View Full Version : VPN sharing w/ mini server
Mar 16, 2011, 09:23 PM
I recently got a mini running 10.6 OS X server with the intentions of using it to share out a VPN connection with the rest of my home network. It's proving to be a bit more challenging than I anticipated. My plan was to route the connection via ethernet to an airport extreme so that I could share that connection with the rest of the devices on my network. If anyone has any experience with this, any tips or info would be greatly appreciated
Mar 17, 2011, 10:16 AM
I'm not really sure of a way to share out a client-based VPN connection, maybe I'm also not understanding what you're trying to do. Why did you install OS X Server just to share an outbound VPN connection? You can initiate a VPN connection with just about any OS natively.
Normally to share a single VPN connection w/ an entire network you have to use a gateway/router that establishes the VPN tunnel and is responsible for either assigning virtual IPs to all the computers behind it or performing the NAT to route traffic from home network through the VPN tunnel.
Mar 17, 2011, 01:04 PM
Yeah, that's what I was hoping to do was use the mac mini as a gateway. The reason I don't connect every client individually is because I subscribe to a VPN service which only allows one VPN connection at a time. I'm in Germany so I tunnel back to the states so it's like I'm surfing in the states and everything is in English. The only reason I have the server version is it was actually cheaper than buying the mini client and upgrading the h/w so I figured I'd give the server a shot. I'm sure I could have used client version as a gateway as well. The only reason I mentioned I'm running the server is because I might have different options. VPN gateway isn't the only use of the mini in case you're thinking it is overkill.
If there was a way to get airport to accept the wireless connection in and then share the VPN connection out, I'd be all for that but I don't think that's possible. I'm guessing it would be something like setting up a static route to the router via ethernet and then either configuring the router for a DHCP range or setting up static routes through the whole network. But when I started digging in, it looked like I might have to use NAT. I'm not that network savvy so I figured I'd drop a line on here and see if someone had some recommendations for the smart/secure way to go about it before I played with it anymore. The company I subscribe to the VPN service through recommended I get a DD-WRT capable router which will handle the VPN by itself but if I can make it work with my current h/w, I'm not going to buy another router.
Mar 19, 2011, 09:41 AM
I'd go with the DD-WRT method, but having said this, if you can do it on DD-WRT, you might be able to do it on OS X, have you tried applying the DD-WRT instructions on your mac mini server ?
Mar 19, 2011, 09:45 AM
I gotcha ya, that sounds pretty cool. Check this article out:
The first para of the "Sharing Your VPN Connection" reads:
"So now you are connected to your server and your connection is securely being routed thought the VPN (go ahead and try Hulu, I'll wait. I know you want to). But what if you want to use the same VPN in other devices in your network? Sure you can configure Tunnelblick in more than one Mac, but some devices like an iPhone or a XBOX 360 don't have OpenVPN clients. What can you do about that?"
Haven't looked at it thoroughly yet but the description reads like what you want to do...
Mar 19, 2011, 09:52 AM
So....since this is just like what Internet Sharing does in the system prefs I decided to create a VPN connection under Network then go back to Internet Sharing, the VPN connection shows up, so try selecting VPN from the list and share it out over Ethernet or wireless and see what happens I guess...
Mar 19, 2011, 06:01 PM
Thank you for that link. I think you have me on track now. I don't have internet sharing as an option on the server. I know what you're talking about though because I can see it on the MBP. I installed the tunnelblick app from that link you sent me. I got it working on my server fine but I think I need to have my internet connection come across ethernet so that I can free up the airport to act as a wireless router. I'm in a hotel now with no access to the router. I'll be moving into my house in a couple weeks and I have a bridge with my stuff that I'll set up and see if I can get it to work. I think this is exactly what I need though. I appreciate you finding that. I'll post in a couple weeks and let you know how it turns out.
Mar 19, 2011, 08:38 PM
I think you could put the airport extreme as the main gateway for your network, instead of having the mac mini be up front then connect back to the airport extreme (or i just read what you said wrong)
So like: ISP --- Airport Extreme --- Mac Mini
Then just initiate the VPN connection from the mac mini, and you can use the wireless signal from the extreme to connect all your other computers then just be sure to have their default gateway setting in network settings point to the mac mini instead of the airport extreme.
Mar 19, 2011, 10:53 PM
aha, you were right. I thought it wasn't working but it's just not working when tunnelblick is on. So, I'm able to use the VPN on the server. I'm able to connect to the internet from the MBP using the mini as a gateway when tunnelblick is off. But, unfortunately I still can't connect from the MBP when the VPN is running. There seems to be something wrong with the ip forwarding.
It looks like something is going wrong on the last line of the script. I get this:
net.inet.ip.forwarding: 1 -> 1
Instead of this:
net.inet.ip.forwarding: 0 -> 1
I saw where some other people had that problem but I don't think he ever got it sorted out on the thread you sent me.
According to this thread, it may be something with the router:
The network I'm on right now isn't good so maybe when I move in a few weeks, I'll be able to sort it out. Thanks again for your help. This is definitely the right direction. I'll post results as soon as I move