Wednesday, October 13, 2004
Using VPN Server on Mac OS X 10.3
OS X server ships with a solid little vpn server (PPTP and L2tp). It works great with both Mac OS X clients and the built in Windows VPN client. I've found it to be more reliable that the windows vpn server (surprise) and much easier to deal with than poptop on Linux. On the IPSEC side, its built on the KAME project so racoon, et all are right where you would expect them.
Oddly enough, apple included the same vpn server on the client version of 10.3. (/usr/sbin/vpnd). The didn't, however, include the interface to configure it. So here's the skinny:
Edit /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist and fill in your dns servers, your servers ip and the ips you want to give to out to the clients.
Then edit /etc/ppp/chap-secrets. The file should look something like:
username * password *
When you are done, you need to double check the permission of that file:
chmod 600 /etc/ppp/chap-secrets
To start the vpn server just type vpnd -i serverid (where serverid matches what you used in the plist file). To get it to start automagically at boot add VPNSERVER=-YES- to /etc/hostconfig
For more docs type man vpnd. Also see the kame website for help with ipsec. Also try this discussion on macosxhints for more troubleshooting tips.
Last but not least, look at the log files. On the server side look in /var/log/system.log, /var/log/secure.log and /var/log/ppp/vpnd.log If you are connecting from a Mac OS X client take a look at /tmp/ppp.log.
Oddly enough, apple included the same vpn server on the client version of 10.3. (/usr/sbin/vpnd). The didn't, however, include the interface to configure it. So here's the skinny:
Edit /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist and fill in your dns servers, your servers ip and the ips you want to give to out to the clients.
Then edit /etc/ppp/chap-secrets. The file should look something like:
username * password *
When you are done, you need to double check the permission of that file:
chmod 600 /etc/ppp/chap-secrets
To start the vpn server just type vpnd -i serverid (where serverid matches what you used in the plist file). To get it to start automagically at boot add VPNSERVER=-YES- to /etc/hostconfig
For more docs type man vpnd. Also see the kame website for help with ipsec. Also try this discussion on macosxhints for more troubleshooting tips.
Last but not least, look at the log files. On the server side look in /var/log/system.log, /var/log/secure.log and /var/log/ppp/vpnd.log If you are connecting from a Mac OS X client take a look at /tmp/ppp.log.
