11 Replies Latest reply: May 19, 2010 2:56 PM by plopmolive
plopmolive Level 1 (0 points)
Hi. I just bought a Mac Mini Server and want to use the VPN service to access files on the host. I am not sure how this works and so far have been unable to find a tutorial that walks through the steps to do so. If anyone here can help me out I would appreciate it. I have my VPN server turned on with a shared secret and everything, but other than that I am clueless. All help will be greatly appreciated

Mac Mini, Mac OS X (10.6.3)
  • Camelot Level 8 (46,665 points)
    There are two further steps to your problem.

    First is setting up your router to forward connections from the internet to your server.

    You'll need to forward UDP ports 500, 1701, 4500 to your server.

    Once you've setup the port forwarding you then just need to configure your client. Assuming you're using Mac OS X clients running Snow Leopard, just use System Preferences -> Network and add a new connection (the + button below the list of interfaces). Specify the public IP address of your network (i.e. the router where you setup port forwarding), plus the account details. Then you should be set.
  • plopmolive Level 1 (0 points)
    Ok, that sounds right. I am not at home now to work on it but it sounds like it should. I guess I am just thinking of VPN in terms of like the one I use at work. We can type a URL in the address bar and enter our log in information on the page and login from any terminal anywhere. Is that going to be the case with this or is it different?
  • MrHoffman Level 6 (14,832 points)
    It's implemented differently than what is probably an SSL-based VPN at a firewall box, based on a whole lot of guesswork around your description. But the results are similar. (I'd wager that if you look at that web page you connected to when you entered your credentials, you'd see the name of a vendor of firewall/VPN boxes prominently listed.)
  • plopmolive Level 1 (0 points)
    You are right, it is run by Safelnk, https://vpn2.safelnk.net/dana-na/auth/url_default/welcome.cgi. I would imagine a good size company, this is my only experience with a VPN though, so I would presume to think the one I could set up with my Mac would be similar, but again my experience is quite limited.
  • MrHoffman Level 6 (14,832 points)
    There are mid-grade firewalls that have built-in VPN servers that can download clients into your Mac OS X box, and you can either have a system that works like this firewall.

    Or you can have a firewall with an L2TP or SSL or another end-point server built in; where you use the existing Mac client, or where you can work with (for instance) IPsecuritas or another client.

    Or you can set up port forwarding as Camelot mentions and connect from your client (and its VPN client) through to Mac OS X Server and its VPN server capabilities. (One caveat here: there were some L2TP bugs around Airport and Time Capsule that have been discussed; where these devices were not correctly passing a VPN through. Check around for forums for previous discussions.)

    Within the margin for error and variability among the VPN implementations, VPNs are roughly equivalent. Yes; there are some differences in the degree of security provided by PPTP and L2TP and SSL, but they're all better than running open ports or clear-text protocols. The key question being "does it work", as is usual.

    My preference is for a VPN-capable firewall which uses one of the Mac OS X clients, and that doesn't require a specific VPN client from the vendor; with a "standard" VPN, Apple maintains the clients for you.
  • plopmolive Level 1 (0 points)
    Ok, so how do I set up the basic VPN service that comes with the Server software? Basically I just need it to gain access to my home network while I am working out of the country for the next year.
  • Camelot Level 8 (46,665 points)
    Ok, so how do I set up the basic VPN service that comes with the Server software

    I already explained that in my earlier post.

    Mac OS X Server implements both a PPTP and a L2TP/IPSec VPN server. These are common standard VPN protocols supported by a wide range of systems (including Mac OS X client). They are, however, radically different from the SSL-VPN you're using for your corporate network.

    SSL-VPNs basically tunnel traffic over an encrypted HTTPS connection. They work by running a (typically Java-based) application on the client machine that manages the network connection. The advantage of these are that they're easy to get through firewalls (most firewalls happily allow HTTPS traffic through).

    Mac OS X does not implement a SSL-based VPN but that doesn't mean you can't do what you want - you just need to tell your firewall to allow the VPN traffic in from the outside world, which you do via Port Forwarding.
  • plopmolive Level 1 (0 points)
    Right, I have opened those ports to my server. And I have configured a VPN connection in my client preferences, but when I try to connect I get the message server unreachable. Should I open these ports in my port triggering section of my router configuration?
  • plopmolive Level 1 (0 points)
    Ok, disregard that last post. I have now successfully connected. So what are my options as far as being able to access files on my server once I am connected?
  • Mattitude360 Level 1 (0 points)
    What was the problem in the end? im having the same problem, i opened the ports and it says unreachable
  • plopmolive Level 1 (0 points)
    the configuration file that i was using on the client from the host was giving me the wrong server address in the connection box. also you have to enter an account name that is on the server to authenticate the connection. that was the problem I was having anyway.