VPN and Lion Server

Similar Messages

• AEBS and Lion Server DHCP

  Hi All!
  I have a scenario I want some input on.
  1 Mac Mini Lion Server 10.7.2
  1 TC 2nd Gen
  x iPads
  x iPhones
  2 Lion clients
  I want to use the Lion Server for all collaboration services, and use Profile Manager to provide central management of iOS and Lion clients, and I want to use network accounts on the server.
  All is set up and working well, mail, ical, wiki, addressbook, VPN servers, profile manager settings, apart from one thing. how do I best push DNS server settings to the client to point to the server?
  In the TC there are no way to set what DNS server is served to clients. That would solve my case in an instant. Now all clients get the ISPs DNS servers, or pass-through of whatever DNS server is set up on the TC.
  I have 2 possible solutions:
  1. Set up TC to only provide 1 DHCP address reserved for the server, and then use DHCP on the Lion Server for the internal clients. This will work as it has been tested by other users here on this forum.
  2. Set the DNS server on the TC to point to the local Lion Server. I actually just came up with this idéa as I was typing.... maybe that is the answer? The inernal clients get the internal server as DNS and the server uses forwarders or roothints.
  What do you think? If you have this combo, TC/AEBS and Lion Server, how did you solve it?
  /Hasse

  Hi All!
  I actually found the solution myself. Soluton 2 does the trick brilliantly! I can't imagine why I didn't think of this before. I have searched this forum for a solution too, but this just was too easy . The Lion Server advanced admin guide didn't mention this either, even in the chapter about AEBS coexistance.
  /Hasse

• Lion and lion server add on for Mac Mini Server

  I bought the Lion OS and Lion Server add on for my Mac Mini Server which runs Snow Leopard Server. When trying to install the Lion,
  it requests the Add on to be available, however the add on requests the Lion to be already installed before it can be downlaoded through
  App store. I made my purchases over the phone as neither was available in stores anymore. Egg and chiken dilema.
  I do not have a physical DVD with the Snow Leopard (Client) to follow some of the instructions I have read in the communities. Any
  workaround?

  For the Mini you must have Lion client installed to purchase the Server. You can download Lion from the Mini while it's running Snow Leopard. Once Lion is installed you should then be able to purchase the Server.
  Unlike past OS X Server releases the bulk of the software is within the Lion client. The Server is more or less a type of add-on to provide all the Server utilities and support. It's a relatively small download compared to the client.

• Do I need a separate certificate for VPN on Lion Server?  I cannot get it to work.

  I am a bit of a neophyte with OSX server.
  I am setting up my first server and am having difficulties getting the services to work.
  iCal, Mail, VPN don't seem to work.
  the ports are open on the Airport Express.  I opened then using the utility program.
  Authentication fails when I try to get on via VPN. 
  Where should I look for help?
  Bob

  L2TP/IPSec requires that you have security certificates OR a shared secret, but not both.
  And if you opt for a certificate, it can even be self-signed. You certainly don't need to call Verisign and get a certificate to use VPN on you Lion server. This is a huge overkill. A strong shared secret is all you need.
  Visit this page, it's an ultra high security password generator. It generates them randomly every time the page is loaded. The look something like this:
  nhF3yiTJv9usv1FImPSkGGSEdIaSMW5sHPGmcsPN3zhA8OXbADHtg0KrJnHN9eS
  Use this as your shared secret, it's all you need.

• Can you run Lion os and Lion Server os on the same Mac mini?

  I'm a windows convert to Mac and I'm interested in running a standard Lion Client, but at the same time running Lion Server on the same Mac Mini (Server Edition).  My needs for the Lion Server OS is to handle e-mail, a Web Site, and file sharing between the server to a secondary PC, iPad, and iPhone.  But at the same time I wish to dive into the Mac (Apple) experience.  I just wish to be able to do this on the same machine.
  As a secondary question, is it possible to merge two different iTune Accounts into one?  Is it possible to share items purchased on one iTunes account with an iPad that is tied to a different iTunes Account?

  1. Yes, but you'll need separate partitions for each OS, or run the client OS in emulation.
  2. It isn't possible to combine the accounts, but a single iTunes library can contain content from multiple iTunes Store accounts.
  (61769)

• Photoshop CS5.1 and Lion Server (MacMini Mid 2011)

  Hello community,
  I have a very big problem using Photoshop CS5.1 (Mac Mini Server-Edition Mid 2011, Lion 10.7.2) - there are several mouse-pointer issues when I try to work with brushes or stamps. Depending on the size of the brush it's not shown the correct way. The icon does not show the brush itself and when I try to use the brush the mouse pointer is not the center of the brush but the uper left corner. If I zoom into the image it's possible that the same brush is working the way it should be but if I zoom out the brush does not work again. The issue seems to depend on brush size and zoom-factor of the image.
  My idea for better understanding of the problem was to record the screen activity with QuickTime. I did but as I watched the recorded photoshop activity looked perfect (allthough it did not as I recorded the actions). Now I recorded the screen activity with a movie camera, just to show, what's wrong here. Please excuse the not so perfect video quality...
  http://www.youtube.com/watch?v=ZzLJFDOWLWo
  It's annoying.
  Very similar problem in Lightroom, mouse pointer do not work the correct way depending on brush size (brish icon is not shown in image depending on size).
  Adobe does not offer support for the Server-Edition. Apple does not allow to install 10.6 on Mac Mini Mid 2011 (on my MBP Early 2011 PS CS 5.1 runs without such problems). Something's going wrong here.
  I need a solution, Photoshop CS5.1 is not useable under 10.7.2 Server. Anyone may help?
  Thank you.
  André

  Hello Doug,
  thank you for your answer. First of all: Adobe says that it's an Apple problem. Apple says that I'm not allowed to install any other OS than Lion Server on my machine - even the "normal" Lion OS seems to be not allowed.
  For me as a customer this situation is not very satisfying - I try to run a 1500$ software suite on a 1000$ Apple computer and it does not work, but nobody even tries to solve this issue. Adobe offers no support, Apple offers no bug fixes.
  This problem, btw, also appears when a MacBook Air is used. Even some MacBook Pros seem to be unable to run Phootshop CS5.1 under Lion. For me this does not look like an Lion server-issue.
  André

• VPN and Exchange server blocks internet access

  i had some difficulty configuring Entourage to connect to an Exchange server after establishing a VPN. When the VPN was up, but the Entourage was not working, I could use Safari or any other web access without problems. After getting the Entourage account running, it was populating the folders for what seemed like hours, so i wanted to do other things while waiting. Safari and AOL would not connect. Apparently Microsoft has figured out another way to mess with you on a Mac. Anyone had this problem?

  It turns out that it's the VPN that is blocking web access. The first time I configured it a couple of months ago, it connected, and I could do whatever I wanted. When I tried to use the VPN the other day, all my settings had been erased for some reason and I had to reconfigure. It connected, I got into Entourage, used it, but when I tried to go to a web site Safari wouldn't connect. I closed Entourage, no dice. Today I connected without going into Entourage and Safari wouldn't connect. Without the VPN, Safari behaves itself. I have a PC upstairs with the same VPN and it allows use of your browser.
  I connected to a different VPN host and still no browser on the Mac. Can not figure out what has happened.

• Lion Server VPN, Can Connect Locally, Not Remotely

  I have both Lion and Lion Server installed on my Core 2 Duo iMac, mainly because I want the VPN feature of Server.
  I configured everything correctly for the VPN, and can connect to it with no problems from my iPhone and iPad when I am within my own LAN (the server and the iPhone/iPad are on the same IP range and subnet).
  I also used the automatic config within the Server app to configure my AirPort Extreme N Base Station.   Looking at the Port Mapping section of my ABS from within AirPort Utility, I do in fact see that VPN Service (L2TP) is configured with the following UDP ports: 500, 1701 and 4500.  Those ports ARE pointing to the iMac that is running the VPN server.  Firewall on that iMac is turned OFF.
  However, I am unable to connect my iPhone to the VPN Server using my Public IP address.  I have tried it from within my network (out of network to internet the back), from my Verizon MiFi or from my iPhone's 3G connection (well, in my area it is still Edge).  The iPhone simply sits on "Connecting" for a few seconds, then an alert comes up stating "The L2TP-VPN server did not respond.  Try reconnecting. If the problem..." yadada.
  I AM, however, able to get Web Sharing to work via my Public IP address, as well as VNC.
  I also cannot connect to the VPN via the Public IP with other devices like my iBook, PowerBook G4, Windows 7 PC, or iMac G5.  They ALL CAN connect via the local network 10.1.x.x IP address.
  Am I missing something here?  I did all of the automatic configurations, and all of the ports appear to be properly open.

  Not in my case, Per, no.
  I just did a tcpdump between various systems.
  For those that do NOT work (client iPhone, client 10.7 and server 10.7) the tcpdumps look like so:
  19:12:33.883057 IP Home.60845 > LionServer.500: isakmp: phase 1 I ident
  19:12:33.884410 IP LionServer.500 > Home.60845: isakmp: phase 1 R ident
  19:12:33.910379 IP Home.60845 > LionServer.500: isakmp: phase 1 I ident
  19:12:33.918362 IP LionServer.500 > Home.60845: isakmp: phase 1 R ident
  19:12:33.958995 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 1 I ident[E]
  19:12:33.959349 IP LionServer.4500 > Home.60846: NONESP-encap: isakmp: phase 1 R ident[E]
  19:12:33.959461 IP LionServer.4500 > Home.60846: NONESP-encap: isakmp: phase 2/others R inf[E]
  19:12:34.997414 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
  19:12:34.998323 IP LionServer.4500 > Home.60846: NONESP-encap: isakmp: phase 2/others R oakley-quick[E]
  19:12:35.016983 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
  19:12:35.019173 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x1), length 132
  19:12:35.052641 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
  19:12:35.595022 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x2), length 132
  19:12:37.597957 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x3), length 132
  19:12:38.212127 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
  19:12:41.214447 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
  19:12:41.603061 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x4), length 132
  19:12:44.216935 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
  19:12:45.609900 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x5), length 132
  19:12:49.616860 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x6), length 132
  19:12:53.623054 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x7), length 132
  19:12:54.965357 IP Home.60846 > LionServer.4500: isakmp-nat-keep-alive
  19:12:55.032098 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 2/others I inf[E]
  19:12:55.036420 IP Home.60846 > LionServer.4500: NONESP-encap: isakmp: phase 2/others I inf[E]
  19:12:56.228356 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
  Note: I've done this over wired and wireless as well as 3G -- the transport on the client end is NOT the issue.
  A connection that works, from iPhone ONLY (on 3G or Wireless) is:
  11:24:59.960105 IP Home.61168 > LeopardServer.500: isakmp: phase 1 I ident
  11:24:59.964119 IP LeopardServer.500 > Home.61168: isakmp: phase 1 R ident
  11:25:00.673976 IP Home.61168 > LeopardServer.500: isakmp: phase 1 I ident
  11:25:00.712858 IP LeopardServer.500 > Home.61168: isakmp: phase 1 R ident
  11:25:01.466127 IP Home.61169 > LeopardServer.4500: NONESP-encap: isakmp: phase 1 I ident[E]
  11:25:01.468180 IP LeopardServer.4500 > Home.61169: NONESP-encap: isakmp: phase 1 R ident[E]
  11:25:01.468546 IP LeopardServer.4500 > Home.61169: NONESP-encap: isakmp: phase 2/others R inf[E]
  11:25:02.954797 IP Home.61169 > LeopardServer.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
  11:25:02.978314 IP LeopardServer.4500 > Home.61169: NONESP-encap: isakmp: phase 2/others R oakley-quick[E]
  11:25:03.480886 IP Home.61169 > LeopardServer.4500: NONESP-encap: isakmp: phase 2/others I oakley-quick[E]
  11:25:03.486763 IP Home.61169 > LeopardServer.4500: UDP-encap: ESP(spi=0x0a46a01f,seq=0x1), length 116
  11:25:04.032382 IP Home.61169 > LeopardServer.4500: UDP-encap: ESP(spi=0x0a46a01f,seq=0x2), length 116
  11:25:06.029801 IP Home.61169 > LeopardServer.4500: UDP-encap: ESP(spi=0x0a46a01f,seq=0x3), length 116
  11:25:06.517111 IP LeopardServer.4500 > Home.61169: UDP-encap: ESP(spi=0x088d7e27,seq=0x1), length 116
  11:25:06.742918 IP LeopardServer.4500 > Home.61169: UDP-encap: ESP(spi=0x088d7e27,seq=0x2), length 116
  And from there it's all normal.
  What never works:
  10.7 client to 10.7 server
  iPhone to 10.7 server
  The breakage seems to happen on 10.7 server here:
  19:12:35.019173 IP Home.60846 > LionServer.4500: UDP-encap: ESP(spi=0x041b007d,seq=0x1), length 132
  19:12:35.052641 IP LionServer.500 > Home.500: isakmp: phase 1 I ident
  After that first ESP packet, the Lion Server responds with another phase 1 ident.
  The Leopard server does not.
  It may still be something in my setup, but, there's nothing to configure on 10.7 server other than "on" and "off" and some IP addresses, which I'm nearly certain isn't the issue...but who knows.   Either the Lion Server ignores whatever is in that ESP packet, and starts over, or, iOS and OS X are sending it something it doesn't like and is forcing it to reset and start over.

• Lion Server: VPN external ports to open on firewall

  With Leopard/SnowLeopard Server, opening ports back to my server @ 500, 1701 and 4500 were sufficient for L2TP VPN.  I had no issues trying to connect to my VPN until I upgraded to Lion (which I'm quickly learning was a big mistake).
  Now it appears that there might be undocumented, additional ports in the new (dumbed down) VPN on Lion Server
  I've got 500, 1701 and 4500 open now... and added 1723 (PPTP) as some people suggested (found via google search).  I still cannot connect from outside my nework - the client acts like the server does not exist.
  Please note that I can connect without an issue from within the network.  When I simply change the hostname to my external host, it no longer is able to connect.  (My firewall supports external reflection when trying to access my external IP - so don't worry about my firewall config, other than port redirection).
  Is there another port besides the four I've listed about that I need to open?

  Yup... all UDP.  I'll mess with getting it outside the firewall. 
  I'm thinking now that it might be a domain/certificate name issue - seeing that all the new certificate trust requirements have already broken other things for me (like web-based stuff, calendars and profile management)
  Is it required by the VPN server that the certificate hostname matches the external hostname?

• Is Lion Server a good personal VPN solution?

  I'd like to set up a VPN server on my home network for the following reasons:
  Enable access to my network shares from my Air when I'm away from home
  Encrypt my connections from my iPad, iPhone, and Air when on unsecured WiFi networks
  For #2, I currently use Witopia, but it's a fairly expensive service and with Lion Server now just $50, why not do it myself and add the ability to access my local network from anywhere?
  What I'm wondering is whether running Lion Server on my Mini is a good option for achieving this without undue risk to my local network, or is it going to be a big pain to setup?

  After the Genius Bar guys at our Hamburg Apple Store had given up on this issue, I finally solved the problem - my VPN is up and running!
  After re-installing both OS X Lion and Lion Server several times I realized that certain settings (apparently also for the VPN server) are kept  in the invisble recovery partition that Lion installed on my Mac Mini  (e.g., 'com.apple.RemoteAccessServers.plist'). They even survived a reformatting of the hard drive. Something must have gone wrong the first time I tried to set up the VPN server and the "sudo serveradmin settings vpn" command revealed that the settings survived every re-installation.
  Therefore, I physically removed the hard drive and formatted it using a different Mac running Snow Leopard.
  It is important not only to erase the disk but also to partition it. This might even work under Lion without having to remove the drive...
  After another re-installation of OS X Lion on the clean drive over the Internet from Apple's server (pressing the command-R keys while rebooting) I did a system update and subsequently installed the Server app.
  After that I was able to start the VPN server from the Server app.
  Inside my local network it was then possible to connect to the VPN server from an iPad 2 (iOS 4.3.5) and from an old Powerbook G4 (Leopard), but not from a MacBook Pro with Snow Leopard.
  However, all clients were able to make an external connection through my Deutsche Telekom Router (SpeedPort 722V) with forwarding of ports 1701 (UDP), 500 (UDP) and 4500 (UDP) and enabled GRE and ESP protocols.
  For the sake of security I have disabled (closed) all arbitrary ports of the server's own firewall while it's local network ports (192.168.x.y) are all open to enable any internal connections.
  It is a serious restriction, however, that the Lion Server only offers the L2TP VPN protocol. Maybe the commercial iVPN solution is an acceptable workaround: http://macserve.org.uk/.
  Regards, Björn

• Netgear DG834N and Leopard Server VPN

  Has anyone had the Netgear DG834N up and running with Leopard Server's VPN service?
  I've had it recommended to me by someone who has been using for VPN and Tiger Server.

  Well, I have now. Works just fine.

• How to reinstall OS X Lion Server

  I'm newbie os x admin . I bought new Mac Mini 2010 with Lion Server. I want to do RAID 0 with my HDD. 
  I make image for Recovery Partition. Then  format partition and do RAID 0.
  I setup with Mac OS X Lion 10.7 GM build 11A511
  I success to install but .... No Lion Server.
  I try to check Mac Store but I found  I need to buy  Lion Server License ?
  These is my Question
  1.  Lion Server that pre-install with Mac Mini is not license version or not?
  2.  Should  I  restore from  recovery partition  and get Lion Server from them ?
  3.  How I make recovery DVD or anything that easy to reinstall ?
  Thank You very much.

  The 2010 Mac mini Server did not come with Lion Server, it was shipped with Snow Leopard Server. To go from Snow Leopard to Lion is a paid upgrade, not a free update. Up until Snow Leopard there was a SL client OS and a SL Server OS. Now Lion Server is an add-on purchase to the Lion client. So you must buy and install the Lion client, then the second step is to buy and install the Lion Server add-on. You purchase both Lion and Lion Server through the Mac App Store.

• Is lion server part of the lion osx install

  hi
  just a quick one,
  we have a mac mini with lion and lion server.
  this was set up only one week ago  by another member of staff who is now off site for a while.
  we want to reinstall and start again.
  i have erased the disc in the start up options the command R option.(i hope that was the best way)
  i have started to download lion osx and left this running at work so hopefully it'll be ready in the morning - does this automatically install Lion Server or is this a separate download.
  i assumning when this came out the box lion server was part of it, but not sure about re-installation
  any advice is welcome
  regards
  Gavin

  Lion Server is a seperate download in the App Store.

• Can you install Lion server but still use the mac as normal?

  I have a Macbook Pro and I would like to install Lion server. I was wondering if when I buy it off the mac app store if it works like any application so I can like close out of the server and use the mac as normal like to get on the Internet, or if Lion server installs like a new operation system and I can't use my mac as normal?
  Thanks
  WirelessCharge

  Welcome to the Apple Support Communities
  Of course. On Mountain Lion and Lion, Server is just an app, so you can close it and turn off its services whenever you want to use your Mac as usual, although you don't have to close Server app to use the computer as normal

• I want to reinstall lion server

  I have a Mac Pro that came with Lion Server installed.  I went through the setup and added it to my network.  As I look through the documentation, I'm thinking I want to reinstall it and run it as a migration from our Mac Pro with Snow Leopard Server.  Can I do a reinstall by holding the command R on bootup and then go through and do a migration?

  Yes I did do it from the recovery section. I think when I first booted up Lion Server, the App Store registered Lion and Lion Server on my Apple ID Account so I can downloaded them again for free.
  So, I used recovery to reinstall Lion (for free) and once it had all installed, I downloaded Lion Server again (for free from the Apple Mac App Store).
  Hope this helps!