IPsecuritas vs. VPN tracker vs. Apple VPN

I have a SonicWall Pro2040 and TZ170. I have Global VPN's working with both Firewalls.

To answer your questions:
• Apple VPN doesn't work with SonicWalls, at all, don't waste your time trying.
• IP Securitas works but is a bit flaky and tends to work on and off. It also connects in a way that prevents your client from gaining an IP address which makes things difficult when using ARD for example.
• VPN Tracker is very expensive but works very well, however, if you need to traverse mulitiple sites, as I do, it can get even more expensive. The player version works fine for most users. VPN tracker is also easy to configure unlike IP Securitas.

My advice is to bite the bullet and pay for VPN Tracker.

That question is, almost, totally up to the connection your client & server is on.
The VPN adds a small overhead, but not much, as it's happening at the CPU in both ends.

You can also forward VPN traffic through the firewall to the OS X VPN server and let it do the work. We do it with with TZ 170's. If the VPN isn't configured in the SonicWall you can forward three UDP ports to the OS X server: UDP 500, 4500 and 1701 (1701 not neccessary). If you have mutiple public IPs you can use one-to-one NAT for this and still have working site to site VPN and IPSec client connections working.

SonicWall with standard firmware woun't let you forward GRE/PPTP, but L2TP should work fine (as long as you use OS X VPN client). With Windows clients use SonicWall VPN client. With enhanced firmware also PPTP can be forwarded.

SonicWall "kind of" works with Apple L2TP client, but probably only when the client connects from a public IP, so when/if you are behind NAT when connecting it woun't work. Also Apple L2TP VPN client doesn't support XAUTH so it has to be turned off.

L2TP is easier than a IPSec VPN client to configure and use.

The Apple software "just works" between client & server, however, you do need a router/firewall that can correctly forward the appropriate protocols (not just ports).

I was not able to get IPSecuritas to work with a couple different routers, and it also badly pegged my machine in terms of CPU usage. It's been effectively a non-starter for me.

VPN tracker should only be necessary to connect remotely from a Mac OS X computer to a 3rd-party device.

In terms of pricing and features, I tend to use the Zyxel Zywall 2 Plus (and up), and they sell a Windows-only client. VPNTracker works quite well with the Zyxel products.

We just implemented VPN Tracker with a Sonicwall 2040. Tracker is very easy to set up (they have many tech sheets showing how to exactly configure a given VPN gateway device).

I am having issues with VPN Tracker resolving our internal DNS server though. My MacBook keeps resolving to our ISP's. At this point, I do not know if this is the VPN tracker, Macbook, or the Sonicwall. Strangely, I can access the internal server ARD.

The speed so far has been fine.

Anyone tried the Shimo VPN client?

http://www.shimoapp.com/

we're using ipsecuritas with sonicwall and m0n0wall boxes with good results. nat-t works, clients get a local lan ip, and the price is right. specifying the use of the dns server on the lan is trivial, too. it's worth a try.

Hi Leif...i've read with interest your reply regarding IP vs VPN and Apple...i'd like to ask you some questions about it and also on setting up servers.

can you drop me a line at federico.loconte@esprow.com?

thanks
Federico

Why not keep it here in the discussions for the benefit of others ?

I had loads of problems back in early 10.4 server days where when a user authenticated to Apple's Server L2TP implementation it used to freeze all of our AFP connections for about 3 mins. This maybe resolved now, I'm not sure, but I feel good about my IP distribution being controlled solely from one place, my SonicWall, rather than a mixture Sonicwall and Mac OS X Server.

If only I could get RADIUS Server in 10.5.5 work with our Sonicwall and so I could use XAUTH with my client VPN connections against our ODM rather than a risky PSK that people take with them when they leave.

I second this approach-I do it through my Sonicwall to a 10.4 server and it works like a champ.
speed is entirely dependent on your network(s)

Jim Pattison

Looking to upgrade my server to Leopard 10.5.5 with a SonicWall TZ180. Any help with configuration especially VPN and iChat greatly appreciated. I would like to use the built in VPN on Leopard Server and I am not clear from the previous posts of this is possible.

Thanks
jerry_zigmont at mac.com

Trying to get IPsecuritas to work with a SonicWall TZ 180. The wizard has Sonicwall TZ 170, but the connection it generates doesn't work.

Does anyone have a working TZ180 configuration?

I also tried updating the templates, but it will not allow the update to take place. It says template update failed. Make sure you have administrator's permissions.

Btw it keeps failing on Phase 2 of the negotiations. The visible portion of the Phase 2 configuration appears identical to what is in the TZ 180 configuration, but something else isn't right.