Home Forums Older Versions of Mac OS X and iOS Mac OS X Server 10.3 General Discussion Panther VPN setup troubles

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • September 16, 2005 at 2:46 am #363275
    Bill Eccles
    Participant

    Gentleones,

    Using MOSXS 10.3.9 on a dual G4 behind a LinkSys BEFSX41 with port 1723/TCP routed to my server’s LAN address, 192.168.1.2, I have done the following:

    Enabled the VPN server. Set DNS entry to 192.168.1.2 (as I am running a DNS on that box). Successfully connected/authenticated a LDAP user.
    Discovered no traffic flows for the LDAP user.
    Done the “sudo /usr/sbin/vpnaddkehyagentuser” thing suggested by Apple.
    Re-enabled the VPN server.
    Noticed that traffic now flowed from the client to the server as evidenced by being able to ping 192.168.1.2.
    Noticed that I can ping the router associated with 192.168.1.2, namely 192.168.1.1.
    Noticed that I can’t ping squat else.
    Remembered Joel’s advice to turn on IPFORWARDING (modified /etc/hostconfig setting IPFORWARDING=-YES-). Restarted.
    Noticed no change.
    Added a private route for 192.168.1.1/255.255.0.0/private because I am trying to get into a LAN which has several subnets, all connected by the BEFSX41s. (But if I can’t ping 192.168.1.7, then it’s irrelevant, I guess.)
    Yes, restarted VPN after each and every change.
    Got frustrated, heaved the Mac out the window, and then cried because I’d done such a horrible thing to such a helpless box….

    OK, with the exception of that last one, it’s all true.

    The client is connecting using a straight path to the DSL modem, no router in between. I.e., it’s live and on the internet. So that problem shouldn’t be a problem.

    Can anybody help… please?

    Thanks,
    Bill

    September 16, 2005 at 3:39 am #363276
    Bill Eccles
    Participant

    Added a route for 0.0.0.0/255.255.255.255/public. Can now “see” google and other non-private addresses. Traceroute confirms that these addresses are being routed directly to public connection.

    But still no dice on the private side.

    Bill

    September 16, 2005 at 4:08 am #363277
    Bill Eccles
    Participant

    netstat shows that the Destination (192.168.1.205) is routed to the Gateway of centipede.mydomain.com. centipede.mydomain.com. is routed to localhost.

    Is it possible that IPFORWARDING is not on or something?

    Thanks,
    Bill

    September 16, 2005 at 5:11 pm #363283
    heavyboots
    Participant

    Given that I wouldn’t trust a LinkSys BEFSX41 farther than I could throw it with both arms tied behind my back, I have to ask–have you ever successfully established a VPN with it using the current version of the firmware on it?

    I have an FSR41 and an FSX41. We basically don’t use the FSX41 anymore because it’s either so unstable or so broken, depending on which variant of the firmware I put on it.

    September 16, 2005 at 11:38 pm #363287
    Bill Eccles
    Participant

    Granted, I don’t like the Linksys boxes any farther than I can throw them… no, wait, I probably could heave one of them pretty far…. Anyway. I don’t think the Linksys box is relevant.

    A traceroute shows the VPN host right away and then it gets lost in * * * land.

    The funny thing here is that I have vpnd running at a different location (the one that you helped out with before by telling me about the IPFORWARDING switch) and it does the same thing. So something just isn’t right.

    I can’t ping the local address of the connected machine either, by the way, and just in case it’s relevant, NAT is off on the OSXS box.

    Thanks for the clues so far. Let this additional info percolate through your minds and see what you can figger’.

    Many thanks,
    Bill

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.