User profile for user: Nathan Zamprogno
Nathan Zamprogno Author
User level: Level 1
26 points

VPN and Internet Connection Sharing? (bridging remote networks)

I'd like to try an experiment and some advice from this list will be useful.
+Summary: Can a Mac with two interfaces activate VPN and Internet sharing simultaneously to bridge two remote networks?+

I've created a PPTP VPN server on our XServe at work and opened the appropriate ports on our firewall. This and a second location are linked with standard (but fast) ADSL broadband. I can log in from both Mac and Windows VPN clients at an external location and indeed the experience is just like being at work- printers, file servers and other resources (eg networked Filemaker databases) are all visible. Yay.

Question: Is it possible to extend this concept further by logging onto our VPN with once interface (eg Airport) +and then+ enabling Internet Sharing through the second interface (eg Ethernet)? Will this allow a small network connected through the second interface to all behave as though they are on the work network, with transparent access to fileservers, printers and so on, without each bothering individually with VPNs and so on? I suspect there are physical boxes that will do this, but it would be wonderful to know if I can get a Mac with two NICs to do the same job, acting as a router between the two networks. Are there any limitations to this? I am happy to tweak under the hood if need be. I just need to know if this is possible, even in theory, and what the limitations might be.

Thanks.

17" Macbook pro, 3 XServes, >200 Macs, Mac OS X (10.4.10)

Posted on Aug 31, 2007 6:58 PM

Reply
5 replies
User profile for user: Nathan Zamprogno
Nathan Zamprogno Author
User level: Level 1
26 points

Aug 31, 2007 10:55 PM in response to Nathan Zamprogno

Further to my previous post, these observations:

If Internet sharing is enabled from Airport to Ethernet, devices on the ethernet port are allocated into the 192.168.2.x range (no problem) but only seem to be able to see the Internet.

No combination of VPN and Sharing enablement seems to "share" the VPN through to the shared connection. Thus, the question remains "how do I share the VPN connection?"

Thanks.
Reply
User profile for user: Jeffrey Lee
Jeffrey Lee
User level: Level 4
2,561 points

Sep 11, 2007 9:32 PM in response to Nathan Zamprogno

Hey Nathan...

My VPN is down at the moment, but I think your going to have to manually configure all of the "clients" who are sharing the VPN to an IP range that your office uses. When you connect to your VPN, check your network prefs, and you'll see the IP addresses assigned to your VPN are similar to your network at the office. So, in a way, your sharing computer has 2 IP addresses... one from your modem or router at home, and one from the VPN server at the office. It's this 2nd IP address that allows you to appear to be on the network at the office.

So, if you can find a way to set up your shared clients the same way.... it might work. It will also be VERY helpful if your IP range at home is different from the IP range at the office....192.168... for one...and 10.0.0 for the other. (Whether traffic will pass thru your "sharing server" is a different matter altogether.)

Now, and I'm really guessing here.. if this works at all... you may be only able to access stuff from the office on your "shared clients" (ie no internet).... the way around that is to set up your VPN to allow VPN clients to pull stuff from the internet from the office thu the VPN... and for the life of me don't remember how that is done. But it will most likely be a bit slow.

I'd start with the basics... setup one client with a manual IP address/router/dns servers, and try to ping a computer at the office. If this works... at least part of your problem is solved.

With all that said... it may not work at all. Good Luck!
Reply
User profile for user: Nathan Zamprogno
Nathan Zamprogno Author
User level: Level 1
26 points

Sep 12, 2007 6:14 PM in response to Nathan Zamprogno

No, I don't think this will work. I am seeking to join two networks and have machines on the second network think that they are on the "main" network. Presumably this means the machines on the second network would have IPs in the same subnet and the Macs acting as the "bridge" (both with two network interfaces, an internal and an external one) do the necessary translation.

I have raised a similar question at afp548 and maybe I have worded it a little better there:

http://www.afp548.com/forum/viewtopic.php?forum=18&showtopic=17983

I have seen various references to a command line utility called s2svpnadmin, but this seems only to work between to OS-X Servers. Ideally, I'd like a regular Mac to act as the router at the remote location. I don't know if s2svpnadmin is the solution (Apple's documentation suggests strongly it is), but does anyone know if it can be added to a regular Mac (10.4) client? Yes, I know I'll need to enable L2TP VPN as well as our current PPTP for it to work properly.

I might add that one implementation of any solution we are seeking will be to allow users to go home with their MacBooks, log onto their home DSL broadband via Airport, and then plug in the VOIP-capable handsets our new phone system came with to the ethernet jack. The vendors are offering us expensive "VPN boxes" to do this but I am banking on this as a software solution.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

VPN and Internet Connection Sharing? (bridging remote networks)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up