Skip navigation
This discussion is archived

Need Help with VPN and 10.5 Server

2423 Views 5 Replies Latest reply: Jan 25, 2008 2:08 AM by NoComment RSS
Matthew Pendergraff Level 1 Level 1 (0 points)
Currently Being Moderated
Jan 24, 2008 7:05 AM
I am at my wits end trying to get my VPN set-up on my X-serve running 10.5 server. Here is what I have for a set-up.

I have set-up my X-Serve as a Standard Server install.

I have put "pinholes" in my router using the following port info:
1701 UDP L2TP - Mac OS X Server VPN service
1723 TCP PPTP - Mac OS X Server VPN service

When I try to log-in remotely, it says it is connecting and then comes back with "The Connection has failed. Please verify your settings and try again." I know my my log-in and password is correct.

Any help or direction at all would be VERY much appreciated. I am completely out of ideas after trying for a week. Thanks!
OSX Server, Mac OS X (10.5.1)
  • NoComment Calculating status...
    Currently Being Moderated
    Jan 24, 2008 8:43 AM (in response to Matthew Pendergraff)
    hi!

    you need a lot more "pinholes" in your firewall, have a look at http://images.apple.com/server/macosx/docs/NetworkServices_Adminv10.5.pdf and read the sections about VPN. you will need some very special ports opened, and as i'm currently not in reach of my firewall i can't send you the ports and protocol types you need to open for VPN.

    br,
    günther
    Mac mini, Macbook Pro, Macbook, Mac OS X (10.5.1)
  • NoComment Level 1 Level 1 (5 points)
    Currently Being Moderated
    Jan 24, 2008 2:32 PM (in response to Matthew Pendergraff)
    hi,

    i've opened ports 47/all (called GRE), 50/all (called ESP), 1701/L2TP, 500/VPN and 4500/IKE-NAT when using L2TP for VPN. i'm not sure if 47 and 50 are related to VPN or IChat, but i guess it's VPN

    the other ports you mentioned might be related to PPTP for VPN which you actually don't need. try restrict them to the ports i listed when using L2TP, try and if it doesn't work, open 47 and 50. it is important that these two ports support both TCP and UDP because actually they are not TCP nor UDP because they use something similair like ICMP (used for ping).

    br,
    günther
    Mac mini, Macbook Pro, Macbook, Mac OS X (10.5.1)
  • Jeff Kelleher Level 4 Level 4 (3,015 points)
    Currently Being Moderated
    Jan 24, 2008 4:39 PM (in response to Matthew Pendergraff)
    Not the answer you're looking for...but I'd recommend not using OS X server for VPN unless it's just inside the perimeter of your LAN and that's it's primary task. It's sort of like using your Mac as a firewall. Some functions are really meant to run form specific parts of your network.

    Jeff
    G3's to Intels and everything in between., Mac OS X (10.5), Still supporting 9.x to 10.x
  • NoComment Level 1 Level 1 (5 points)
    Currently Being Moderated
    Jan 25, 2008 2:08 AM (in response to Jeff Kelleher)
    hi jeff,

    that's true, this is why i gonna change my network setup using a new hardware firewall with integrated VPN. this is much safer than running a max os x server behing a firewall for VPN (the more port forwards the more bad things can happen). the new soho firewalls even integrate with ldap or radius servers to keep user maintaince low.

    br,
    günther
    Mac mini, Macbook Pro, Macbook, Mac OS X (10.5.1)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.