3 Replies Latest reply: Dec 30, 2013 2:02 PM by bfdulock
tlaboucane Level 1 Level 1 (0 points)

I'm all about learning new things. When I decided to purchase Mac Server and set it up in my home I was fully prepared to learn and figure things out. However if I'm trying to figure out how to make something work that simply doesn't that ****** me off.

 

So, I want to know if the VPN component of Mac Server simply doesn't work and everything I'm trying to do is for not or is it something I haven't figured out yet and I should still keep working on it. The majority of people have upgraded from a previous version and found that reverting back solved the problems. HOWEVER I started at the Mavericks version so there is no going back.


Mac Server Mavericks, OS X Mavericks (10.9.1)
  • bfdulock Level 2 Level 2 (190 points)

    Yes, I can say that the VPN service on OS X Server 10.9 works well.  Assuming everything is configured correctly and that you have the 10.9.1 update installed, both PPTP and L2TP over IPSec protocols work as advertised.

     

    Bryan Dulock

    Apple Consultants Network

    Houston, TX

  • tlaboucane Level 1 Level 1 (0 points)

    Can you recommend a good source to learn how to configure it correctly. I have a feeling that because I've gone in in so many different directions and different sources of information I've got everything mixed up. I'll probably reinstall server and start from scratch.

     

    Thanks for you response.

  • bfdulock Level 2 Level 2 (190 points)

    I don't know a good source to recommend, but here is the overall strategy that I use:

     

    1.  Get a static IP address for your Internet service.

     

    2.  Configure port forwarding on your router using Apple's VPN info at http://support.apple.com/kb/TS1629 (the ports & protocols used depend on the which VPN protocol is being used).

     

    3.  Configure your server with a private static IP (this is standard practice on servers).

     

    4.  Configure Open Directory on your server.  Local Accounts may or may not work with the PPTP protocol.  I normally only use Local Network Accounts for most of my VPN setups.

     

    5.  Configure the VPN service (turn it on and configure client VPN IP ranges that don't overlap with your DHCP range).

     

    6.  Make sure the user accounts on the server are enabled for the VPN service.

     

    7.  Configure a client and test.  This can be done first on the local network to test the service.  Then it can be done from outside the local network to verify the router is configured properly.

     

    8.  Optional--Define an A record to your public IP address.  This allows for easy client setup.

     

     

    NOTES

     

    • Configure your local DHCP service to provide an uncommon IP range so that clients are not using the same range.  For example, don't use 192.168.1.x as the IP range on your server's network.  Any VPN client that uses this same range will have problems using the VPN.  Instead use 192.168.15.x.
    • It is preferable to use L2TP over IPSec as your VPN protocol due to stronger encryption.
    • It is possible to have both L2TP over IPSec and PPTP protocols active at the same time.  This is useful for older clients that don't work well with L2TP (mostly Windows) and can be useful when L2TP is unstable (this has happened in the past with OS X Server bugs).

     

     

    Bryan Dulock

    Apple Consultants Network

    Houston, TX