iphone4_Ie

Q: OSX Server 2.21 L2TP VPN - security recommendations

hi  folks,

 

 

I am running OSX server 2.2.1 hosting mail,  and L2TP VPN which work great..

 

I port forward  port 25

 

 

and UDP 500, 1701 , 4500 for the VPN, from my router gateway to my mac mini.

 

 

 

 

are there any security concerns in relation to having open access to the UDP ports 500,1701, 4500  on my mac mini?

 

 

 

I had tried to put a firewall rule on my gateway  to only allow access from the public ip of my iphone over 3g, but that didnt seem to work  as i still could connect over a different public network, so it appears that the firewall rule was ignored as the traffic was automatically being natted by the gateway..

 

 

my main question really, is should i be worried, leaving UDP ports open publically to my mac mini server?

 

 

 

thanks

Posted on Aug 17, 2013 3:59 AM

Close

Q: OSX Server 2.21 L2TP VPN - security recommendations

  • All replies
  • Helpful answers

  • by cpragman,

    cpragman cpragman Aug 17, 2013 5:16 AM in response to iphone4_Ie
    Level 2 (464 points)
    Servers Enterprise
    Aug 17, 2013 5:16 AM in response to iphone4_Ie

    If you look at your server logs, you'll likely notice many failed login attempts over the open VPN ports.  Don't use simple passwords.  Use a complicated VPN shared secret.  Don't give root VPN access.

     

    For additional security, you can turn on Server's "adaptive firewall" (afctl).  This will watch for failed login attempts, and temporarily ban the incoming IP address that the attack originates from.  This will make it really hard for people to run dictionary attacks against your server all day long.

     

    http://support.apple.com/kb/HT5519?viewlocale=en_US&locale=en_US

  • by iphone4_Ie,

    iphone4_Ie iphone4_Ie Aug 17, 2013 6:20 AM in response to cpragman
    Level 1 (0 points)
    Aug 17, 2013 6:20 AM in response to cpragman

    hi thanks for the info, I have already the firewall enabled in system preferences.. is this the same thing?

     

     

     

    thanks

  • by iphone4_Ie,

    iphone4_Ie iphone4_Ie Aug 17, 2013 7:14 AM in response to iphone4_Ie
    Level 1 (0 points)
    Aug 17, 2013 7:14 AM in response to iphone4_Ie

    i ran through those processes , and for the last one got file not found

     

     

     

     

     

     

    /System/Library/LaunchDaemons/com.apple.pfctl: file does not exist or is not readable or is not a regular file

     

     

     

    is there a way to verify that the adaptive firewall is running?

     

     

    thanks