5 Replies Latest reply: Jan 25, 2008 2:08 AM by NoComment
Matthew Pendergraff Level 1 Level 1 (0 points)
I am at my wits end trying to get my VPN set-up on my X-serve running 10.5 server. Here is what I have for a set-up.

I have set-up my X-Serve as a Standard Server install.

I have put "pinholes" in my router using the following port info:
1701 UDP L2TP - Mac OS X Server VPN service
1723 TCP PPTP - Mac OS X Server VPN service

When I try to log-in remotely, it says it is connecting and then comes back with "The Connection has failed. Please verify your settings and try again." I know my my log-in and password is correct.

Any help or direction at all would be VERY much appreciated. I am completely out of ideas after trying for a week. Thanks!

OSX Server, Mac OS X (10.5.1)
  • NoComment Level 1 Level 1 (5 points)

    you need a lot more "pinholes" in your firewall, have a look at http://images.apple.com/server/macosx/docs/NetworkServices_Adminv10.5.pdf and read the sections about VPN. you will need some very special ports opened, and as i'm currently not in reach of my firewall i can't send you the ports and protocol types you need to open for VPN.

  • Matthew Pendergraff Level 1 Level 1 (0 points)
    Thanks a lot! I think that was the issue. I found another posts and it suggested the following:
    UDP 500
    UDP 1701
    TCP 1723
    UDP 4500
    UDP 170

    The interesting thing about this is the UDP 170. This port is not listed in the list ("Well Known" TCP and UDP ports used by Apple) PDF Apple has posted. I am going to give this a try and see what happens. Thanks again for your help!
  • NoComment Level 1 Level 1 (5 points)

    i've opened ports 47/all (called GRE), 50/all (called ESP), 1701/L2TP, 500/VPN and 4500/IKE-NAT when using L2TP for VPN. i'm not sure if 47 and 50 are related to VPN or IChat, but i guess it's VPN

    the other ports you mentioned might be related to PPTP for VPN which you actually don't need. try restrict them to the ports i listed when using L2TP, try and if it doesn't work, open 47 and 50. it is important that these two ports support both TCP and UDP because actually they are not TCP nor UDP because they use something similair like ICMP (used for ping).

  • Jeff Kelleher Level 4 Level 4 (3,015 points)
    Not the answer you're looking for...but I'd recommend not using OS X server for VPN unless it's just inside the perimeter of your LAN and that's it's primary task. It's sort of like using your Mac as a firewall. Some functions are really meant to run form specific parts of your network.

  • NoComment Level 1 Level 1 (5 points)
    hi jeff,

    that's true, this is why i gonna change my network setup using a new hardware firewall with integrated VPN. this is much safer than running a max os x server behing a firewall for VPN (the more port forwards the more bad things can happen). the new soho firewalls even integrate with ldap or radius servers to keep user maintaince low.