PDA

View Full Version : Mac OSX Server & SnapGear VPN




theNodge
Mar 7, 2010, 04:09 AM
I am pretty new to setting up a VPN. One of my sites has a Mac OSX 10.5 Server and a SnappGear 560 Firewall. I am wondering how I should set this up. My client wants access to the server, obviously via VPN, from his home PC. I realise I need to get traffic to the Server. I have setup the requirements on the Server, but I dont seem to be able to get traffic to the box. Should I be creating direct packet filtering rules to get the packets straight to the Server, or should I be using the VPN options on the SnapGear, like PPTP VPN Client, PPTP VPN Server, L2TP VPN Client, L2TP VPN Server, IPSEc and Port tunnels.

I would appreciate any assistance anyone can offer, of where to start and get this resolved asap. Thanks in advance.
theNodge



calderone
Mar 7, 2010, 08:52 AM
What you should do depends on your needs and what you want.

Configure the SnapGear to allow VPN traffic to the server if you want the Server to handle VPN.

It sounds like the SnapGear has VPN built in, if you want it to handle VPN then configure its' VPN server.

belvdr
Mar 7, 2010, 06:07 PM
What you should do depends on your needs and what you want.

Configure the SnapGear to allow VPN traffic to the server if you want the Server to handle VPN.

It sounds like the SnapGear has VPN built in, if you want it to handle VPN then configure its' VPN server.

QFT. If you do setup VPN, do not use PPTP. It's insecure.

theNodge
Mar 8, 2010, 12:15 AM
Ok. So that leaves me with L2TP.

If I use the SnapGear I have 2 screens, or I should say 2 option sets for utilsiing the L2TP VPN Server Setup. I am a little confused about using the SnapGear to do this. I realise that if this works, I only get to the SnapGear and not to the server. How do I get to the server, using the ''Connect to Server" option via IP??? and then, how does this work in relation to authenication? I only need specific folder access.

I would have thought that going straight to the Mac Server might have been easier, just utilising the normal Kerberos authenication.

SnapGear Attachments enclosed.

I would love you guys thoughts on the matter.

thanks.

belvdr
Mar 8, 2010, 07:52 AM
From what I'm seeing, you need to:

On L2TP Server tab:

1. Enable the L2TP Server
2. Enter the Mac's IP in the "IP addresses to give to remote hosts" field
3. Select MS-CHAP v2
4. Select 128-bit encryption
5. Submit

On L2TP IPsec Configuration tab:

1. Select Preshared Secret Tunnel and click New.
2. Enter a preshared secret (i.e. a password so make it secure)
3. Submit.

Then you should be able to launch a L2TP tunnel from a remote system.

theNodge
Mar 9, 2010, 03:17 AM
Will this work from both a Mac and a PC? , and what about the connectivity to the Mac Server?, is that via IP as mentioned, and how does the authentication come into it, from the Server point of view?

theNodge
Mar 9, 2010, 03:23 AM
Additionally, when I create the VPN connection off-site, I get asked a username and password. What is this related to? as we have nothing to do with the Server yet?

theNodge
Mar 9, 2010, 03:27 AM
Honestly, I would prefer it to go directly to the Mac Server, instead of hoping throught the SnapGear, which just makes it more complicated. I would really like help with that, if that is ok? thanks

theNodge
Mar 9, 2010, 03:44 AM
I also added all your settings listed and tried to get to the unit, but it keeps giving me a Error 789. the LT2P connection attempt failed because the security layer encoutered a processing problem during initial negoiations with the remote computer. I think it will be much easier to pypass this dont you think? I dont want to mix Mac and PC stuff...jsut too hard. thanks.