Hi, I would need to connect to a company server (Mac OS X v10.7.5) using Windows 8. Connecting with VPN doesn't seem to be easy. Any tips how to do this?
You posted to the "Client" forum. I've requested the moderators move your thread.
This depends on your ISP (some block VPN protocols), on your gateway or firewall (some implement VPN pass-through, some implement VPN servers and usually make this easy, and some just get in the way and block specific ports or protocols), and on the set up of the OS X Server, and on which VPN client you're using. In summary, this is trial-and-error, and you'll need to look at each of the parts and determine the proper configuration,
With OS X Server, you can create profiles to load into OS X systems and iOS systems, but I'm not aware of an analog for creating and loading profiles into Windows; that capability exists, but not AFAIK generally from OS X or OS X Server systems.
Depending on the exact set-up of the network and the particular VPN technology,
For VPN pass-through, I usually end up opening and forwarding the VPN ports from Apple's TS1629 well-known IP ports list manually:
Note that protocols and ports are different, and some gateway-firewall-router devices can manage and process protocols and VPN pass-through configurations correctly, and some (many?) can't.
It is common for L2TP passthrough to fail when more than one connection is active. (NAT and VPNs inherently work at cross purposes, and multiple L2TP connections tend to get tangled at the NAT device.)
As compared with L2TP, PPTP is usually much easier to get going around NAT, though it's also less secure.
Use of an external gateway-firewall-router with an embedded VPN server is also something I've often recommended. NAT passthrough is something best avoided, and for various reasons. This requires a mid-grade gateway-router-firewall device, or higher, though those are getting cheaper all the time.
Also ensure your ISP is not blocking VPN connections. There are ISPs that block server-oriented ports on the residential service tier. (If you're on a business-class service tier with your ISP, you can ignore this.)
Discussions of ports and protocols used for VPNs are common here in the discussion forums; see here, here and here, among other discussions.
And FWIW, I don't know, nor particularly use, nor have any recommendations for Windows VPN clients.
FWIW: Do not use 192.168.0.0/24 nor 192.168.1.0/24 on your private network, as VPNs use IP routing, and IP routing does not appreciate finding the same IP subnet on both ends of the VPN connection. The IP routing gets confused, and the VPN won't work or won't work reliably. Most home networks and coffee shop networks use 192.168.0.0/24 nor 192.168.1.0/24, too. Pick a subnet somewhere in 10.0.0.0/8 or 172.16.0.0/12, or elsewhere in 192.168.0.0/16; elsewhere in the private IP blocks.
TL;DR: Learn a little (more) about IP and VPNs, and figure out how your VPN client, your VPN server, and your gateway-router-firewall and other intervening firewalls all play together. Or don't play together. Or get somebody in to do this for you. I've never seen a universal recipe for this, and — given the differences in networking gear — don't expect to see such a recipe anytime soon....
I haven't worked with Windows 8, but shown below are the steps to configure a Windows 7 client for connecting via VPN to OS X Server. I extracted this info from a Microsoft Knowledge Base article. I used these steps successfully to configure a client's computer for VPN connectivity to a Mac server.
CONFIGURING VPN CLIENT IN WINDOWS 7
By default, Windows no longer supports IPsec NAT-T security associations to servers that are located behind a network address translator. Therefore, if your virtual private network (VPN) server is behind a network address translator, by default, a Windows-based VPN client cannot make a L2TP/IPsec connection to the VPN server. This scenario includes a VPN server that is running Microsoft Windows Server 2003.
Because of the way that network address translators translate network traffic, you may experience unexpected results when you put a server behind a network address translator and then use IPsec NAT-T. Therefore, if you require IPsec for communication, we recommend that you use public IP addresses for all servers that you can connect to directly from the Internet.
To create and configure the AssumeUDPEncapsulationContextOnSendRule registry value, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec
3. On the Edit menu, point to New, and then click DWORD Value.
4. In the New Value #1 box, type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
5. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
6. In the Value Data box, type one of the following values:
◦ 0 (default)
A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind network address translators.
◦ 1
A value of 1 configures Windows so that it can establish security associations with servers that are located behind network address translators.
◦ 2
A value of 2 configures Windows so that it can establish security associations when both the server and the Windows XP SP2-based client computer are behind network address translators.
7. Click OK, and then quit Registry Editor.
8. Restart the computer.
*** Note: For step #6, use a value of 2 ***
Bryan Dulock
ACN
Houston, TX
How do I connect to OS X server with VPN from Windows 8?
