0 Replies Latest reply: Nov 16, 2012 5:35 PM by ElvisVelea
ElvisVelea Level 1 Level 1 (0 points)

Hi,

 

I have a weird setup, hope that will attract more people to help me troubleshoot this problem

 

I want to use my mac mini server as a gateway for a secondary network that would be behind a VPN.

 

The setup is like this:

 

1. Cable modem offers me a public IP address

2. Time machine is connected to the cable modem and creates a wired+wireless network (W-1) -> gives out private IP addresses from 10.0.1.0/24

3. Mac mini server connects over wireless (5Ghz) to the time machine and receives 10.0.1.14

     - the mac mini server also connects to a PPTP VPN which gives me a public IP address

     - in order to preserve some kind of privacy, I've named the IP address of the VPN server (Server address) as VPN_SERVER and the public IP I receive from the VPN server as VPN_IP

    - to the PPTP endpoint a /27 subnet (SUBNET) is routed

     - the mac mini server runs DHCP and DNS services (for now) ; the DHCP server offers IP addresses from SUBNET to the airport express below

4. Airport express connects to the mac mini over ethernet and bridges that connection creating a second wired + wireless network W-2

clients behind W-2 get IPs from SUBNET

 

the problem that I have is that I can not get the mac mini server to forward the packets it receives from ethernet to the VPN server or the other way around

 

here is my ifconfig -a:

 

(en0 is ethernet, en1 is wifi)

 

server:~ root# ifconfig -a

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

          options=3<RXCSUM,TXCSUM>

          inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

          inet 127.0.0.1 netmask 0xff000000

          inet6 ::1 prefixlen 128

gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

          options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>

          ether c8:2a:14:20:c6:5f

          inet SUBNET.225 netmask 0xffffffe0 broadcast SUBNET.255

          media: autoselect (1000baseT <full-duplex,flow-control>)

          status: active

en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

          ether 10:9a:dd:c2:51:1c

          inet6 fe80::129a:ddff:fec2:511c%en1 prefixlen 64 scopeid 0x5

          inet 10.0.1.14 netmask 0xffffff00 broadcast 10.0.1.255

          media: autoselect

          status: active

fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078

          lladdr 70:cd:60:ff:fe:6c:fc:d8

          media: autoselect <full-duplex>

          status: inactive

p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304

          ether 02:9a:dd:c2:51:1c

          media: autoselect

          status: inactive

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1444

          inet VPN_IP --> VPN_SERVER netmask 0xff000000

 

here is also netstat -arn

 

server:~ root# netstat -arn

Routing tables

 

 

Internet:

Destination        Gateway            Flags        Refs      Use   Netif Expire

default  VPN_SERVER         UGSc           40        0    ppp0

default            link#4             UCSI            0        0     en0

default            10.0.1.1           UGScI           3        0     en1

8.8.8.8  VPN_SERVER         UGHWIi          1      100    ppp0

10.0.1/24          link#5             UCS             5        0     en1

10.0.1.1           70:56:81:c7:37:77  UHLWIir         5      293     en1   1184

10.0.1.255         ff:ff:ff:ff:ff:ff  UHLWbI          0       31     en1

17.72.255.12   VPN_SERVER    UGHWIi          1        6    ppp0

23.14.211.205   VPN_SERVER  UGHW3Ii         0      121    ppp0   3175

SUBNET/27        link#4             UCS             3        0     en0

1ST-IP_SUBNET     127.0.0.1    UHS             0        0     lo0

SUBNET.255     ff:ff:ff:ff:ff:ff  UHLWbI          0       25     en0

[...]

127                127.0.0.1          UCS             0        0     lo0

127.0.0.1          127.0.0.1        UH              2     4104     lo0

 

 

 

Internet6:

Destination                             Gateway                         Flags         Netif Expire

::1                                     link#1                          UHL             lo0

fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0

fe80::1%lo0                             link#1                          UHLI            lo0

fe80::%en1/64                           link#5                          UCI             en1

fe80::129a:ddff:fec2:511c%en1           10:9a:dd:c2:51:1c               UHLI            lo0

ff01::%lo0/32                           fe80::1%lo0                     UmCI            lo0

ff01::%en1/32                           link#5                          UmCI            en1

ff02::%lo0/32                           fe80::1%lo0                     UmCI            lo0

ff02::%en1/32                           link#5                          UmCI            en1

ff02::fb%en1                            link#5                          UHmW3I          en1   3406

 

I've tried changing the MTU of the interfaces on the mac mini and also changing the MTU of the tunnel, having all three with the same MTU did not solve the problem.

 

I've also tried the internet sharing option between the VPN and the ethernet and also between the wifi and ethernet, the result is the same.

 

I also tried to changed the order of the interfaces by setting the service order, none of the combinations worked (VPN,ethernet,WiFi/ VPN,WiFi,ethernet/ ethernet/VPN/WiFi, etc)

 

IPFORWARDING is YES in /etc/hostconfig

 

$ sysctl -a |grep forw

net.inet.ip.forwarding: 1

 

does anyone have a clue what I am doing wrong?

 

thanks,

elvis


Mac mini, OS X Server