Skip navigation

Lion Server VPN Service/Class C IPs/Bonjour

2044 Views 8 Replies Latest reply: Jan 3, 2013 2:10 AM by wedebugyou.com RSS
nathanspry Calculating status...
Currently Being Moderated
Jun 25, 2012 1:12 PM

In order to deploy Lion Server's VPN service, you obviously are required to enter an IP range to assign. We are running a standard class C network here, with systems running on 192.168.1.x. The problem is that if a user is accessing the VPN from a remote location that also uses the same IP scheme, then they won't be able to connect. Is there a simple way to deal with this? Is the only way to fix the problem to re-assign every IP address on our network a more unique address scheme? We have a large network and that would be unwieldy.

 

Also, will it be possible to use Bonjour over the VPN? We want to be able to share network resources as if the user was physically connected to our LAN.

 

Thanks in advance for your answers!

Mac Pro, Mac OS X (10.7.3), Server
  • marksv Level 1 Level 1 (105 points)
    Currently Being Moderated
    Jun 25, 2012 2:48 PM (in response to nathanspry)

    When ever I setup VPN I always put the VPN host address range to something like 192.168.252.x.  Highly unlikely there will be a conflict with the local subnet like that

  • Linc Davis Level 10 Level 10 (108,150 points)
    Currently Being Moderated
    Jun 25, 2012 3:26 PM (in response to nathanspry)

    Also, will it be possible to use Bonjour over the VPN?

     

    Bonjour doesn't work over a routed connection. You would need to use something like this:

     

    Slinkware

  • Camelot Level 8 Level 8 (45,680 points)
    Currently Being Moderated
    Jun 25, 2012 10:14 PM (in response to Linc Davis)

    Bonjour doesn't work over a routed connection

    actually, it does - or, at least, can do. It's called Wide-area bonjour, and it takes additional configuration on the server to make it work. Personally, I know of no one that's actually gone through the pain and hassle, but it is doable if you so desire. A quick google for 'wide area bonjour' for more details.

  • Linc Davis Level 10 Level 10 (108,150 points)
    Currently Being Moderated
    Jun 25, 2012 10:39 PM (in response to Camelot)

    I know what Wide-Area Bonjour is. It has nothing to do with the OP's question. He's asking for an mDNS reflector, which is what the Slinkware product is.

  • Camelot Level 8 Level 8 (45,680 points)
    Currently Being Moderated
    Jun 25, 2012 11:02 PM (in response to Linc Davis)

    I know what Wide-Area Bonjour is. It has nothing to do with the OP's question

     

    Actually, it does - it directly relates to the second part of the original question. In either case I was commenting as much on your (mis)statement about bonjour as the original post.

     

    That said, Slinkware might provide a neater solution to the wider problem of IP address conflicts, although that's not as easy to deploy on a broad basis.

  • Linc Davis Level 10 Level 10 (108,150 points)
    Currently Being Moderated
    Jun 25, 2012 11:36 PM (in response to Camelot)

    I was commenting as much on your (mis)statement about bonjour...

     

    I made no misstatement about Bonjour.

  • Kiwi Graham Level 4 Level 4 (1,850 points)
    Currently Being Moderated
    Sep 7, 2012 9:19 PM (in response to Linc Davis)

    Linc Davis wrote:

     

    Also, will it be possible to use Bonjour over the VPN?

     

    Bonjour doesn't work over a routed connection. You would need to use something like this:

     

    Slinkware

    Thanks for this link Linc. From descriptions and reviews it sounds like exactly what I was looking for to propagate Bonjour service discovery to a remote Mac. Being a little naive I had set up an OS X Server VPN expecting Bonjour to "just work" once a remote Mac connected!

    In particular the Slinkware web site has a detailed description on how to set up certificate authentication which improves security (geeky but very well detailed).

  • wedebugyou.com Calculating status...
    Currently Being Moderated
    Jan 3, 2013 2:10 AM (in response to Kiwi Graham)

    You can use a "bridge" vpn instead of a "routed" vpn.

     

    The advantage is that all your "bonjour" services will work without any modification of DNS.

     

    Openvpn do it and here is a guide on how to set it up.

     

    Cheers

     

    Jean

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.