VPN (Virtual Private Network) is used to securely connect two networks over the public Internet by creating an encrypted tunnel between the networks. Since the data between the two networks are encrypted within the tunnel, your information is safe and secure from outside influence.

A common scenario where VPN may be used is a telecommuter who works from home but needs to access resources available on his company’s corporate network, which is physically distant. Creating a VPN tunnel between this home and corporate network in a secure manner will address this need.

In this lesson, we’re going to set up OS X Server’s software based VPN server in one location, which will represent the corporate network. Then we’ll set up a Mac client and create a VPN tunnel to connect to that network, just like the telecommuter scenario.

First, let’s configure OS X Server’s VPN server located in your company’s corporate network.

• Launch Server Admin and select your server under Computers & Services. Click on VPN and press the Settings Tab.
• We’ll be using the L2PT tunneling protocol so enable L2TP over IPsec.
• You’ll need to select a range of IP addresses that are free and available on your network that is assigned specifically for VPN clients once they make a successful connection. For this example, I selected the range from .140 to .150 anticipating that only a few users will be using VPN. Once the VPN client disconnects, that IP will return to the pool of available IP addresses and become available to another client. Create a range to suite your needs.
• For PPP Authentication, leave it on MS-Chapv2.
• For IPSec Authentication, you’ll need to create a Shared Secret. It’s very important that you create a difficult to guess Shared Secret since this is probably the weakest link in your VPN connection along with your user password. Use a combination of letters and numbers that are not easy to crack. Save your settings.

• Click on the PPTP tab. PPTP tunneling protocol is primarily used by Microsoft so if you have Windows users, you’ll want to enable it.
• Check Allow 40-bit encryption keys in addition to 128-bit, and select a range of IP addresses like you did for L2TP. Save your settings.

• Click on the Client Information tab. For DNS servers, put in the IP address of you DNS server that we set up earlier. For this example, I would use 192.168.100.
• For Search domains, supply your domain.
• Press the “+” button to add a new Network Routing Definition. For this example, the corporate network has addresses ranging from 192.168.0 to 192.168.255.255 (Class C).
• For Network Address, put in the first IP address of the range which is 192.168.0.
• For Network Mask, put in 255.255.255.0.
• Set Network Type to Private.
• Save your setting and press the Start Service Button.

Once the VPN server is up and running, you’ll need to configure your router to forward the connection to your server if you’re using NAT.

• VPN ISAKMP/IKE - Port 500, TCP
• VPN L2TP - Port 1701, UDP
• VPN TTPT - Port 1723, TCP
• IKE NAT Traversal - Port 4500, UDP

You’ll also need to open the above ports for the firewall to allow traffic through. Additionally, open ports for ESP and GRE.

I should note that some consumer routers may not support VPN. If your router supports VPN pass through, you should be ok. Check with your manufacturer.

Now that you’ve configured the VPN server located in the corporate network, let’s set up the Client running at home on OS X.

• Open Internet Connect in the Applications Folder.
• Under File, select “New VPN Connection…”
• Select L2TP over IPSec and press Continue.

• From the Configuration drop down menu, select “Edit Configurations…”

• For Description, you can provide any name for your configuration.
• Provide your domain or IP address for Server Address.
• Provide an account name you created with Workgroup Manager. Looks like John Doe is volunteering for our example.
• For User Authentication, provide John Doe’s password.
• For Machine Authentication, provide the Shared Secret and press OK.
• Press the Connect button to connect to the VPN server.

The Status on the bottom shows you the VPN server’s local IP and the duration of your connection.

• Under the Window drop down menu, select Connection Log. This log will display all of your connections that you make to the VPN server.

Notice that once you connect, you’re assigned a local IP of 192.168.1.144. This is within the range of IP addresses you set on the server earlier. The remote IP address of 192.168.1.100 is the IP of your OS X Server running VPN server along with DNS.

• Open Network Utility in the Utility folder. Notice your local IP address of 192.168.1.144 under the Network Interface Information assigned by the VPN server.

• Now select Network Interface (en0) from the drop-down menu. This shows you the IP address of your machine that was assigned for your home’s local network. The VPN client actually has 2 separate IP addresses bound to it once the tunnel is established.

Now that you’re securely connected to your corporate network, let’s mount the share point called Apple Share Files we created in our previous lesson.

• While you’re at your desktop in the Finder, select Go from the drop-down menu and select “Connect to server…”
• You can connect using the server name or its IP address. Since we have DNS running, we’ll use the server name. Press Connect.

• Log in as John Doe with a password. Press Connect.

• Now you’ll see the list of volumes that you have access to. Select the “Apple Share Files” share point and press OK.

As you can see, VPN tunneling works seamlessly giving you access to resources of your corporate network in a secure environment. With OS X Server’s VPN server, it’s very easy to set up and manage.

Previous | Next

Trackback URI | Comments RSS