Previous 1 2 Next 23 Replies Latest reply: Jun 12, 2012 4:05 AM by LLange Go to original post
  • LinkNS Level 1 Level 1

    On my VPN server, which is also the DNS server, I have a Primary Zone setup similar to the following.  My server is named "servera", a second named "serverb", and my domain is "mydomain.local":







    The reverse zones are created automatically.


    Under settings, I make sure I have the proper forwarders.  In my case it is the DNS servers for my ISP.

  • collinssolutions Level 1 Level 1

    yeah tried all that and no go. Now i did some manual edits to the vpn configuration so i might have messed it up.




  • LinkNS Level 1 Level 1

    Hmm.  I would delete the zone and start from scratch.  Don't forget to restart your DNS and VPN services.

  • edljedi Level 1 Level 1

    Hrm. For me I had imported my settings from my 10.4 Server disk. Perhaps there was some residual junk causing issues but I would hope that the importer would have brought everything in ok. Does anyone know of a tool that would validate the DNS settings and potentially catch issues with DNS that could cause VPN issues/

  • SvenWHD Level 1 Level 1

    I have no idea if this might be the same problem on 10.7, but anyway:


    I had the same problem in 10.6 Server and I solved it by switching IP addresses between the real interface and the virtual/alias interface I created specifically for the VPN. When trying to connect to the IP of the real interface, everything worked without a problem.

  • egbertfromkingston Level 1 Level 1

    Hi I am new to setting up servers and only do it for fun with alot of trial and error. Can you tell me if it is necessary to setup the DNS server under services in order to use the VPN function?

  • MAkahane Level 1 Level 1

    egbert, simply you should is an easy answer.


    First of all, read Hoffman, on DNS server setup:


    Then view some Lynda video, google "lynda mac os x dns"


    Simplify things as much as possible to test the functionality.



    Server DNS

         vpn     A     local IP of VPN server (ie whatever internal IP

         (other stuff, etc.) For example, if your server's name is you should have the same here:

         server     A     local IP of server


    Domain (provider?) DNS

         vpn     A     public static IP to your server


    In this, you should be able to use the same server name in the VPN client to reach the same place, internally and externally. Your DNS will let your client know the easiest direction to go.


    Additionally, your firewall/router/gateway should have passthrough or the necessary ports NATing to the server for outside connections. Hopefully internal IP is also static (just in case the server fails to maintain it as well, which it should). Your VPN is either doing PPTP or L2TP/IPSec. The range of IP is really not that important (as long as it is free). The VPN service is reliant on the directory services (user management) to have some understanding of the username/password it will be given by your client to server. This can be OD or a standalone, but this needs to be there. If there are issues (some accounts are okay, some are not) please look at the logs for VPN and the OD logs for clues. Many typical problems have been well documented from previous versions.

  • Mark23 Level 3 Level 3

    To get VPN working on Lion Server, please follow this guide:


  • LLange Level 1 Level 1

    Using existing Open Directory instances

    Open Directory instances created prior to Lion Server v10.7.3 will need their password policy modified to allow PPTP connections. Use the following command:

    pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"

    • Replace "(vpn_idname)" with the short name of the VPN key agent user, found in or WorkGroup Manager. Choose View > Show System Accounts/Records to make that record visible.
    • Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" is the default name the system uses.


Previous 1 2 Next