Skip navigation

Sharing a VPN folder

2098 Views 4 Replies Latest reply: Mar 14, 2011 7:33 AM by MrHoffman RSS
James Rothschild Level 1 Level 1 (55 points)
Currently Being Moderated
Mar 12, 2011 2:45 AM
Our colleagues in the USA (we are in the UK) have setup a VPN connection for us and when we connect from each single Mac that all works fine.

Problem is that some staff are not as dedicated to clicking the few buttons and settings it takes

Is there a way I can have our OSX 10.6.x Server make the VPN connection, and then for us to share folders of that VPN connection via normal AFP services on our OSX Server?
Mac Pro, Mac OS X (10.6.6)
  • Leif Carlsson Level 5 Level 5 (4,950 points)
    Currently Being Moderated
    Mar 12, 2011 3:20 AM (in response to James Rothschild)
    You can have two OS X servers connect to each others using a site2site VPN connection (there is a CLI tool for that) thus in effect connecting your LANs (or a smaller part of a LAN to an other remote LAN or part of it). But this is usually done better by firewalls/VPN routers. (What routers/firewalls do do you have at each site?)

    Also for the current setup using VPN accounts in a VPN server from behind the same NAT router/gw/firewall (your LAN) will most likely make it hard to allow for more than one simultaneously working VPN connections, the next user connecting will probably kick off the previous/first one.

    Maybe you could have the server connecting like you suggest (using a VPN client) to the other server but to reshare that server folder/share you'd need to use NFS to connect to the remote server and then reshare it using AFP and/or SMB. Or have some (oneway) synchronization going on between the folder on the other server to a shared folder on your local server.

    Neither sounds like a good working solution.

    It also depends on if wether you are supposed to update or add to the info/files available on the remote server or not.
  • MrHoffman Level 6 Level 6 (11,700 points)
    Currently Being Moderated
    Mar 12, 2011 5:16 AM (in response to James Rothschild)
    No question.

    Resolve any overlaps among the respective IP address spaces to avoid subnet collisions, move out of any local use of and, and preferably entirely out of the block, and set up a site-to-site VPN from the firewalls on the edges of the respective networks.

    This involves using firewalls with VPN site-to-site capabilities, and there are commercial and open-source options here.

    The other obvious low-effort alternative is cloud-based storage; it's basically the same as a site-to-site VPN, but now everybody shares with the rotten speed rather than just one site.

    Or something more advanced, such as git or mercurial (Hg) (either of which will be excellent for coordinating online and offline access to the files, including local caching) or (less desirably) periodic rsync, but given your folks are reportedly balking at pushing a few buttons to raise a VPN, using a DVCS might not be the best fit.

    While you're at it here, I'd probably also look at using this site-to-site link for offsite storage of critical resources or backups. Scheduled during off-hours, etc.
  • MrHoffman Level 6 Level 6 (11,700 points)
    Currently Being Moderated
    Mar 14, 2011 7:33 AM (in response to James Rothschild)
    There will be two or more office coming online to share this too.

    Then your problem enbiggens itself by more than double.

    Routers are at all ends are different and not all under my control.

    Sure they are. "You want it to work, you install 'whatever' as your firewall." There are various open-source options and you can load consistent tools into a spare x86 box, or into a dedicated ALIX box or analogous. Managing a hardware menagerie is never fun.

    A Cloud or FTP would be far more user, and IT resources(me), friendly.

    It can be. But two and soon four separate sites means that you or someone you designate is also headed into increasing IT requirements and related issues. Irrespective of the VPNs and clouds here, having consistent tools and deployments in your network means less hassles for you.


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.