Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: iphone4_Ie
iphone4_Ie Author
User level: Level 1
1 points

OSX Server 2.21 L2TP VPN - security recommendations

hi folks,



I am running OSX server 2.2.1 hosting mail, and L2TP VPN which work great..


I port forward port 25



and UDP 500, 1701 , 4500 for the VPN, from my router gateway to my mac mini.





are there any security concerns in relation to having open access to the UDP ports 500,1701, 4500 on my mac mini?




I had tried to put a firewall rule on my gateway to only allow access from the public ip of my iphone over 3g, but that didnt seem to work as i still could connect over a different public network, so it appears that the firewall rule was ignored as the traffic was automatically being natted by the gateway..



my main question really, is should i be worried, leaving UDP ports open publically to my mac mini server?




thanks

Posted on Aug 17, 2013 3:59 AM

Reply
3 replies
User profile for user: cpragman
cpragman
User level: Level 2
465 points

Aug 17, 2013 5:16 AM in response to iphone4_Ie

If you look at your server logs, you'll likely notice many failed login attempts over the open VPN ports. Don't use simple passwords. Use a complicated VPN shared secret. Don't give root VPN access.


For additional security, you can turn on Server's "adaptive firewall" (afctl). This will watch for failed login attempts, and temporarily ban the incoming IP address that the attack originates from. This will make it really hard for people to run dictionary attacks against your server all day long.


http://support.apple.com/kb/HT5519?viewlocale=en_US&locale=en_US

Reply

OSX Server 2.21 L2TP VPN - security recommendations

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up