On my VPN server, which is also the DNS server, I have a Primary Zone setup similar to the following. My server is named "servera", a second named "serverb", and my domain is "mydomain.local":
The reverse zones are created automatically.
Under settings, I make sure I have the proper forwarders. In my case it is the DNS servers for my ISP.
Hrm. For me I had imported my settings from my 10.4 Server disk. Perhaps there was some residual junk causing issues but I would hope that the importer would have brought everything in ok. Does anyone know of a tool that would validate the DNS settings and potentially catch issues with DNS that could cause VPN issues/
I have no idea if this might be the same problem on 10.7, but anyway:
I had the same problem in 10.6 Server and I solved it by switching IP addresses between the real interface and the virtual/alias interface I created specifically for the VPN. When trying to connect to the IP of the real interface, everything worked without a problem.
egbert, simply you should is an easy answer.
First of all, read Hoffman, on DNS server setup:
Then view some Lynda video, google "lynda mac os x dns"
Simplify things as much as possible to test the functionality.
vpn A local IP of VPN server (ie whatever internal IP xxx.xxx.xxx.xxx)
(other stuff, etc.) For example, if your server's name is server.yourzone.com you should have the same here:
server A local IP of server
Domain (provider?) DNS
vpn A public static IP to your server
In this, you should be able to use the same server name vpn.yourzone.com in the VPN client to reach the same place, internally and externally. Your DNS will let your client know the easiest direction to go.
Additionally, your firewall/router/gateway should have passthrough or the necessary ports NATing to the server for outside connections. Hopefully internal IP is also static (just in case the server fails to maintain it as well, which it should). Your VPN is either doing PPTP or L2TP/IPSec. The range of IP is really not that important (as long as it is free). The VPN service is reliant on the directory services (user management) to have some understanding of the username/password it will be given by your client to server. This can be OD or a standalone, but this needs to be there. If there are issues (some accounts are okay, some are not) please look at the logs for VPN and the OD logs for clues. Many typical problems have been well documented from previous versions.
Using existing Open Directory instances
Open Directory instances created prior to Lion Server v10.7.3 will need their password policy modified to allow PPTP connections. Use the following command:
pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"
- Replace "(vpn_idname)" with the short name of the VPN key agent user, found in Server.app or WorkGroup Manager. Choose View > Show System Accounts/Records to make that record visible.
- Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" is the default name the system uses.