vpnd rundown
I'm intentionally cross-posting this here. Original thread in the os x non-server version here:
http://discussions.apple.com/thread.jspa?threadID=2046230
So, apparently the client version of os x has a VPN server (man vpnd in Terminal if you don't believe me), and the only thing missing is the graphical front end.
I'd rather not pay $~30 for iVPN ( http://www.macserve.org.uk/projects/ivpn/) just as a front end, though what I do know about the config came from reading source code for an old version (2.4b) that's still under a BSD license. I have no problem screwing around CLI, but I'd like to know what I'm doing before I start anything severe.
The service is obviously not running correctly. vpnd shows up in `ps ax` (initialized as `vpnd -i com.apple.ppp.l2tp`) and appears to be running. But, a port scan of the computer in question (from inside the LAN) shows no open ports relating to VPN. A rootkit hunter that also searches open/listen ports on the server confirms this analysis, which I think implies it's not a firewall issue.
Oddly enough, /etc/hostconfig says it (the file) is going away and doesn't appear to be correct (i.e, the value for afp server is --NO-- when I'm running one that starts at boot time).
I'm having issues figuring out exactly what is meant by some of the entries in the plist file for the server (/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist) as well as how to write this file from scratch.
So, my questions are as follows:
1) How do I get the vpn server working?
2) Could the lack of open ports imply a firewall issue?
3) Is the os x (non-server) install not working as a dhcp server, and could that be the issue?
4) Do I need to change my router settings to allow for more ip addresses in the range specified in RemoteAccessServers.plist?
5) What ports need to be forwarded to the vpn server in the router. I'm currently forwarding a list of ports (500, 50, 51, and 1702) that I found on the wiki pages for l2tp over IPsec and PPTP (before I decided which one to use).
6) Why does the plist file appear to store the username, password, and shared secret in plain text? Is this related to not using Open Directory? If so, is there an Open Directory server in the client version of OS X?
I can provide config files as needed (sanitized, of course; see question #6) as soon as someone shows up who can help.
The easy solution would be to buy OS X server, but that's not an option at the moment. I plan on doing it as soon as I can, but I'd like to play with more of what OS X has to offer on the server side before I spend $500 on it.
So, apparently the client version of os x has a VPN server (man vpnd in Terminal if you don't believe me), and the only thing missing is the graphical front end.
I'd rather not pay $~30 for iVPN ( http://www.macserve.org.uk/projects/ivpn/) just as a front end, though what I do know about the config came from reading source code for an old version (2.4b) that's still under a BSD license. I have no problem screwing around CLI, but I'd like to know what I'm doing before I start anything severe.
The service is obviously not running correctly. vpnd shows up in `ps ax` (initialized as `vpnd -i com.apple.ppp.l2tp`) and appears to be running. But, a port scan of the computer in question (from inside the LAN) shows no open ports relating to VPN. A rootkit hunter that also searches open/listen ports on the server confirms this analysis, which I think implies it's not a firewall issue.
Oddly enough, /etc/hostconfig says it (the file) is going away and doesn't appear to be correct (i.e, the value for afp server is --NO-- when I'm running one that starts at boot time).
I'm having issues figuring out exactly what is meant by some of the entries in the plist file for the server (/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist) as well as how to write this file from scratch.
So, my questions are as follows:
1) How do I get the vpn server working?
2) Could the lack of open ports imply a firewall issue?
3) Is the os x (non-server) install not working as a dhcp server, and could that be the issue?
4) Do I need to change my router settings to allow for more ip addresses in the range specified in RemoteAccessServers.plist?
5) What ports need to be forwarded to the vpn server in the router. I'm currently forwarding a list of ports (500, 50, 51, and 1702) that I found on the wiki pages for l2tp over IPsec and PPTP (before I decided which one to use).
6) Why does the plist file appear to store the username, password, and shared secret in plain text? Is this related to not using Open Directory? If so, is there an Open Directory server in the client version of OS X?
I can provide config files as needed (sanitized, of course; see question #6) as soon as someone shows up who can help.
The easy solution would be to buy OS X server, but that's not an option at the moment. I plan on doing it as soon as I can, but I'd like to play with more of what OS X has to offer on the server side before I spend $500 on it.
Macbook 2.16, Mac OS X (10.5.7), I also run Gentoo.
