Skip navigation

Lion Server VPN

6839 Views 23 Replies Latest reply: Jun 12, 2012 4:05 AM by LLange RSS
  • LinkNS Calculating status...
    Currently Being Moderated
    Sep 12, 2011 9:57 AM (in response to collinssolutions)

    On my VPN server, which is also the DNS server, I have a Primary Zone setup similar to the following.  My server is named "servera", a second named "serverb", and my domain is "mydomain.local":







    The reverse zones are created automatically.


    Under settings, I make sure I have the proper forwarders.  In my case it is the DNS servers for my ISP.

  • LinkNS Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 12, 2011 4:09 PM (in response to collinssolutions)

    Hmm.  I would delete the zone and start from scratch.  Don't forget to restart your DNS and VPN services.

  • edljedi Calculating status...
    Currently Being Moderated
    Sep 12, 2011 5:27 PM (in response to LinkNS)

    Hrm. For me I had imported my settings from my 10.4 Server disk. Perhaps there was some residual junk causing issues but I would hope that the importer would have brought everything in ok. Does anyone know of a tool that would validate the DNS settings and potentially catch issues with DNS that could cause VPN issues/

  • SvenWHD Calculating status...
    Currently Being Moderated
    Sep 18, 2011 1:42 PM (in response to collinssolutions)

    I have no idea if this might be the same problem on 10.7, but anyway:


    I had the same problem in 10.6 Server and I solved it by switching IP addresses between the real interface and the virtual/alias interface I created specifically for the VPN. When trying to connect to the IP of the real interface, everything worked without a problem.

  • egbertfromkingston Calculating status...
    Currently Being Moderated
    Sep 19, 2011 12:07 PM (in response to LinkNS)

    Hi I am new to setting up servers and only do it for fun with alot of trial and error. Can you tell me if it is necessary to setup the DNS server under services in order to use the VPN function?

  • MAkahane Calculating status...
    Currently Being Moderated
    Sep 19, 2011 1:34 PM (in response to egbertfromkingston)

    egbert, simply you should is an easy answer.


    First of all, read Hoffman, on DNS server setup:


    Then view some Lynda video, google "lynda mac os x dns"


    Simplify things as much as possible to test the functionality.



    Server DNS

         vpn     A     local IP of VPN server (ie whatever internal IP

         (other stuff, etc.) For example, if your server's name is you should have the same here:

         server     A     local IP of server


    Domain (provider?) DNS

         vpn     A     public static IP to your server


    In this, you should be able to use the same server name in the VPN client to reach the same place, internally and externally. Your DNS will let your client know the easiest direction to go.


    Additionally, your firewall/router/gateway should have passthrough or the necessary ports NATing to the server for outside connections. Hopefully internal IP is also static (just in case the server fails to maintain it as well, which it should). Your VPN is either doing PPTP or L2TP/IPSec. The range of IP is really not that important (as long as it is free). The VPN service is reliant on the directory services (user management) to have some understanding of the username/password it will be given by your client to server. This can be OD or a standalone, but this needs to be there. If there are issues (some accounts are okay, some are not) please look at the logs for VPN and the OD logs for clues. Many typical problems have been well documented from previous versions.

  • Mark23 Calculating status...
    Currently Being Moderated
    Mar 12, 2012 6:12 AM (in response to collinssolutions)

    To get VPN working on Lion Server, please follow this guide:


  • LLange Calculating status...
    Currently Being Moderated
    Jun 12, 2012 4:05 AM (in response to edljedi)

    Using existing Open Directory instances

    Open Directory instances created prior to Lion Server v10.7.3 will need their password policy modified to allow PPTP connections. Use the following command:

    pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"

    • Replace "(vpn_idname)" with the short name of the VPN key agent user, found in or WorkGroup Manager. Choose View > Show System Accounts/Records to make that record visible.
    • Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" is the default name the system uses.


1 2 Previous Next


More Like This

  • Retrieving data ...

Bookmarked By (3)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.