VPN server configuration - dns troubles

Similar Messages

• Help configure DNS Enabler for Bonjour discovery

  Hi!
  I have a MacBook with Snow Leopard acting as a VPN server configured by the iVPN software.
  The shares on the local network can I connect to using Command-K, but I would like to have Bonjour to have it advertise all the shares.
  Then I heard about the program DNS Enabler which can advertise Bonjour services on wide area
  network.
  In DNS Enabler I have created a domain as they said in the manual and then added the AFP shares in the Bonjour tab.
  For a AFP share I must add: afpovertcp.tcp, example.domain.com, 548.
  I did this for my local shares and then tried to connect through the VPN I was very happy to see that
  the AFP shares show up in Finder sidebar under the "All..." icon.
  But now to the problem:
  I thought I could do the same for my iTunes server I have on the local network. I added; daap.tcp, example.domain.com, 3689.
  But why won't it show up in iTunes when all other Bonjour services working in Finder?
  Thanks for your help!

  Hi,
  have you figured it out yet? Otherwise you might want to try the Home-Sharing service home-sharing.tcp, which to my knowledge also runs through port 3689?
  I am still in the first stage of your post. I am trying to get AFP to work through VPN with DNS-Enabler. No success so far. Could you be so kind to post your exact settings?
  Thank you!

• How to setup built-in VPN server on Mountain Lion

  Anyone have information on configuring the built-in VPN server in OS X Mountain Lion ?

  Update - it works ! At least I can connect to Mountain Lion (not server) from my iPhone using the VPN Server Configurator app.
  Here's what I did :
  1) download the app and install
  2) setup using the help files on the web page : http://www.greenworldsoft.com/product-vpn-server-help.html
  3) at the last stage you need to setup port forwardin on your router
  4) under Airport Utility 6.0 you cannot setup ports 500 or 4500 due to BTTM conflicts but setup the other 2 ports (1723 TCP and 1701 UDP), update airport extreme
  5) download Airport Utility 5.6 from here : download already extracted utility  it is in it's extracted form as is necessary under Mtn Lion (thanks to NetUse Monitor for the download - great app by the way)
  6) run 5.6 and setup port forwarding (Advanced-Port Mapping) for the other 2 ports (500 and 4500 UDP), update airport extreme
  7) that's it, I was able to connect to the VPN from my iPhone !

• PIX 501 passthrough with to a Win VPN Server

                     Can this piece of %^$ pix 501 allow port 1723 to be open so users can connect to a Windows VPN server configured by PDM?
  pix  6.3(5)
  Outside staic IP - whatever 111.111.111.111
  Inside 192.168.1.1
  Win VPN server 192.168.1.10
  Thanks to anybody that can help.
  Note - I wnat to know if thi can be accomplished using PDM 3.0.4
  This pix has to have a use other than a glorified 4 port switch

  Yes you can enable PIX501 with version 6.3.5 for PPTP pass through.
  Command line:
  static (inside,outside) tcp interface 1723 192.168.1.10 1723 netmask 255.255.255.255
  fixup protocol pptp 1723
  access-list permit tcp any host 111.111.111.111 eq 1723
  If you don't already have an access-list applied to outside interface, then you also need the following:
  access-group in interface outside
  Then "clear xlate" after the above configuration. I also assume that you would like to use the outside interface ip address of the PIX for the translation. Otherwise, if 111.111.111.111 is actually a spare public ip address, then the above static command should say:
  static (inside,outside) 111.111.111.111 192.168.1.10 netmask 255.255.255.255
  Yes, it can be accomplished using PDM. But i have to apologize that i don't have a handy access to a PDM hence, i can only advise you on the configuration using CLI.
  Hope that helps a little.

• Windows 2012 VPN Server - Routing

  Hi community,
  I hope you can help me out with my problem.
  Following situation:
  I have a Win 2012 Server as VPN Server configured.
  Connecting a VPN Client works fine and the VPN Client gets a IP address from a static IP range. The ip address it gets is 192.168.200.x
  It works fine to ping to all devices in the 192.168.200.0/24 net. But I have a second net - 192.168.202.0/24. My VPN Server is connected to both nets. (2 NICs)
  What I want to achieve is that the vpn clients can connect to devices in the 192.168.202.0 net as well.
  When I put the following route into the clients ip table, it works:
  #route add 192.168.202.0 mask 255.255.255.0 192.168.200.1
  For me thats fine, but I have a bunch of other users, also connecting to this vpn server.
  So the best would be if automatically when the user connects to the vpn, it also creates a static route like the one above.
  Is this somehow possible?
  I tried static route in the "Routing and Remote Access" Tool and static routes in the Dial-In config of the user in Active Directory - nothing worked

  Hi  Made1990 ,
  When VPN is connected ,the clients will use VPN server as default gateway .
  As a result ,clients will be able to connect the two subnets that VPN server is connected to .
  We can use
  Network Monitor on VPN server and the device on subnet 192.168.202.0 to find the problem :
  Install and open
  Network Monitor on the two devices .
  Ping the device on subnet 192.168.202.0 from VPN client .
  If the device on subnet 192.168.202.0 get ICMP Echo Request packet ,that means the routes to 192.168.202.0 is OK .
  If the device sends ICMP Echo Reply packet and VPN client doesn’t get ,thar means reverse routes are wrong.Analyze the data on both devices can help to find the problem of routes .
  Here is the guide for using
  Network Monitor :
  Network Monitor :
  https://technet.microsoft.com/en-us/library/cc938655.aspx?f=255&MSPPError=-2147217396
  Best Regards,
  Leo
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Do I have to configure DNS server before configuring VPN server?

  Hi,
  In my journey to get this mac os X server to actually work...
  Do I need to configure DNS server on Mac OS X server first before setting up VPN or ICHAT server?
  Or, it seems that I can use my D-Link Gaming router as a DNS server.
  I think I'm most confused with which numbers to enter as my DNS... is it the local IP of my mac mini being used as the server (192.168.0.1) or is it the IP address assigned to my cabel modem?
  There are so many posts on this, I am feeling lost.... has anyone found a really great step by step that explains how to do this?
  thanks
  Ethan-

  Ethan,
  My experience is that it is absolutely necessary to have an external DNS server setup correctly BEFORE you even start installing your OS X Server, so why not keep it. Still, once you have set up OS X Server, you can also use its own DNS server, but be VERY careful to set it up correctly. DNS mistakes, especially the ones regarding server's own IP addresses, are usually not forgiven by OS X Server. Many of us here have learned that the hard way. As for me, I prefer to have a dedicated DNS.
  Best regards,
  Andrus

• DNS server configuration and behaivour

  Hi all,
  I'm looking for detail explanations which can explain how Mac OS X 10.6 *DNS client* works and may be configured.
  According to http://discussions.apple.com/thread.jspa?threadID=2227251 nothing is not guaranteed like order and failover.
  According to http://support.apple.com/kb/HT4030 failover will take affect when DNS server returns with SERV_FAIL (0x2) error code. What about NXDOMAIN (0x3) error code (which is more interesting scenario)?
  What I'm looking for DNS client?
  I'm looking for several DNS servers configuration which allow to split DNS domains for several areas. This, for example, may be very useful for VPN connections when VPN DNS server will resolve internal resource and another server (configured before VPN tunnel established) will resolve external resources.
  Is there any possible configuration to achieve this requirement for Mac OS?
  Thanks in advance,
  Oleg.

  Thanks Felix for quick response.
  In your scenario:
  1. You configured to different DNS servers and probably only one of them replied to DNS queries. And this is OK.
  2. When non valid IP configured means that DNS server will not reply to DNS query and than failover will query the second DNS server in the list. And this is also OK.
  I'm looking 2 different DNS servers configuration when one of them will reply to different domains. For example:
  First server will reply to *.mycompany.com.
  The second one will reply to any query except mycompany.com domain(since it is not published).
  Thanks again,
  Oleg.

• Mail server and DNS configuration

  I have an XServe G4 running Mac OS X 10.4 Tiger Server, and I have successfully configured two domains that I purchased from GoDaddy as websites on this XServe. It's behind an Airport Extreme, and I have forwarded a bunch of ports in order to enable FTP, SSH, Web, remote Server Administration, webmail, and I have also forwarded the IMAP and SMTP ports. All of these services work except for email, so I am wondering if there is any special DNS settings that I need to configure in the GoDaddy total dns configuration page. I have the MX record pointed directly to my IP, just like the A record. I also have mail.mydomain.com pointed to the A record's IP (maybe I described that poorly, but I hope it gets the point across). I am able to log into webmail and send email out to other people, but when I try replying back to the email which I sent from webmail, I get a bounced message. I also cannot configure a Mail client, but I think I need to get the accounts at least working first. Can someone provide a list of DNS requirements or server configuration requirements for me to check off in order to make this happen? Does anyone know of any great resources to learn this kind of stuff? I'm kinda new to the server thing.
  Thanks!
  Paul

  postconf -n results:
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  html_directory = no
  inet_interfaces = localhost
  mail_owner = postfix
  mailboxsizelimit = 0
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  mydestination = $myhostname,localhost.$mydomain,localhost,rubenkalath.com
  mydomain = rubenkalath.com
  mydomain_fallback = localhost
  myhostname = mail.rubenkalath.com
  mynetworks = 127.0.0.0/8
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpdtls_certfile = /etc/certificates/Default.crt
  smtpdtls_keyfile = /etc/certificates/Default.key
  smtpdusetls = no
  unknownlocal_recipient_rejectcode = 550
  virtualmailboxdomains = hash:/etc/postfix/virtual_domains
  virtual_transport = lmtp:unix:/var/imap/socket/lmtp
  ps U _postfix results:
  ps: _postfix: no such user
  tail -20 /var/log/mail.log results:
  May 15 15:55:27 sincity postfix/cleanup[1257]: 765DC4517A: message-id=<[email protected]>
  May 15 15:55:27 sincity postfix/qmgr[1239]: 765DC4517A: from=<[email protected]>, size=881, nrcpt=1 (queue active)
  May 15 15:55:27 sincity postfix/smtpd[1254]: disconnect from localhost[127.0.0.1]
  May 15 15:55:27 sincity postfix/pipe[1259]: 765DC4517A: to=<[email protected]>, relay=cyrus, delay=0, status=sent (mail.rubenkalath.com)
  May 15 15:55:27 sincity postfix/qmgr[1239]: 765DC4517A: removed
  May 15 15:58:09 sincity postfix/smtpd[1338]: connect from localhost[127.0.0.1]
  May 15 15:58:13 sincity postfix/smtpd[1338]: lost connection after CONNECT from localhost[127.0.0.1]
  May 15 15:58:13 sincity postfix/smtpd[1338]: disconnect from localhost[127.0.0.1]
  May 15 16:06:09 sincity postfix/postfix-script: refreshing the Postfix mail system
  May 15 16:06:09 sincity postfix/master[590]: reload configuration
  May 15 16:12:48 sincity postfix/smtpd[1709]: connect from localhost[127.0.0.1]
  May 15 16:12:54 sincity postfix/smtpd[1709]: lost connection after CONNECT from localhost[127.0.0.1]
  May 15 16:12:54 sincity postfix/smtpd[1709]: disconnect from localhost[127.0.0.1]
  May 15 16:28:58 sincity postfix/smtpd[2068]: connect from localhost[127.0.0.1]
  May 15 16:28:58 sincity postfix/smtpd[2068]: 1FA354537C: client=localhost[127.0.0.1]
  May 15 16:28:58 sincity postfix/cleanup[2071]: 1FA354537C: message-id=<[email protected]>
  May 15 16:28:58 sincity postfix/qmgr[1530]: 1FA354537C: from=<[email protected]>, size=776, nrcpt=1 (queue active)
  May 15 16:28:58 sincity postfix/smtpd[2068]: disconnect from localhost[127.0.0.1]
  May 15 16:29:02 sincity postfix/smtp[2072]: 1FA354537C: to=<[email protected]>, relay=mercury.gatech.edu[130.207.192.26], delay=4, status=sent (250 Ok: queued as 67542CDF86)

• How setup SPA525 vpn client?How configuration Cisco VPN server?

  Hi all,
  How setup SPA525 vpn?
  How configuration Cisco VPN server for SPA525?
  Regards
  John

  Hi John,
  Do you want to setup the SPA525 on the UC300?  If so the UC300 does not support any VPN or remote users.  If you need configuration help with the UC5XX just let me know.
  Thank you,
  Jason Nickle

• Connect to server thru DNS using VPN

  I want to do the following :
  - connect to my server thru VPN (this is working) using VPN server of the OS X Server
  - command -K connecting thru the fileshare on the same server using the dns name of my server. (not working)
  when i see the settings of the VPN connection i see my DNS server in the tab DNS. But connection is not established.

  Are you typing the hostname of the server in the 'Connect to Server' dialog? or are you hoping to see the remote servers appear in the list when you Browse?
  The former should work. The latter will not (at least not without extra significant hoops).
  If you are trying the former, and you can't hit the server by name, check whether you can hit it via IP address. Also check whether you can resolve the name via some other means (e.g nslookup or dig in Terminal.app, or Network Utility.app). That will at least help pinpoint the problem.

• Configure VPN Server Cisco 877W

  Hello!
  I need to implement VPN Server on a Cisco 877W.
  The idea is as follows:
  Access the network from anywhere using the Cisco VPN Client;
  The router need receive a minimum 5 simultaneous connections;
  Each User would have a login and password;
  Cisco 877W (System image file is "flash: C870-advipservicesk9-mz.150-1.M10.bin")
  Following script:
  version 15.0
  no service pad
  service tcp-keepalives-in
  service tcp-keepalives-out
  service timestamps debug uptime
  service timestamps log uptime
  service password-encryption
  service sequence-numbers
  hostname VPN
  boot-start-marker
  boot-end-marker
  logging buffered 10240
  enable secret PASS@PASS
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  clock timezone BR -3
  dot11 syslog
  dot11 ssid ACESSO01
  authentication open
  authentication key-management wpa
  guest-mode
  wpa-psk ascii PASS@PASS
  no ip source-route
  ip dhcp pool ODIM
     import all
     network 192.168.100.224 255.255.255.224
     default-router 192.168.100.254
     dns-server 10.151.176.80 201.10.120.3 10.151.176.79 201.10.1.2
     update arp
  ip cef
  no ip bootp server
  no ip domain lookup
  ip domain name local
  ip inspect name firewall tcp
  ip inspect name firewall udp
  ip inspect name firewall cuseeme
  ip inspect name firewall h323
  ip inspect name firewall rcmd
  ip inspect name firewall realaudio
  ip inspect name firewall streamworks
  ip inspect name firewall vdolive
  ip inspect name firewall sqlnet
  ip inspect name firewall tftp
  ip inspect name firewall ftp
  ip inspect name firewall icmp
  ip inspect name firewall sip
  ip inspect name firewall esmtp max-data 52428800
  ip inspect name firewall fragment maximum 256 timeout 1
  ip inspect name firewall netshow
  ip inspect name firewall rtsp
  ip inspect name firewall pptp
  ip inspect name firewall skinny
  no ipv6 cef
  multilink bundle-name authenticated
  archive
  path flash:config
  write-memory
  file verify auto
  username suporte privilege 15 secret 5 $1$WdPL$PHwugOutS3fztS8hBUl9g0
  ip tcp timestamp
  ip ssh version 2
  bridge irb
  interface ATM0
  description #### A D S L - INTERNET ####
  no ip address
  no ip proxy-arp
  load-interval 30
  no atm ilmi-keepalive
  interface ATM0.1 point-to-point
  description #### A D S L - INTERNET ####
  pvc 0/35
    pppoe-client dial-pool-number 1
  interface FastEthernet0
  description #### I N T R A N E T ####
  switchport trunk native vlan 100
  switchport mode trunk
  load-interval 30
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Dot11Radio0
  no ip address
  no ip proxy-arp
  load-interval 30
  encryption mode ciphers aes-ccm tkip
  ssid ACESSO01
  speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
  station-role root
  no cdp enable
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 spanning-disabled
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  interface Vlan1
  description #### ETH`S ####
  no ip address
  no ip proxy-arp
  load-interval 30
  bridge-group 1
  bridge-group 1 spanning-disabled
  interface Vlan100
  description #### I N T R A N E T ####
  ip address dhcp
  no ip proxy-arp
  ip nat outside
  ip virtual-reassembly
  interface Dialer0
  description #### I N T E R N E T ####
  ip address negotiated
  ip access-group Traffic-Permit-IN in
  no ip redirects
  no ip unreachables
  ip mtu 1492
  ip nat outside
  ip inspect firewall out
  ip virtual-reassembly
  rate-limit input access-group 100 16000 8000 8000 conform-action transmit exceed-action drop
  encapsulation ppp
  load-interval 30
  dialer pool 1
  dialer-group 1
  ppp authentication pap chap callin
  ppp chap hostname user@user
  ppp chap password pass@pass
  ppp pap sent-username user@user password pass@pass
  ppp ipcp dns request
  ppp ipcp wins request
  ppp ipcp route default
  no cdp enable
  interface BVI1
  description #### BRIDGE Vlan1/Dot11Radio0 ####
  ip address 192.168.100.254 255.255.255.224
  no ip proxy-arp
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1452
  ip policy route-map PBR
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source route-map ADSL interface Dialer0 overload
  ip nat inside source route-map INTRANET interface Vlan100 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0 name ADSL
  ip route 0.0.0.0 0.0.0.0 10.48.50.1 name INTRANET
  ip access-list extended ADSL
  deny   ip any 10.0.0.0 0.255.255.255
  permit ip any any
  deny   ip any host 192.168.100.255
  deny   udp any any eq tftp log
  deny   ip any 0.0.0.0 0.255.255.255 log
  deny   ip any 127.0.0.0 0.255.255.255 log
  deny   ip any 169.254.0.0 0.0.255.255 log
  deny   ip any 172.16.0.0 0.15.255.255 log
  deny   ip any 192.0.2.0 0.0.0.255 log
  deny   ip any 192.168.0.0 0.0.255.255 log
  deny   ip any 198.18.0.0 0.1.255.255 log
  deny   udp any any eq 135 log
  deny   tcp any any eq 135 log
  deny   udp any any eq netbios-ns log
  deny   udp any any eq netbios-dgm log
  deny   tcp any any eq 445 log
  deny   ip any any log
  ip access-list extended INTRANET
  permit ip any 10.0.0.0 0.255.255.255
  deny   ip any any
  deny   ip any host 10.48.50.255
  deny   udp any any eq tftp log
  deny   ip any 0.0.0.0 0.255.255.255 log
  deny   ip any 10.0.0.0 0.255.255.255 log
  deny   ip any 127.0.0.0 0.255.255.255 log
  deny   ip any 169.254.0.0 0.0.255.255 log
  deny   ip any 172.16.0.0 0.15.255.255 log
  deny   ip any 192.0.2.0 0.0.0.255 log
  deny   ip any 192.168.0.0 0.0.255.255 log
  deny   ip any 198.18.0.0 0.1.255.255 log
  deny   udp any any eq 135 log
  deny   tcp any any eq 135 log
  deny   udp any any eq netbios-ns log
  deny   udp any any eq netbios-dgm log
  deny   tcp any any eq 445 log
  ip access-list extended Traffic-Permit-IN
  deny   ip 0.0.0.0 0.255.255.255 any
  deny   ip 10.0.0.0 0.255.255.255 any
  deny   ip 127.0.0.0 0.255.255.255 any
  deny   ip 169.254.0.0 0.0.255.255 any
  deny   ip 172.16.0.0 0.15.255.255 any
  deny   ip 192.0.2.0 0.0.0.255 any
  deny   ip 192.168.0.0 0.0.255.255 any
  deny   ip 198.18.0.0 0.1.255.255 any
  deny   ip 224.0.0.0 0.15.255.255 any
  deny   ip any host 255.255.255.255
  permit tcp any any eq 1723
  permit gre any any
  deny   icmp any any echo
  deny   ip any any log
  access-list 100 permit icmp any any echo-reply
  access-list 100 permit icmp any any echo
  access-list 110 permit ip 192.168.100.224 0.0.0.31 any
  dialer-list 1 protocol ip permit
  no cdp run
  route-map ADSL permit 10
  match ip address 110
  match interface Dialer0
  route-map INTRANET permit 10
  match ip address 110
  match interface Vlan100
  route-map PBR permit 10
  match ip address ADSL
  set interface Dialer0
  route-map PBR permit 20
  match ip address INTRANET
  set interface Vlan100
  control-plane
  bridge 1 route ip
  line con 0
  no modem enable
  line aux 0
  line vty 0 4
  transport input telnet ssh
  scheduler max-task-time 5000
  end

  Some Help?

• OS X 10.4.11 Server - configured name and reverse DNS do not match / DNS

  Hi all,
  I have looked for similar posts but all seem to have different scenarios, hoping to get an answer from someone more experienced than myself before I do anything silly.
  Help much appreciated!
  Scenario:
  We run a 10.4.11 OS X Server on an XServe, hosted at an ISP. ISP provides all DNS services, incl. the reversed DNS entry.
  I am currently only running the following services (based on the display in ServerAdmin):
  AFP
  Firewall
  iChat
  Mail
  QuickTimeStreaming
  Web
  All others (incl. DNS) are grayed out. (As ISP instructed us not to add a DNS service on our box, that's "normal" according to my experiences with dedicated /co-location server hosting).
  We never used changeip after the initial setup, meaning the server's
  Current Hostname = somename.local and
  DNS Hostname = mail.ourdomainname.net
  So in system.log I find this re-occuring entry:
  Jul 8 11:41:22 somename servermgrd: servermgr_dns: configured name and reverse DNS name do not match (somename.local != mail.ourdomainname.net), various services may not function properly - use changeip to repair and/or correct DNS
  Finally, my question:
  As Mail and Web services etc. are currently running OK from what I can tell,
  1) do I HAVE to change this at all?
  2) Would it be much better / why?
  3) Could I change this using the following command
  (111.11.111.1 indicating the server's IP address)
  changeip 111.11.111.1 111.11.111.1 somename.local mail.ourdomainname.net
  4) without running a DNS server on the machine, i.e. DNS service is not required for this to work?
  5) obviously I want to be able to use Server Admin after I issue this command...
  6) can I fall back easily in case this would screw it up, or is there no risk whatsoever doing this in my case?
  THANK YOU so much for any help!

  Hi Jonas
  If port 443 is already being used on the same box as KMS then it will complain and probably not start the service? I've seen this with LDAP port 636. This is when Kerio is installed on a server configured as an OD Master. Clearly the port can't be used by both servers.
  It might be easier to change the port your sites are currently using to something else? Although don't do anything yet. Pose the question to Kerio Support and see what advice they offer.
  Yes moving the mail to a local folder on the mail client will do it.
  Is Kerio going on the same box? If its a different box (presumably different IP address?) Then what you can do is to port forward to the new server's IP address instead of disabling it. This way while you are bringing the new server on line users can still send mail right up until the time you give instructions on changing their inbound/outbound mail server details. Of course they won't be able to receive but if you time it right they may not even get an error message? Depends on what their schedules are.
  If it was me I would choose IMAP every time. As the mail admin you have full control and a central location for easy backup. KMS has a built in archiving feature that makes this a simple process. This is an easier option than going round individual client machines and making sure mail held locally in POP accounts are backed up. Besides there is always someone who falls through the loop and I'm not taking into account drive failures. It makes good sense anyway as there is talk of legislation being introduced to make this a requirement for businesses who run their own mail servers. This is certainly true for certain parts of the US and what usually happens there is generally taken up in the UK and most parts of Europe.
  Kerio's WebMail Client means users don't even have to have their own computer. Just as long as they have access to one that has access to the internet they can send/receive mail. No need for dedicated mail applications such as Apple Mail, Thunderbird, Entourage etc. How mail is uses remains consistent for all users.
  Yes. I did this not so long ago with Leopard's built in Mail Server. I sent an e-mail defining a time when no inbound mail would be received. Disabled port forwarding for SMTP port 25 and approx 30 minutes after that another mail stating no outbound mail should be sent. Once everything was swopped over (we were changing from a G4 10.4 server to a G5 10.5 Server) port 25 was enabled, new server brought online and everyone was mailing again with no appreciable downtime.
  These boxes were to have the same IP address hence the slightly different approach.
  Does this help?
  Tony

• Configuring DNS when clients get DHCP from a Windows server

  Hi
  I'm getting to grips with OD and have managed to configure a test environment at home with static IPs and all the DNS entries being entered manually for each computer.
  However, how do I configure the DNS in an environment where clients get their IPs from a Windows DHCP server (which I have no access to)?
  Setting clients to have static IPs is not an option nor enabling DHCP on the Mac server, I suspect.
  Your help is really appreciated.
  Steve

  Hi
  Your suspicion is correct.
  To be honest I would what is available on the Windows Server as the basis for your Open Directory deployment. If the Windows Server is already the DHCP Server odds are it is also the DNS Server. DNS can be provided to your clients using the Windows based DHCP service.
  If you have no direct access to the windows server you should be able at the least ask the windows administrator to add a Host Record with a Reverse Pointer for the OSX Server. Make sure its resolving correctly first using the relevant tools first then add the IP address of the Windows Server in the network preferences pane on your OSX Server. Thereafter you should be able to promote from Standalone to Open Directory Master without too many problems.
  If the Windows Server is using .local as its FQDN then it could scupper any chances you have of providing OSX LDAP services to your mac clients. It can work with .local, its just better if its not used.
  Hope this helps – Tony

• Help with configuration vpn server on mac os

  Does anyone know a step by step way to configurtae a vpn server on the normal snowleopard
  i tried ivpn but i cannot connect to the L2TP vpn server ( i configurated it as described )
  does anyone has a solution to try out ivpn
  or is there any alternativ way for ivpn

  Does anyone know a step by step way to configurtae a vpn server on the normal snowleopard
  i tried ivpn but i cannot connect to the L2TP vpn server ( i configurated it as described )
  does anyone has a solution to try out ivpn
  or is there any alternativ way for ivpn

• Error 812: The connection was prevented because of a policy configuration on your RAS/VPN server

  Hi,
  Just wondering if anyone can help.
  We have set up RAS/VPN on our Windows Server 2012 Essentials server. One of our users when trying to log in gets the below error when trying to connect to VPN:
  "Error 812: The connection was prevented because of a policy configuration on your RAS/VPN server. Specifically the authentication method used by the server to verify your username and password may not match the authentication method configured in your
  connection profile. Please contact the Administrator of the RAS server and notify them of this error."
  The domain admin account can log in to VPN fine and any new AD account that I create can log in fine, but just not this particular user account. I checked that this account has "Dial In" access on their user account on AD and on the Anywhere Access
  tab on the users properties in Windows server 2012 Essentials Dashboard the "Allow Virtual Private Network (VPN)" is ticked. They are a member of the RA_AllowVPNAccess security group.
  I also configured the authentication protocol MS-CHAPv2 on the server and on the client. I also tried to connect using PPTP rather than automatic, with no luck.
  I did some searching on the Internet, but virtually all of the resolutions for this issue are related to setup or configuration problems that would result in the VPN either consistently working or not-working.  I tried changing a number of the NPS policies,
  since the error seemed to point to an NPS issue, but this did not resolve the problem.
  I'm buffled why just this user cannot connect to VPN.
  Any thoughts?

  Hi,
  à
  The domain admin account can log in to VPN fine and any new AD account that I create can log in fine, but just not this particular user account.
  It is really a strange issue. I noticed that you have checked “Dial-in” tab of this problematic user properties
  in ADUC. Just a confirmation, did you mean that “Allow access” option was checked under Network Access Permission? Or anything I misunderstand?
  On current situation, please view the problematic account properties on Dashboard and navigate to
  Anywhere Access tab, and please uncheck “Allow Virtual Private Network (VPN)” option and click Apply button. Then please re-check
  “Allow Virtual Private Network (VPN)” option and apply again. Any difference?
  By the way, did you check the event logs if find any related event or error?
  If anything I misunderstand or any update, please don’t hesitate to let me know.
  Hope this helps.
  Best regards,
  Justin Gu