[Anonymous]

I am having the same problem here. Ive set up the VPN server on Mac OS X Server 10.2.6 and can connect to it fine from my home cable modem and a dialup connection. I can connect to any IP based service on the entire network here at work EXCEPT for the services offered on the VPN server itself.

Even when simply trying to SSH into the VPN server, I can see that my packets are actually routed accross the Internet and not through the VPN tunnel…

Any ideas?

[Anonymous]

sorry people didn’t look at the bottom of the page there is allready a topic on this
grtz
mbtoys

[Anonymous]

Idd i got that far as well but i really cant find any clear explanation about the GUI login system of mac os X.

[Anonymous]

So the lack of reverse records could be slowing down the client machines that much?

[Anonymous]

Actually if u can use samba to do the login it works fine but the question is does de login system of mac os X use pam or does it use something else if so where can if find the pam thing? cause at the moment thats a secret for me…
someone who can help me?

[Anonymous]

The load on the wireless network is medium. We have 120+ iBooks, 5 Powerbooks and 11 PC laptops. We have 12 Apple Airport Extremes and 5 Cisco 350 Aironets. All Cisco/Apple antennas are on 100baseT connections directly to the central switches, where fiber connects them to our ISP. Each access point is channeled at least 3 channels apart from one another. Where the Aironets and Airports are close in proximity, I have interference robustness turned on. All are on a multicast rate of 2mbps. Same SSID and WEP key.

The school is a medium sized elementary school. 24 classrooms, three floors, with solid masonry and brick construction. That has posed some issues that we’ve alleviated by moving access points around to centralized locations. With local logins to client machines, network connections fly. Networked logins are the problem.

[Anonymous]

thanks. i have isolated one problem with the wireless connectivity today. i had 20 ibooks set up in a classroom with ridiculous network login times- sometimes 6 minutes+ half of the machines were connecting to one cisco 350 aironet channeled on 3, the other half were connecting to an airport extreme in one room over, channel 6. same hidden SSID and 128-bit encryption key. just out of curiousity, i unplugged the cisco antenna. i restarted the iBooks to get a fresh connection and BOOM- they are flying. logins in less than a minute. i swapped the aironet with another. same configuration. on restart, same problem. so for now the aironets are unplugged. is there some science we could be missing with the config? is cisco’s 802.11b standard really the standard? in other parts of the school where there are only cisco aironets- the problem doesn’t exist. so there is some kind of conflict between airport extreme and cisco aironet protocols perhaps?

the clients are all binding with the netinfo parent with a static IP.

i will dig tomorrow to make sure the DNS is reverse/forward. thanks for the tip.

[Anonymous]

I think I’m going to need step by step instructions for that. I looked at that yesterday and felt I was probably in the right place but just didn’t see what I would need to do to make it work.

[Anonymous]

Sorry, found it – always check the man-pages..

; )

[Anonymous]

Thats were i got stuck, how do i delete the items that find found?

Thx.

[Anonymous]

Hi. I would like to sync two server at night at diffrent location.

Thx.

[Anonymous]

I’m trying to accomplish the IPSec over wireless using a Netgear Wireless Access Point.

Following the instructions, I am able to connect (as best I can tell — Racoon does not report any errors), but I cannot go anywhere beyond the host computer (for clarity, I’ll call it “Biggie” too). I can ping Biggie’s second Ethernet adapter’s IP address and Biggie’s primary Ethernet adapter’s IP address, but nowhere past that.

If I disconnect Racoon and clear the keys, I am able to surf anywhere.

This seems to be something wrong with the routing table, I guess. I’m using Apple’s built-in Internet Connection Sharing to share the built-in Ethernet connection with the secondary Ethernet connection and deliver DHCP addresses.

-Aaron-

[Anonymous]

Hmmm, I’m currently trying to use VaporSec 1.0 for remote access into a Netgear 328 firmware vers 1.4 whithout much success. The log on the 328 always reports:-

[04:52:40][==== IKE PHASE 1(from *.*.*.*) START (responder) ====]
[04:52:40]**** RECEIVED FIRST MESSAGE OF AGGR MODE ****
[04:52:40]<POLICY: > PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID
[04:52:40]SENDING NOTIFY MSG:INVALID_ID_INFORMATION
[04:52:40]**** SENT OUT INFORMATIONAL EXCHANGE MESSAGE(NOTIFY_PAYLOAD) ****

Thus no VPN tunnel is created.
NB IP address was blanked for security reasons

I’ll list the configurations I have for both the 328 and VaporSec

328 Config

IKE config
Policy name: macremtest
Direction/type: Remote Access
Exchange Mode: Aggresive
Local ID: netgear
Remote ID: mac
Encrption Algo: 3DES
Auth Algo: MD5
Auth Method: Pre-shared key
DH Group:1
SA Lifetime 180secs

VPN config
Policy Name: macremtest
IKE policy: macremtest (matches the above IKE policy)
Remote VPN endpoint: 0.0.0.0
SA life Time: 300 secs
IPSec PFS: Not enabled
Local IP: Any
Remote IP: Any
AH Configuration: Not enabled
ESP Encryption: Enabled – DES
ESP Authentication: Enabled – MD5

VaporSec Config

Main
Shared Secret ************
Local IP: Blank
Mode: Aggressive
Proposal Check: Obey
Nonce size: 16

Phase1
Lifetime 180 secs
DH Group: 1
Encryption: 3des
Authentication: md5

Phase2
Lifetime 300 seconds
PFS Group: none
Encryption: des
Authentication: hmac_md5

ID
Local: mac
remote: netgear

Sorry about the length but, as I know, I’ll only get a solution if people can actually see my configuration. Hopefully someone could shed some light on what’s going wrong, or, offer an alternative config

Incidently a demo copy of VPNtracker was able to hook in whithout problem so I’m sure it’s just a config issue with the VapourSec/328 combo

many thanks

Andy

[Anonymous]

interesting…

is the “backwards proxy” replicated somehow to avoid a single point of failure?

is there someway to drop dead servers out of the loop?

does that method involve application level processing of the data coming from the servers?

are you going to tell me to RTFM?

should I go work on this as an article?

[Anonymous]

Stupid question im sure but when u say clone do u mean the whole contents of the server/client or only the info in netinfo? Im looking for a cloning procedure for contents cloning to two server..

Thx.

[Author]

Posts