OSX Server & VPN

Mr. Flibble · 17-07-2006 2:00am #1

I would like to be able to access my home network from accross the internet. One of the computers on my home network is running OSX Server. Can someone tell me if the VPN option is what I am looking for to do this? By setting up a VPN on it will I be able to access all my home network thru the OSX server, from osx and windows computers?

If so, anyone know how to set up VPN on OSX?..

ZENER · 17-07-2006 6:02pm

Use the Internet Connect in the Applications folder of the OS X client.

From the finder click on the help menu and just enter "vpn", the first topic will guide you.

If you don't have a fixed ip address on the internet then something like dyndns.com might be useful.

ZEN

Mr. Flibble · 17-07-2006 6:34pm

ZENER wrote:

Use the Internet Connect in the Applications folder of the OS X client.

From the finder click on the help menu and just enter "vpn", the first topic will guide you.

If you don't have a fixed ip address on the internet then something like dyndns.com might be useful.

ZEN

Is this what I would use to connect to the VPN?
Do you know how I actually set up the VPN, on the server side?

ZENER · 17-07-2006 10:40pm

I've been planning for a while to make use of this but until now I haven't any first hand experience with it.

The internet connect utility allows you to configure the client i.e. Mac OS X 10.4 to talk to the server i.e. Mac OS X 10.4 Server via an encrypted link over the internet or any network.

The online pdf manual for Tiger Server explains the process pretty well.

All the docs you'll need are here. If you don't already have them.

I'm not being smart and trying to fob you off here, I genuinely haven't set it up so I'm in the same position as yourself, still learning.

ZEN

Mr. Flibble · 17-07-2006 10:46pm

ZENER wrote:

I'm not being smart and tring to fob you off here, I genuinely haven't set it up so I'm in the same position as yourself, still learning.

ZEN

Not at all, thanks alot for your help. I'll have a look at that info you posted and let you know how I get on.

Do you happen to know if there is a free windows client which I could use to connect to it if I get it set up.?

ZENER · 17-07-2006 10:53pm

It's pretty much all built in just like OS X - this page explains how it's done with Windows XP. Seems straight forward enough in as much there is no additional software required.

ZEN

Mr. Flibble · 17-07-2006 11:21pm

Configuring Additional Network Settings for VPN Clients
When a user connects in to your server through VPN, that user is given an IP address
from your allocated range. This range is not served by a DHCP server, so you’ll need to
configure additional network settings. These setting include the network mask, DNS
address, and search domains.
To configure addition network settings:
1 In Server Admin, choose the VPN Service from the Computers & Services list.
2 Click Settings.
3 Select the Client Information tab.
4 Enter the IP address of the DNS server.
5 Enter any search domains, as needed.
6 Click Save.

If you try to set it up and get to this step let me know if you have a clue what it means. The DNS service is off on my server....do you know if it must be enabled..?

ZENER · 17-07-2006 11:46pm

AFAIK you treat VPN clients like you would a local machine connecting to your server. That is you must provide it with an IP address and the ability to find its way around your network.

This implies DHCP, but these VPN clients do not get their info from the local DHCP service. Instead you enter this info in the panel under the protocol you intend to use, i.e. L2TP or PPTP. These both have fields in which to enter an IP range available to VPN clients. It's important that the addresses you allocate here do not conflict with the range you offer local clients through DHCP services or enter as fixed addresses but they must be on the same network.

For example:

Local DHCP services may allocate addresses to local clients from the range:
10.0.0.2 to 10.0.0.100

This means that in your PPTP adress range window you cannot offer these addresses to VPN clients but the addresses you do offer must be on the same network so:

In the PPTP address range you could enter, say:
Begin: 10.0.0.101
End: 10.0.0.140

This is important because you don't want 2 clients with the same IP address.

The DNS servers it's requesting are basically the same ones that all the other clients use, not necassarily the local DNS service. The search domain would be needed if the machine was part of a domain. I'm not too clear on this part but I'm guessing that if you called your network mydomain.loc then clients would be called <client1>.mydomain.loc etc. so for a VPN client to search the local network using DNS for a client then it needs to know what to append to the clients name - I think. If you don't have DNS enabled then I don't think this field is required.

Think of a VPN client as just another computer connected to your network, it needs to know about the network in order to take part in it. Instead of being connected via a standard CAT5 cable though, it's connected via an encrypted link.

Hope this makes sense, and please - everyone - feel free to correct anything here. As I said I've not actually tried this yet.

ZEN

Mr. Flibble · 18-07-2006 1:18am

Ok. As is, the osx server doesn't serve addresses to any computers on my network. It is connected to a hardware router along with the rest of my computers.

So for step 4 'Enter the IP address of the DNS server' I should enter the same info as I have for my other computers connected to the network - ie the router's IP address...

Mr. Flibble · 18-07-2006 1:42am

So far I'e managed to get a windows client to connect to the vpn server and get an address, but thats about all it does. When I do it the internet connection goes down on the windows computer but it can still access stuff on the network which I don't quite get. It still seems to be accessing the network thru the usual connection - not thru the vpn.

Think I'll have to actually connect thru the net to the vpn, not a local connection so I can see clearly what is happining.

ZENER · 18-07-2006 10:14pm

The DNS server address is probably ok as you said but I think it needs to connect from outside your network to work fully. Try getting the windows box to use a dial up connection. Guessing again but I reckon there will probably need to be some form of user account set up on the server to allow access to the network. The OS X Server manuals I linked to above should explain more. I'm just about at the limit of my knowledge now I'm afraid. I have a go myself at the weekend and get back to you.

Good luck and remember RTFM !!!

ZEN

Mr. Flibble · 22-08-2006 3:55pm

Alrighty. I've managed to get it part working. I can connect to the server and get an IP. I can ping all the computers in the remote network but it disconnects itself after about 2 minutes.

Even when it is connected I cannot use filesharing or the web - but I can still use VNC and MSN Messenger. I guess these services are going straight thru my inet connection and not thru the VPN and the servers inet connection.

If someone can answer this I may be onto something: if I have 2 network connections and therefore two IP addresses on my computer how do I tell windows which one to use for filesharing and web browsing?

OSX Server & VPN

Comments