Home Forums OS X Server and Client Discussion Questions and Answers s2svpnadmin and Netgear FVS318

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • May 31, 2005 at 9:55 am #361833
    Anonymous
    Guest

    Hi all

    Need some help with Tiger server and the s2svpnadmin command line tool. I have two sites which have been linked by 2 Netgear FVS318 routers but I would like to have the Tiger Server running all VPNs in the main office with a site to site vpn to the branch office. I have looked at s2svpnadmin and racoon but I unable to configure this. Has anyone had any experience with racoon or s2svpnadmin?

    June 14, 2005 at 9:23 am #361977
    Anonymous
    Guest

    As it is a branch office a Tiger server would be an overkill. it would be nice if the Tiger server would talk to the FVS318.

    I am able to get phase 1 to est but not phase 2. I’ll just have to keep on working with racoon.

    July 13, 2005 at 3:32 pm #362310
    jdeagles
    Participant

    I have managed to get the connection working (though I have just broken it again, hence why I’m looking on here.

    We have Mk1 FVS318s so it might be a bit different for you.

    What you need to do is set the FVS318 as follows:

    connection name: whatever you like
    local ipsec identifier: FVS318 public address
    remote ipsec identifier: OSX public address

    local and remote LAN addresses: as yours are, though you might have to set "single machine" for the remote stuffeven though it isn’t. My setup wouldn’t get past P2 unless you did, until I upgraded to 10.4.2.

    remote WAN ip: osx public address

    secure association: Aggressive Mode
    perfect forward secrecy: disabled
    encryption protocol: 3DES
    key group: Diffie-Hellman group 2
    pre-shared key: whatever you like. Nice and long and random.

    the s2svpnadmin side of things should be fairly straightforward from there. make sure both networks are /24 and the osx isn’t /32 even if you set it like that on the FVS318. Seems to be a quirk of the thing.

    Well its probably about a month too late for you but it might save some other poor sod pulling their hair out on this one.

    September 20, 2005 at 8:44 pm #363321
    OD Master
    Participant

    Hi,

    sounds like you got this working site-to-site with Tiger Server on both ends as well?

    I’m trying to get this working, following Apple’s setup example in the Network Services manual as closely as possible.

    Both servers are running on static public IPs and client dial-in into both networks works fine via L2TP.
    I’ve set this up on many sites and haven’t had any troubles with that so far. But the new site-to-site feature is a different beast…

    I set up the Firewall rules as outline in the docs, but I have the feeling that there’s something missing.

    Any notes you’d like to add to Apple’s example?

    TIA,
    Norbert

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.