OSX Panther L2TP and NAT-T

[Anonymous]

Any news about using a OSX Panther server VPN server behind NAT?

[Anonymous]

I found the solution. First a site that discussed a Windows 2000 server running a L2TP VPN server (MS built-in) behind a MS ISA proxy firewall and then a guy at Apples OS X Server discussion list that had it up and running.

I now let UDP ports 500, 1701 and 4500 through a firewall to the OS X server on the LAN. So I guess NAT-T is the default. No need for settings letting ESP (protocol 50) through.

It seems Apples VPN server is rather similar to/compatible with MS (MS-CHAPv2 and stuff)?

I haven’t tried Windows 2000/XP clients yet though.

The best part of the L2TP VPN solution is that you get an IP from the remote LAN range.

[Anonymous]

“The best part of the L2TP VPN solution is that you get an IP from the remote LAN range. (Leif)”

“This occurs with most any VPN solution.
Joel”

Well, maybe I should have said: “this VPN solution” 😉

I’ve seen some “mentioning” of getting an IP through DHCP from a VPN-server (SonicWall) but never saw a client for Mac that supported it (your Vapor Sec does?). Maybe Cisco PIX Mac client (using L2F/L2TP???) does this too???

ZyXEL ZyWALL doesn’t support it as far as I know. They say they will start supporting L2TP “soon” though…

My point was really that it’s much easier to setup/maintain especially if the network behind the VPN-server is big and you “don’t care” what network the client is connecting from. Much less routing to care about for VPN-clients.

Some of ZyXELs ZyWALLs (I’ve tested ZW 50 and 100 with newer/newest firmware) now let IPSec traffic through even if there is VPN-tunnels configured and active in them. They used to “steal” all IPSec traffic so I had to turn any VPN-tunnel off when testing letting (even L2TP) IPSec traffic through. So both connecting remote offices through “VPN-routing” and clients connecting to OSX Server 10.3.x now works.

Best regards

/Leif

[Author]

Posts