11 servers have DNS properly configured (though our ISP; we're not running our own DNS).
--Both servers and the client have public IP addresses and have the same subnet mask. Network Utility confirms this while connected to the VPN.
--NAT is not running. The ISP is responding with public IPs for the servers.
--The firewall for the 10.5.2 server is not running (but will be once I get this all working).
--The IP address range for the VPN server doesn't overlap our DHCP pool (which also currently uses public IP addresses).
--Any user can access any service.
--No network routing definitions have been set up.
--In essence, I've followed the steps on Pages 141-142 of the Network Services Admin Guide.
One other note: After I connect, the Network Preferences > VPN > Advanced > TCP/IP window shows the IP address for the client just fine (assigned from the VPN pool), but lists the router as having the IP address of the XServe (rather than the router on the network). Is that normal?
I'm hoping I don't need to have the XServe run DNS as an internal LAN DNS server.... And I'm not sure why I would have to if I can already successfully connect to the 10.4.11 AFP server .
What simple step am I missing?
TIA,
mm

"I am able to successfully connect to our network via the VPN with Mac OS X 10.5.2 client (on two different machines) using L2TP through our network's firewall (on a Netopia T1 router; UDF ports 500 and 4500 and IP Protocol 50 and 51 are open) using a shared secret."
I suspect you mean UDP ports and you might need UDP port 1701 open too.
You only need IP protocol 50 (ESP), protocol 51 (AH) isn't used. And ESP is only used when client and server isn't behind NAT (when NAT is used only the UDP ports are used).
"Unsupported protocol 0x8057 received"
This is usually seen when you can't get GRE through but since you don't use PPTP I can't be sure why this is registered in the logs. Sometimes when connecting using PPTP you have to disconnect and then reconnect for everything to work - you might try this for L2TP too.
But if you already can reach services on any LAN nodes through the VPN I wouldn't bother with it.
As you have a firewall in front of the server you need a second alias IP on the server that you can use to get at the services running on the server through the VPN. The firewall blocks all ports protocols not opened - that's why you can't use the server main IP even if the VPN is up.
The netmask is used by all nodes to determine how big your subnet is: what part of the IP number is the network number and what range the node number is in => really: should traffic be directed to a node on the same LAN or sent directly to the gw/router for forwarding.
What you can't do is connect from a NATed network to another NATed network that both are using the same network number. (That's why people should stay away from using the "default" 192.168.0.0/24 and 192.168.1.0/24 networks for VPN server LANs).
Try your settings at http://www.jodies.de/ipcalc to see what I mean.
"...lists the router as having the IP address of the XServe (rather than the router on the network). Is that normal?"
Yes. The VPN server is the VPN gw/router.
"The firewall for the 10.5.2 server is not running (but will be once I get this all working)."
If you already have a firewall in front of your servers that is a bit redundant.
"--No network routing definitions have been set up."
"I'm hoping I don't need to have the XServe run DNS as an internal LAN DNS server"
You need routing definitions if you want to setup a split tunnel VPN or all traffic is routed through the VPN when connected. The VPN becomes the default gw.
Without ipforwarding ON in the server you can only reach nodes on the server LAN - not Internet.
DNS is needed for your servers forward and reverse names/IPs for advanced services but doesn't need to run in any of your own servers.
If you decide to do a split tunnel VPN config (adding public and private routing definitions) a reachable DNS IP for VPN clients (in VPN config on server) is needed for VPN clients or they can't use names to find anything. To reach this DNS IP if public/not on your server LAN, you need your server to forward IP DNS lookups and have a routing definition for it.
A split tunnel VPN only send traffic for your server LAN through the VPN and all other traffic directly to the local gw/router (Internet).

How can I connect to a VPN via PPTP?

Hello,
I am a foreigner living in Taiyuan, the capital city of Shanxi Province, in China. I bought my macbook the summer of 2006. It still works perfectly except I cannot connect to the internet here at the university.
The internet here is split into two parts: local, and international. The ethernet connection allows me to access Chinese websites, but nothing else. It sounds counterintuitive but really, that's how it is. In order to get the rest of the world, all computers have to connect to a VPN via PPTP. Once this is established, viola, you have internet.
My problem is I cannot seem to connect to the VPN. I have used Internet Connect, I have created a VPN via PPTP, and put in all the right numbers...
the VPN IP is 202.207.128.115
the username is tyut
the password is tyut
But when I try to connect, it just says it can't. Nobody at the university has been helpful because they've never used a Mac before, and besides which, they aren't used to using a computer in English.
Can anyone help me? Or does anyone know how to get in touch with Apple Services in China (in English)?

Yeah, but that's not the problem here. I'm an English teacher at Taiyuan University of Technology (the irony does not escape me). The other teachers have PCs and can get full internet in their apartment. Since I have a mac, it's much harder for the school technicians to help me.
This is what my log says from the VPN connection (which does connect now.)
Mon Oct 29 16:05:52 2007 : PPTP connecting to server '202.207.128.115' (202.207.128.115)...
Mon Oct 29 16:05:52 2007 : PPTP connection established.
Mon Oct 29 16:05:52 2007 : Using interface ppp0
Mon Oct 29 16:05:52 2007 : Connect: ppp0 <--> socket[34:17]
Mon Oct 29 16:05:52 2007 : local IP address 172.30.1.252
Mon Oct 29 16:05:52 2007 : remote IP address 172.30.1.2
But I still can't load any pages from the VPN connection, just the regular ethernet connection (local internet). It doesn't work if I use IP addresses instead. :-/ I unselected "send all traffic over the VPN connection" because if it's selected, I don't even get local internet.
Looking online I found a possible fix, but it's for Windows XP. I don't know how to find the same settings on the Mac...For Windows XP:
1. Click Start -> Control Panel
2. Click on the Network and Internet Connections icon and then click "Network Connections". If your Control Panel is in classic view, simply double click the "Network Connections" icon.
3. Right click on the new VPN connection and select Properties
4. Select the "Networking" tab
5. Verify that Internet Protocol (TCP/IP) is highlighted
6. Click on the Properties button
7. Within the Internet Protocol (TCP/IP) properties window, click on the "Advanced..." button. Within the Advanced TCP/IP Settings window, REMOVE the check mark next to "Use default gateway on remote network"
8. Click "OK" to close all open windows
Where would the "default gateway on remote network" be on a Mac?

Can't access management interface via vpn connection

Hi all,
I can't seem to be able to manage my ASA 5510 when I connect via vpn. My asa sits at a remote colo, and from my office i can connect fine. I have it configured as management-access (dmz), bc as of now we are just doing some staging and all the servers are in the dmz interface.
When i connect with the vpn client, in the routes it sees 192.168.1.0 255.255.255.0 which is the management network/interface.
For some reason I can't get access to 192.168.1.1 to use the ASDM.
Here is how i did my vpn via CLI
isakmp enable outside
isakmp identity address
isakmp policy 10
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
ip local pool vpnpool 10.1.1.2-10.1.1.10
access-list split_tunnel standard permit 192.168.200.0 255.255.255.0
access-list split_tunnel standard permit 192.168.100.0 255.255.255.0
access-list split_tunnel standard permit 192.168.1.0 255.255.255.0
group-policy xxxxx internal
group-policy xxxxx attributes
dns value
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel
username xxxxx password
username xxxxxx attributes
vpn-group-policy xxxx
username xxxxxx password
username xxxxxx attributes
vpn-group-policy xxxx
username xxxx password
username xxxx attributes
vpn-group-policy xxxx
tunnel-group xxxx type ipsec-ra
tunnel-group xxxx general-attributes
address-pool vpnpool
tunnel-group xxxx ipsec-attributes
pre-shared-key
access-list vpnra permit ip 192.168.200.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list vpnra permit ip 192.168.100.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list vpnra permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
nat (inside) 0 access-list vpnra
nat (dmz) 0 access-list vpnra
nat (management) 0 access-list vprna
crypto ipsec transform-set md5des esp-des esp-md5-hmac
crypto dynamic-map dynomap 10 set transform-set md5des
crypto map vpnpeer 20 ipsec-isakmp dynamic dynomap
crypto map vpnpeer interface outside
Any help would be much appreciated

it seems like you are missing a line:
management-access "interface"
http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/m_711.html#wp1631964

Server Admin not connecting to Leopard Server when accessing via VPN

Hi everyone,
Recently, as the title suggests, Server Admin (or Server Preferences, for that matter) would not connect to my remote server via VPN. I'm quite sure that the server is working nicely, as the users (both of them lovely young ladies with considerable charms, which makes on-site support quite interesting, if distracting) didn't call me to complain, and I can login via SSH with no problems.
The server is a Mac Mini, connected to an Airport Extreme (gigabit N), which in turn connects to our ADSL modem, if that helps any.
Now, I did tinker around a bit with the settings before this happened, so I think it's probably my fault (well, I started my "career" of administering this server a week ago, what do you expect), so I suppose I may have inadvertently limited access to a service required for Server Admin and Server Preferences to function.
If anyone could tell me which services are absolutely necessary for Server Admin to function, or at least where to start looking, I'd be immensely grateful. I didn't yet go on site to try and wrestle the whole thing from there, as the travel costs are non-trivial, so I'd rather do it remotely, if at all possible.

This is exactly the difficulty I am having with a 10.5.4 Intel xserve. I have established a VPN connection that connects me to my business LAN, and I know it has carried out the connection because there are a number of things I can access properly that are not available on the public internet. For instance, my LOM ports are restricted to my business LAN, and when I connect to the server via VPN I can access teh LOM ports and using server monitor. However, when I try to use Server Admin, nothing works. It won't connect. I too am confused. All traffic to the xserve is allowed via the business LAN. I thought all traffic was supposed to be routed to the VPN server when connected via a VPN. If this is the case, shouldn't Server Admin work? When I go on site and connect my computer directly to the business LAN, I have no difficulty using Server Admin.

4150L - Works on web, but can not connect via VPN or Remote Desktop

Recently purchased a 4150L and installed the latest firmware. We have been able to access all public websites without any problems. But, when we try and access our customers computers via VPN (various types) or Remote Desktop, we can't connect. We can sign-in to VPN, but when we try and access the computer, it says "can't connect". Exact same message with Remote Desktop. We are able to connet when use a Verizon phone as a hotspot and from every other internet service that we have tried (i.e. hotels, starbucks, etc.) It appears it is an issue with the 4150L.
Verizon Tech Support has been no help!
All ideas are appreciated!
Thanks,
Skip

Skip,
VPN traffic should be allowed through on the MiFi 4510L by default. I know I do not have any issues with mine on either the Cisco IPSec or Cisco SSL VPN Clients.
If Verizon DNS is interferring then perhaps you could try to connect to your VPN via a direct IP Address instead of a URL. Not sure what VPN client you have but there should be a No DNS option to connect if you know the correct IP. You could also try switching your DNS to one of the free ones such as the one offered by Google or any of the others.
VPN's carry alot of overhead on existing connections in my experience. Its not untypical to have a 3G connection cut in half when a VPN is applied. Try running a speed test to make sure your connection is atleast 1 MB on download before initiating a connection. If the performance of the MiFi is too poor in that area it may never be stable enough to support a connection. Feel free to post some Speedtest.net averages so we can see what you are working with.
Something to note about the MiFi 4510L is that it is on the SIM card network. That means that NAT is always going to be an issue and block your users from providing a truely public IP Address. Directly remoting to them through any means will be nearly impossible.

To connect Oracle via VPN.

Similar Messages

Maybe you are looking for