You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: John Eriksson
John Eriksson Author
User level: Level 1
43 points

VPN (PPTP) server behind Time Capsule firewall

We have a Mac OS X Server Snow Leopard where we enabled a VPN PPTP server.
It verifies the password, but if the password is correct I get a Timeout.

This happens when I try to connect from outside world, inside the network there is no problem.

I've forwarded port 1723 in the port forward list in the Time Capsule.
Time Capsule model is as of yesterday the latest one.

Is there any known issues regarding VPN tunneling? On the tech specs it says it should be compatible.

I also has problems forwarding port 548 (AFP). Is that because of the internal hard drive?

MacBook, Mac OS X (10.6.1)

Posted on Oct 21, 2009 3:26 AM

Reply
3 replies
User profile for user: Michael Lake
Michael Lake
User level: Level 2
195 points

Nov 3, 2009 2:35 PM in response to John Eriksson

You may need to enable your OS X Server as the Default Host in AirPort Utility. Under *Internet > NAT > Enable default host at:*, put your server's IP address (it should be statically-assigned using DHCP Reservations in the DHCP tab). This will forward all unsolicited traffic to your server, so make sure the Firewall is up and running before you do this.

The problem is that PPTP and L2TP/IPSec VPNs require special "tunneling protocols" +in addition to+ the standard TCP/UDP ports that are configured through AirPort Utility. PPTP requires a "GRE Protocol", and L2TP requires an "ESP Protocol", neither of which are generally routable with standard firewall configuration utilities. The way around this is to make the OS X Server the default host, which will forward all traffic -- including GRE and ESP --- to the server machine where the VPN service can receive it.

Sadly, the documentation with the AirPort Extreme / Time Capsule is sorely lacking in this department, and has been for some time. Hope this helps, though!

More reading on these over at Wikipedia if you're interested:
http://en.wikipedia.org/wiki/GenericRoutingEncapsulation
http://en.wikipedia.org/wiki/IPsec#EncapsulatingSecurityPayload

Message was edited by: Michael Lake
Reply

VPN (PPTP) server behind Time Capsule firewall

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up