8 Replies Latest reply: Jan 3, 2013 2:10 AM by wedebugyou.com
nathanspry Level 1 Level 1

In order to deploy Lion Server's VPN service, you obviously are required to enter an IP range to assign. We are running a standard class C network here, with systems running on 192.168.1.x. The problem is that if a user is accessing the VPN from a remote location that also uses the same IP scheme, then they won't be able to connect. Is there a simple way to deal with this? Is the only way to fix the problem to re-assign every IP address on our network a more unique address scheme? We have a large network and that would be unwieldy.

 

Also, will it be possible to use Bonjour over the VPN? We want to be able to share network resources as if the user was physically connected to our LAN.

 

Thanks in advance for your answers!


Mac Pro, Mac OS X (10.7.3), Server
  • marksv Level 1 Level 1

    When ever I setup VPN I always put the VPN host address range to something like 192.168.252.x.  Highly unlikely there will be a conflict with the local subnet like that

  • Linc Davis Level 10 Level 10
    expertise.desktops
    Desktops

    Also, will it be possible to use Bonjour over the VPN?

     

    Bonjour doesn't work over a routed connection. You would need to use something like this:

     

    Slinkware

  • Camelot Level 8 Level 8
    expertise.macosx
    Mac OS X

    Bonjour doesn't work over a routed connection

    actually, it does - or, at least, can do. It's called Wide-area bonjour, and it takes additional configuration on the server to make it work. Personally, I know of no one that's actually gone through the pain and hassle, but it is doable if you so desire. A quick google for 'wide area bonjour' for more details.

  • Linc Davis Level 10 Level 10
    expertise.desktops
    Desktops

    I know what Wide-Area Bonjour is. It has nothing to do with the OP's question. He's asking for an mDNS reflector, which is what the Slinkware product is.

  • Camelot Level 8 Level 8
    expertise.macosx
    Mac OS X

    I know what Wide-Area Bonjour is. It has nothing to do with the OP's question

     

    Actually, it does - it directly relates to the second part of the original question. In either case I was commenting as much on your (mis)statement about bonjour as the original post.

     

    That said, Slinkware might provide a neater solution to the wider problem of IP address conflicts, although that's not as easy to deploy on a broad basis.

  • Linc Davis Level 10 Level 10
    expertise.desktops
    Desktops

    I was commenting as much on your (mis)statement about bonjour...

     

    I made no misstatement about Bonjour.

  • Kiwi Graham Level 4 Level 4

    Linc Davis wrote:

     

    Also, will it be possible to use Bonjour over the VPN?

     

    Bonjour doesn't work over a routed connection. You would need to use something like this:

     

    Slinkware

    Thanks for this link Linc. From descriptions and reviews it sounds like exactly what I was looking for to propagate Bonjour service discovery to a remote Mac. Being a little naive I had set up an OS X Server VPN expecting Bonjour to "just work" once a remote Mac connected!

    In particular the Slinkware web site has a detailed description on how to set up certificate authentication which improves security (geeky but very well detailed).

  • wedebugyou.com Level 1 Level 1

    You can use a "bridge" vpn instead of a "routed" vpn.

     

    The advantage is that all your "bonjour" services will work without any modification of DNS.

     

    Openvpn do it and here is a guide on how to set it up.

     

    Cheers

     

    Jean