Forum Replies Created

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • in reply to: Wide Area Bonjour #375048
    neilmcg
    Participant

    Excellent – I’ll try your work around/addition.

    in reply to: X.4.2 Server – VPN – Netgear WGR614 / Missing Articles #375041
    neilmcg
    Participant

    Do be honest – I have long given-up on using the VPN server in OS X – the best solution was the buy a Netgear FVS338 and access it through IPSecuritas.
    I’ve found the speed and reliability flawless.

    You can also connect it to LDAP/Radius if you want to tie access into your user accounts.

    in reply to: Wide Area Bonjour #375040
    neilmcg
    Participant

    I have also been trying get this working – without success.
    My struggles to get an elegant solution for mDNS over VPN tunnels have going since afp548 ran an article on mTunnel [url]https://www.afp548.com/forum/viewtopic.php?showtopic=3501[/url]
    The original trouble being multicast/unicast over a VPN tunnel.

    If you follow the background information on [url]http://www.dns-sd.org/ServerSetup.html[/url] about gettting wide-area Bonjour running with DNS, you notice the need for a shared secret (The documentation relates from the period of Tiger).
    Leopard Server as meant to roll all this in – for a simple implemetation.
    I am reluctant to start editing the dns conf from the command line – given that the Server Admin GUI then does not reflect the changes (read this on afp548, I think..).

    To further confuse – if you access help from within Server Admin – you get information about setting up wide-area bonjour, telling you amongst other things, to input user/shared secret info – but the GUI does not match the documentation.

    I posted on the Apple Forum last week about this [url]http://discussions.apple.com/thread.jspa?threadID=1820976&tstart=15[/url]
    And also on the Bonjour mailing list. I got an answer from Marc Krochmal (Apple).

    It turns out that the Server Admin GUI and/or wide-area Bonjour implementation was not completed in time for 10.5 Server GM – and has not been resolved/updated in subsequent updates.

    From a GUI perspective, I had found using DNS Enabler from cutedgesoftware was actually easier to use than the Tiger Server DNS GUI (forwards, etc).

    All-in-all very disappointing – I have a feeling of dread that I’ll have to fork over $999/server for Snow Leopard to get a working solution…

    in reply to: VPN Routing Issues #369964
    neilmcg
    Participant

    nonforma, this is not a direct answer – however, we had very similar problems.
    We called in an Apple approved consultant.
    In the end we changed over to a Netgear FVS338 and a Netgear Switch, we use IPSecuritas as the VPN Client + the SSL312 for browser based VPN sessions – now everthing works perfectly well.

    Not overly inpressed with Apple’s VPN solution.

    neilmcg
    Participant

    I’m writing this as a follow-up to my own message. I did not really find many hints on the web, so –
    After a lot of experimenting (head scratching), I have successfully got it running for both dial-up and DSL based clients.
    It only validates that it is running as a test, the firewall is not yet enabled or any services added or ID Certificates implemented.
    Here is how I managed it.

    (I did not use the Gateway Assistant, it wants to make the Server the DHCP and NAT.)
    The Netgear router is acting as (a) DHCP & NAT, with address 192.168.1.1 (b) it is assigning addresses in the range of 192.168.1.10 -> 192.168.1.100

    Netgear firmware version is upto date at 1.0.7_1.0.6

    I opened the following ports on the Netgear for port forwarding to the server (I’m going to experiment later, switching them off one-by-one to see it the built-in VPN support claimed by Netgear actually works)

    TCP/UDP 500, 1701, 1723, 4500, 10000

    1. Firstly under System preferences>Network, I set the Built-in Ethernet to a Manual IP address something like 192.168.1.70
    2. I set the PCI Ehernet card to DHCP, it immediately picked up an IP from the Netgear.
    3. Using the application “Server Admin” > VPN, I have set the following settings;
    Tab >L2TP
    Enable L2TP over IPsec
    Starting IP Address 192.168.1.101
    Ending IP Address 192.168.1.150
    PPP Authentication MS-CHAPv2
    Enter a Shared Secret
    Tab >PPTP (I don’t really want PPTP, but L2TP did not seem to want to work until I enabled PPTP as well – strange)
    Enable PPTP
    Starting IP Address 192.168.1.101
    Ending IP Address 192.168.1.150

    Tab > Client Information
    DNS Servers 192.168.1.1 (i.e. the Netgear)

    4. Start the Service

    Now all you have to do is go into “Internet Connect” on your client machine and set up the L2TP connection
    (a) Server Address (is your external IP address, not LAN)
    (b) Account Name (the admin login for the server, until you add users on the server and appropriate ACL’s)
    (c) Password (Admin login password)

    An options panel will open and you have to put in the “Shared secret” from step 3.

    Now, save the configuration.

    Connect.

    You should be logged in. If it does not work, try and configure a PPTP session, it will connect, then try the L2TP again, it should now work.

    I hope this is of some help. Good Luck

Viewing 5 posts - 1 through 5 (of 5 total)