[skrimfid]

Anyone home?

[skrimfid]

Thanks Joel, I’ll try it out.

Matthew

[skrimfid]

I find it kind of ironic that Server has a built in tool to do just what your recommending against. I mean if VPN and NAT on the same box is a bad idea, why make the Gateway Setup Assistant to help set that up? Or at the very least it should issue a warning or put something in the documentation suggesting an alternate solution. My thinking anyway (for what little that is worth (certainly much less than 2 cents)).

Matthew

[skrimfid]

Well I’m setting this up for a client and they only have the one system to run server on and only a single static IP. The funny thing is I’ve set this up successfully twice before and its working a-okay! Anything you can point me to would be appreciated.

Thanks!

[skrimfid]

Any thoughts on this issue Joel?

[skrimfid]

>NAT really complicates this.

Is it not recommended to run NAT on a VPN server?

>What’s the IP that the client is getting?

The client is getting an IP from the pool I assigned in Server Admin, 10.0.1.200-10.0.1.229. This pool is not in the DHCP pool or in the static assigned IP address.

What’s the rout table on the client?
Routing table from my system while connected to the VPN:

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 24.73.209.222 UGSc 14 15 ppp0
10.0.1/24 ppp0 USc 1 0 ppp0
24.73.209.222 192.168.75.254 UGHS 2321 2311 en1
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 5 1445 lo0
169.254 link#6 UCS 0 0 en1
192.168.36 link#8 UC 1 0 vmnet1
192.168.36.255 link#8 UHLWb 0 34 vmnet1
192.168.74/23 link#6 UCS 13 0 en1
192.168.74.51 0:17:f2:2:12:9 UHLW 0 208 en1 1111
192.168.74.53 0:1e:c2:3c:10:e6 UHLW 0 0 en1 724
192.168.74.85 0:16:17:7e:21:2c UHLW 0 0 en1 971
192.168.74.100 0:1e:c2:45:a1:33 UHLW 0 0 en1 1098
192.168.74.114 0:1e:c2:42:b5:6d UHLW 0 0 en1 859
192.168.74.115 127.0.0.1 UHS 0 0 lo0
192.168.74.120 0:19:db:c8:91:a1 UHLW 0 0 en1 992
192.168.74.123 0:1e:c2:3b:72:4f UHLW 0 0 en1 431
192.168.74.125 0:a0:d1:bd:46:5 UHLW 0 0 en1 1169
192.168.74.129 0:e:35:fe:e4:39 UHLW 0 0 en1 1169
192.168.74.131 0:1c:c4:d2:11:47 UHLW 0 0 en1 702
192.168.75.149 0:17:a4:f0:d6:87 UHLW 0 420 en1 1089
192.168.75.254 0:8:e3:38:ce:7 UHLW 2 63 en1 1198
192.168.75.255 link#6 UHLWb 0 34 en1
192.168.185 link#7 UC 1 0 vmnet8
192.168.185.255 link#7 UHLWb 0 34 vmnet8

Internet6:
Destination Gateway Flags Netif Expire
::1 link#1 UHL lo0
fd02:2b88:295e:b704:21e:c2ff:fe19:bb16 link#1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
ff01::/32 ::1 U lo0
ff02::/32 fe80::1%lo0 UC lo0

Routing table from the server while I’m connected:

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 24.73.209.221 UGSc 60 56645 en0
10.0.1/24 link#5 UCS 5 0 en2
10.0.1.1 127.0.0.1 UHS 0 0 lo0
10.0.1.2 0:1e:52:f6:3e:e8 UHLW 1 16 en2 1014
10.0.1.11 0:1f:5b:ee:5e:42 UHLW 0 56 en2 986
10.0.1.109 0:c:6e:67:34:16 UHLW 0 71 en2 1097
10.0.1.110 0:b:db:d6:e9:b9 UHLW 0 72 en2 1171
10.0.1.203 24.73.209.222 UH 3 4291 ppp0
10.0.1.203 0:1f:5b:fe:9b:f6 UHLS2 0 0 en2
10.0.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 5 en2
24.73.209.220/30 link#4 UCS 3 0 en0
24.73.209.221 0:1c:26:2:3e:6e UHLW 51 0 en0 1190
24.73.209.222 127.0.0.1 UHS 4 1622 lo0
24.73.209.223 ff:ff:ff:ff:ff:ff UHLWb 0 18 en0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 3 59226 lo0
169.254 link#4 UCS 0 0 en0

Internet6:
Destination Gateway Flags Netif Expire
::1 link#1 UHL lo0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
ff01::/32 ::1 U lo0
ff02::/32 fe80::1%lo0 UC lo0

Have you specified any route statements on the VPN server for internal or external subnets?

Only in Server admin for the VPN Network Routing Definition: 10.0.1.0 255.255.255.0 Private

Thanks for your help Joel.

Matthew

[Author]

Posts