-
All replies
-
Helpful answers
-
Jan 23, 2016 10:50 AM in response to crkdln1by Linc Davis,Bonjour will not work over an L2TP or PPTP VPN. To make services accessible through the tunnel, you need a working DNS service, or else you need to give the servers a fixed IP address and use that address to reach them.
-
Jan 23, 2016 11:01 AM in response to Linc Davisby crkdln1,I do have a static ip address set up with sms service. The vpn service says it is connected but the disc does not mount
-
Jan 23, 2016 12:22 PM in response to crkdln1by Linc Davis,I'm not sure I understand your response. What exactly are you doing, and what exactly happens when you do it?
-
Jan 24, 2016 6:05 AM in response to Linc Davisby crkdln1,I have the server app on a mac mini so that we can do filesharing. The filesharing is set up and runs fine over afp or smb. I would like to do filesharing over vpn. I set up vpn on the server. The first time I connected with my macbook, it connected as expected and the disk from the mac mini could be seen as a device in finder. When I disconnected the vpn and re-connected, it connects as expected but the disk does not show up as a device and I do not see the files in finder.
I have connected multiple times with the vpn and it says it is connected but the files cannot be seen.
-
Jan 24, 2016 9:10 AM in response to crkdln1by Linc Davis,To run a public VPN server behind an NAT gateway, you need to do the following:
1. Give the gateway either a static external address or a dynamic DNS name. The latter must be a DNS record on a public DNS registrar, not on the server itself. Also in the latter case, you must run a background process to keep the DNS record up to date when your IP address changes.
2. Give the VPN server a static address on the local network, and a hostname that is not in the top-level domain "local" (which is reserved for Bonjour.)
3. Forward external UDP ports 500, 1701, and 4500 (for L2TP) and TCP port 1723 (for PPTP) to the corresponding ports on the VPN server. The Server app can set this up for you if you have an Apple router.
If your router is an Apple device, select the Network tab in AirPort Utility and click Network Options. In the sheet that opens, check the box marked
Allow incoming IPSec authentication
if it's not already checked, and save the change.
There may be a similar setting on a third-party router.
4. Configure any firewall in use to pass this traffic.
5. In the sidebar of the Server app window, select the server by name, then select the Access tab. The network access setting for the VPN service should be All Networks if you want the clients to be able to connect from anywhere.
If you've taken all the above steps, the Server app should show that the VPN service is accessible from the Internet at your external IP address. Otherwise, something in the network is blocking some of the required traffic. Some residential ISP's block incoming UDP packets statefully. If yours is doing that, you won't be able to set up a VPN.
6. Each client must have an address on a netblock that doesn't overlap the one assigned by the VPN endpoint. For example, if the endpoint assigns addresses in the 10.0.0.0/24 range, and the client has an address on a local network in the 10.0.1.0/24 range, that's OK, but if the local network is 10.0.1.0/16, there will be a conflict. To lessen the chance of such conflicts, it's best to assign addresses in a random sub-block of 10.0.0.0./0 with a 24-bit netmask.
7. "Back to My Mac" is incompatible with the VPN service. It must be disabled both on the server and on an AirPort router, if applicable.
8. Bonjour will not work over an L2TP or PPTP VPN. To make services accessible through the tunnel, you need a working DNS service.
Where applicable, services such as Mail must be configured to listen on the netblock assigned to VPN clients.
9. If the server is directly connected to the Internet, rather than being behind NAT, see this blog post.