Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Matthew Pendergraff
Matthew Pendergraff Author
User level: Level 1
13 points

Need Help with VPN and 10.5 Server

I am at my wits end trying to get my VPN set-up on my X-serve running 10.5 server. Here is what I have for a set-up.

I have set-up my X-Serve as a Standard Server install.

I have put "pinholes" in my router using the following port info:
1701 UDP L2TP - Mac OS X Server VPN service
1723 TCP PPTP - Mac OS X Server VPN service

When I try to log-in remotely, it says it is connecting and then comes back with "The Connection has failed. Please verify your settings and try again." I know my my log-in and password is correct.

Any help or direction at all would be VERY much appreciated. I am completely out of ideas after trying for a week. Thanks!

OSX Server, Mac OS X (10.5.1)

Posted on Jan 24, 2008 7:05 AM

Reply
5 replies
User profile for user: NoComment
NoComment
User level: Level 1
9 points

Jan 24, 2008 8:43 AM in response to Matthew Pendergraff

hi!

you need a lot more "pinholes" in your firewall, have a look at http://images.apple.com/server/macosx/docs/NetworkServices_Adminv10.5.pdf and read the sections about VPN. you will need some very special ports opened, and as i'm currently not in reach of my firewall i can't send you the ports and protocol types you need to open for VPN.

br,
günther
Reply
User profile for user: Matthew Pendergraff
Matthew Pendergraff Author
User level: Level 1
13 points

Jan 24, 2008 11:01 AM in response to NoComment

Thanks a lot! I think that was the issue. I found another posts and it suggested the following:
UDP 500
UDP 1701
TCP 1723
UDP 4500
UDP 170

The interesting thing about this is the UDP 170. This port is not listed in the list ("Well Known" TCP and UDP ports used by Apple) PDF Apple has posted. I am going to give this a try and see what happens. Thanks again for your help!
Reply
User profile for user: NoComment
NoComment
User level: Level 1
9 points

Jan 24, 2008 2:32 PM in response to Matthew Pendergraff

hi,

i've opened ports 47/all (called GRE), 50/all (called ESP), 1701/L2TP, 500/VPN and 4500/IKE-NAT when using L2TP for VPN. i'm not sure if 47 and 50 are related to VPN or IChat, but i guess it's VPN 😉

the other ports you mentioned might be related to PPTP for VPN which you actually don't need. try restrict them to the ports i listed when using L2TP, try and if it doesn't work, open 47 and 50. it is important that these two ports support both TCP and UDP because actually they are not TCP nor UDP because they use something similair like ICMP (used for ping).

br,
günther
Reply
User profile for user: NoComment
NoComment
User level: Level 1
9 points

Jan 25, 2008 2:08 AM in response to Jeff Kelleher

hi jeff,

that's true, this is why i gonna change my network setup using a new hardware firewall with integrated VPN. this is much safer than running a max os x server behing a firewall for VPN (the more port forwards the more bad things can happen). the new soho firewalls even integrate with ldap or radius servers to keep user maintaince low.

br,
günther
Reply

Need Help with VPN and 10.5 Server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up