L2TP VPN, 2 ethernet ports, Mac Mini Server
I have a Mac Mini server running 10.6.8 offering VPN services.
This box is an Open Directory replica.
It is also the primary DNS server on the LAN.
This Mini has onboard ethrnet connected to the LAN, using 192.x.x.x
It aslo has USB Ethernet connected to a switch in our DMZ. The USB Ethernet has a real-world IP address of 72.x.x.x
VPN offered is L2TP over IPSEC, with Directory Service authentication using MS-Chap v2
VPN works GREAT using L2TP IF the USB Ethernet is set as the primary network interface.
That means USB Ethernet must be listed at the top in the 'Service Order' in System Preferences > Network. If it is not listed as the primary network interface the following errors show repeatedly in the VPN log on the server:
2012-07-23 14:57:35 EDT Incoming call... Address given to client = 192.168.0.253
Mon Jul 23 14:57:35 2012 : Directory Services Authentication plugin initialized
Mon Jul 23 14:57:35 2012 : Directory Services Authorization plugin initialized
Mon Jul 23 14:57:35 2012 : L2TP incoming call in progress from '166.147.112.201'...
Mon Jul 23 14:57:35 2012 : L2TP received SCCRQ
Mon Jul 23 14:57:35 2012 : L2TP sent SCCRP
2012-07-23 14:57:36 EDT --> Client with address = 192.168.0.248 has hungup
But having USB Ethernet listed at the top is inconvenient for other reasons, since running
sudo changeip -checkhostname
returns the external IP Address of the server listed.
This munges communication with the OD Master on the LAN and screws with some 3rd party servers that refer to the OD Master and Replica on the LAN.
My questions...
Is it expected that the L2TP VPN must be on the primary interface (can't find any info from Apple on this but see some rumors on the web)?
Can I switch it to the secondary by any means?
If not, how do I make this setup work well, keep the OD replica in sync and keep other services which refer to the OD replica happy?
Thanks,
b.
Mac OS X (10.6.8)