How do I share a VPN connection to bridge sites? s2svpnadmin?

[baliset]

This is one of those “I strongly suspect there’s a way to do this, if only I knew how” questions. Some help will be greatly appreciated.

[b]Can a Mac with two interfaces (airport/ethernet or ethernet/ethernet) log onto a VPN server with one interface [i]and then share it[/i] with the other to bridge two remote networks?[/b]

I’ve tried this by logging on to our VPN and then turning on Internet Sharing (from a regular Mac, not OS-X server), but it seems it isn’t nearly that simple.

Our PPTP VPN server is hosted on our XServe (Server v10.4.10) at work. This and a second location are linked with standard (but fast) ADSL broadband. I can log in from both Mac and Windows VPN clients at the external location and indeed the experience is just like being at work- printers, file servers and other resources (eg networked Filemaker databases) are all visible. Yay.

Can I extend this concept further by logging onto our VPN with one interface (eg Airport) and then enabling Internet Sharing through the second interface (eg Ethernet)? Will this allow a small network connected through the second interface to all behave as though they are on the work network, with transparent access to fileservers, printers and so on, without each bothering individually with VPN logins and so on? Can a regular Mac with two NICs to do the same job, acting as a router between the two networks?

I have seen various references to a command line utility called [b]s2svpnadmin[/b], but this seems only to work between to OS-X Servers. Ideally, I’d like a regular Mac to act as the router at the remote location. I don’t know if s2svpnadmin is the solution (Apple’s documentation suggests strongly it is), but does anyone know if it can be added to a regular Mac (10.4) client? Yes, I know I’ll need to enable L2TP VPN as well as our current PPTP for it to work properly.

I might add that one implementation of any solution we are seeking will be to allow users to go home with their MacBooks, log onto their home DSL broadband via Airport, and then plug in the VOIP-capable handsets our new phone system came with to the ethernet jack. The vendors are offering us expensive “VPN boxes” to do this but I am banking on this as a software solution.

Thanks!

[masterofdesaster]

Hi!
Have you found a way to solve that problem?
My situation is quite similar. Except I have a dumb hardwired-device that can’t PPTP to my office.
Hope you got help/can help!
Bye, Rudi

[masterofdesaster]

Hi!
Using a router isn’s possible.
Here in Austria you are forced to establish a VPN via PPTP with most providers when using (A)DSL.
So when you have a router – like I do – you already have a vpn/pptp tunnel running from the router to the provider. No router is able to establish a pptp-tunnel within a pptp-tunnel.
The “second” tunnel hast to be established from the client side.
Bye, Rudi

[QUOTE][u]Quote by: MacTroll[/u][p]There isn’t going to be any way in the GUI to share a VPN inteface over NAT.

Enabling NAT by hand would do this. You could also do a site-to-site vpn.

However, I think your best bet by far would be to by a few cheap Linksys/DLink routers that have VPN server/client capacity. This way you can do site-to-site without having to do any work on the clients.[/p][/QUOTE]

[baliset]

I was hoping that there might be a way under Leopard now to do this. If there isn’t a direct way, perhaps there is a GUI utility to assist making the manual changes to the routing tables to enable a computer connected to (say) home broadband via Airport, and then logs in to a VPN server, and then enables internet connection sharing through to the ethernet socket, so that it’s the VPN connection that’s being shared rather than just the “regular” internet connection.

Can anyone help?

[Author]

Posts