Home Forums OS X Server and Client Discussion Questions and Answers VPN Routing Issues

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • September 17, 2007 at 6:54 pm #369960
    nonforma
    Participant

    Hi everyone.

    I’m having trouble getting VPN routing to work correctly on server 10.4.10. Remote clients can connect and authenticate fine, however the only internal IP that the clients can communicate with is the one of the actual VPN server. The only complication that I can think of is that we are using a MPLS network where private and public IPs all work on the same LAN. The only other issue was that I had to move the public IP interface above the private IP because VPN was only binding to the private interface. I initially thought it would bind to all available IPs.

    So our internal IPs are on two subnets, 10.216.0.0/16 and 10.217.0.0/16. I have those two networks added as private as well as public IP block as private. When I try to ping anything from a VPN client, it routes properly to the VPN server over the public IP but stops there. The VPN server can ping everything internally just fine. It has one ethernet port with two interfaces, one on the internal and one on the external IPs. I have no idea what’s going on with the routing on the VPN server.

    Thanks!

    September 18, 2007 at 9:20 am #369964
    neilmcg
    Participant

    nonforma, this is not a direct answer – however, we had very similar problems.
    We called in an Apple approved consultant.
    In the end we changed over to a Netgear FVS338 and a Netgear Switch, we use IPSecuritas as the VPN Client + the SSL312 for browser based VPN sessions – now everthing works perfectly well.

    Not overly inpressed with Apple’s VPN solution.

    September 18, 2007 at 5:21 pm #369969
    nonforma
    Participant

    [QUOTE][u]Quote by: MacTroll[/u][p]Have you enabled IP Forwarding on the VPN server?

    sysctl net.inet.ip.forwarding=1

    If memory serves.[/p][/QUOTE]

    I initially tried that using the server admin gui, both as just IP forwarding and both that and NAT. I just tried doing it via command line and no luck either.

    At this point I’m thinking it has something to do with our MPLS network. Our ISP, who engineered the MPLS, is currently looking into the issue. They think it may be that the packets are making it out successfully but the MPLS router doesn’t know how to route them back in due to lack of the MPLS header. Later today I’m going to try to do some routing while they watch so we can see exactly what the packets are doing.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.