[neilmcg]

Excellent – I’ll try your work around/addition.

[neilmcg]

Do be honest – I have long given-up on using the VPN server in OS X – the best solution was the buy a Netgear FVS338 and access it through IPSecuritas.
I’ve found the speed and reliability flawless.

You can also connect it to LDAP/Radius if you want to tie access into your user accounts.

[neilmcg]

I have also been trying get this working – without success.
My struggles to get an elegant solution for mDNS over VPN tunnels have going since afp548 ran an article on mTunnel [url]https://www.afp548.com/forum/viewtopic.php?showtopic=3501[/url]
The original trouble being multicast/unicast over a VPN tunnel.

If you follow the background information on [url]http://www.dns-sd.org/ServerSetup.html[/url] about gettting wide-area Bonjour running with DNS, you notice the need for a shared secret (The documentation relates from the period of Tiger).
Leopard Server as meant to roll all this in – for a simple implemetation.
I am reluctant to start editing the dns conf from the command line – given that the Server Admin GUI then does not reflect the changes (read this on afp548, I think..).

To further confuse – if you access help from within Server Admin – you get information about setting up wide-area bonjour, telling you amongst other things, to input user/shared secret info – but the GUI does not match the documentation.

I posted on the Apple Forum last week about this [url]http://discussions.apple.com/thread.jspa?threadID=1820976&tstart=15[/url]
And also on the Bonjour mailing list. I got an answer from Marc Krochmal (Apple).

It turns out that the Server Admin GUI and/or wide-area Bonjour implementation was not completed in time for 10.5 Server GM – and has not been resolved/updated in subsequent updates.

From a GUI perspective, I had found using DNS Enabler from cutedgesoftware was actually easier to use than the Tiger Server DNS GUI (forwards, etc).

All-in-all very disappointing – I have a feeling of dread that I’ll have to fork over $999/server for Snow Leopard to get a working solution…

[neilmcg]

nonforma, this is not a direct answer – however, we had very similar problems.
We called in an Apple approved consultant.
In the end we changed over to a Netgear FVS338 and a Netgear Switch, we use IPSecuritas as the VPN Client + the SSL312 for browser based VPN sessions – now everthing works perfectly well.

Not overly inpressed with Apple’s VPN solution.

[neilmcg]

I’m writing this as a follow-up to my own message. I did not really find many hints on the web, so –
After a lot of experimenting (head scratching), I have successfully got it running for both dial-up and DSL based clients.
It only validates that it is running as a test, the firewall is not yet enabled or any services added or ID Certificates implemented.
Here is how I managed it.

(I did not use the Gateway Assistant, it wants to make the Server the DHCP and NAT.)
The Netgear router is acting as (a) DHCP & NAT, with address 192.168.1.1 (b) it is assigning addresses in the range of 192.168.1.10 -> 192.168.1.100

Netgear firmware version is upto date at 1.0.7_1.0.6

I opened the following ports on the Netgear for port forwarding to the server (I’m going to experiment later, switching them off one-by-one to see it the built-in VPN support claimed by Netgear actually works)

TCP/UDP 500, 1701, 1723, 4500, 10000

1. Firstly under System preferences>Network, I set the Built-in Ethernet to a Manual IP address something like 192.168.1.70
2. I set the PCI Ehernet card to DHCP, it immediately picked up an IP from the Netgear.
3. Using the application “Server Admin” > VPN, I have set the following settings;
Tab >L2TP
Enable L2TP over IPsec
Starting IP Address 192.168.1.101
Ending IP Address 192.168.1.150
PPP Authentication MS-CHAPv2
Enter a Shared Secret
Tab >PPTP (I don’t really want PPTP, but L2TP did not seem to want to work until I enabled PPTP as well – strange)
Enable PPTP
Starting IP Address 192.168.1.101
Ending IP Address 192.168.1.150

Tab > Client Information
DNS Servers 192.168.1.1 (i.e. the Netgear)

4. Start the Service

Now all you have to do is go into “Internet Connect” on your client machine and set up the L2TP connection
(a) Server Address (is your external IP address, not LAN)
(b) Account Name (the admin login for the server, until you add users on the server and appropriate ACL’s)
(c) Password (Admin login password)

An options panel will open and you have to put in the “Shared secret” from step 3.

Now, save the configuration.

Connect.

You should be logged in. If it does not work, try and configure a PPTP session, it will connect, then try the L2TP again, it should now work.

I hope this is of some help. Good Luck

[Author]

Posts