Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 20, 2011, 12:53 PM   #1
mmcxiiad
macrumors regular
 
Join Date: Jul 2002
VPN or something else

I travel a fair amount for work and want to set up a very easy system to log back into my home network. I really want to be able to do four primary things:

1. Remotely access all of the computers on my network. I am currently using Apple Remote Desktop, but it seems that it is a pain to configure ports and settings in both the software and router to connect to more then one computer.

2. Remote file sharing. I know I could open up port 548 in the router and direct it to one computer (or port triggering to acess different computers), but I would really would rather not have open ports for every computer to have file sharing accessible.

3. Route web traffic through home network. Staying in hotels and/or accessing the internet though public access hotspots has always gotten me a bit paranoid. I would really like to be able to securely access the internet while away from home.

4. Connect remote networks. We own a small family company and work from home. Also, a few other family members work for us, and I would really like to connect all the locations to be able to do remote administration and file and print sharing.


Currently I have Verizon FIOS 35/35 so speed isn't an issue. I am using a Apple airport basestation (newest model) as my router. I also just set up Wide Area Bonjour and DNS Service Discovery to dynamically update the local domain name I use at hope with the IP address that I get from verizon.

I am not sure if using a VPN server or something else is the best way to go to make this all happen. I don't mind spending some money to make this happen.

In addition to those four things, I really want something that is easy to set up and maintain and something that will work with my mobile apple devices (macbook, iphone, ipad, etc). Also something that is very reliable.

A nice bonus, but nowhere near a priority, would be the ability to connect to remotely connect to a computer via a web browser. I know I can do this with a logmein solution, but if it was built into some appliance that was doing everything else, that would be better.

Any help or insight on this would be much appreciated
mmcxiiad is offline   0 Reply With Quote
Old Jan 24, 2011, 06:16 AM   #2
sim667
macrumors 6502a
 
Join Date: Dec 2010
Im currently working on something similar. Ive got fileshares available through my vpn to freinds etc..... I'm also using the vpn.

All been done for free...... only major change was changing the firmware on my belkin dir-615...... that may help you..

My issues are
a. Can only connect one client to the VPN at a time
b. VPN does not support bonjour..... (well vpn doesnt support mulitcast which bonjour needs to be more precise). You can access them using the address...... Apparently network beacon should make all this work to replace bonjour, but i cant get it to work.
__________________
Mac Pro, Macbook Pro, G4 Powerbook, iPad 4, iPhone 5, 2X TV, Nikon D200, ACSP Trained - Photography and Mac tech
Music and UK festival Blog
sim667 is offline   0 Reply With Quote
Old Jan 25, 2011, 02:42 PM   #3
L0CKnL0aD7
macrumors newbie
 
Join Date: Jan 2011
A VPN would indeed be the best solution for remotely accessing your home network (in a safe way).
You can use the VPN Server build in with OSX Server ore
Setup a OpenVPN Server on Win/Linux/OSX. (this is a bit harder but you can do it on basically any Computer)
L0CKnL0aD7 is offline   0 Reply With Quote
Old Jan 25, 2011, 03:04 PM   #4
belvdr
macrumors 68040
 
Join Date: Aug 2005
I just bought a Cisco ASA 5505 to solve these issues. It's a firewall and VPN device with an 8 port switch on it.
belvdr is offline   0 Reply With Quote
Old Jan 26, 2011, 03:45 PM   #5
mmcxiiad
Thread Starter
macrumors regular
 
Join Date: Jul 2002
Some great info so far

Quote:
Originally Posted by L0CKnL0aD7 View Post
A VPN would indeed be the best solution for remotely accessing your home network (in a safe way).
You can use the VPN Server build in with OSX Server ore
Setup a OpenVPN Server on Win/Linux/OSX. (this is a bit harder but you can do it on basically any Computer)
I have access to OSX server 10.6, but have always had difficulty setting up the VPN. I always get a can not connect message. I have never found a really good tutorial on setting up the VPN


Quote:
Originally Posted by belvdr View Post
I just bought a Cisco ASA 5505 to solve these issues. It's a firewall and VPN device with an 8 port switch on it.
I really like the idea of an appliance to do vpn, but i worry that this cisco box will have a pretty steep learning curve and (from what I understand) requires a subscription to get software updates. With zero expereince with cisco, I wonder if this is a wise route.... for a router with built in vpn.

I am sure that there are other routers that do VPN that have a much easier learning curve.
mmcxiiad is offline   0 Reply With Quote
Old Jan 27, 2011, 05:08 AM   #6
L0CKnL0aD7
macrumors newbie
 
Join Date: Jan 2011
Quote:
Originally Posted by mmcxiiad View Post
I have access to OSX server 10.6, but have always had difficulty setting up the VPN. I always get a can not connect message. I have never found a really good tutorial on setting up the VPN
If you want I could make a Tutorial, however I only have access to an OSX Server 10.3.9
I kan show you how to setup: 10.3.9 with PPTP & L2PT and OpenVPN.
L0CKnL0aD7 is offline   0 Reply With Quote
Old Jan 27, 2011, 05:20 PM   #7
mmcxiiad
Thread Starter
macrumors regular
 
Join Date: Jul 2002
Quote:
Originally Posted by L0CKnL0aD7 View Post
If you want I could make a Tutorial, however I only have access to an OSX Server 10.3.9
I kan show you how to setup: 10.3.9 with PPTP & L2PT and OpenVPN.
I think that this would be great. I am sure I am not the only one who would benefit from this!
mmcxiiad is offline   0 Reply With Quote
Old Jan 31, 2011, 05:52 AM   #8
sim667
macrumors 6502a
 
Join Date: Dec 2010
Quote:
Originally Posted by mmcxiiad View Post
I think that this would be great. I am sure I am not the only one who would benefit from this!
I've been considering doing one for home users, using standard mac os x 10.6 and ddwrt router firmware.

I've got a pptp vpn working, but can only connect one client at a time........ once ive sorted that ill probably write one.

I also want to know how to only let clients access certain services, i.e. afp share, but use their own internet connection for websurfing whilst still connected to my VPN.
__________________
Mac Pro, Macbook Pro, G4 Powerbook, iPad 4, iPhone 5, 2X TV, Nikon D200, ACSP Trained - Photography and Mac tech
Music and UK festival Blog
sim667 is offline   0 Reply With Quote
Old Jan 31, 2011, 07:15 AM   #9
gdc
macrumors member
 
Join Date: Aug 2009
Quote:
Originally Posted by sim667 View Post
I also want to know how to only let clients access certain services, i.e. afp share, but use their own internet connection for websurfing whilst still connected to my VPN.
This is something I am interested in - establishing a VPN link to my home network to surf out through, rather than directly via an unsecure network when on the road.

Any details would be much appreciated, either software or hardware based solutions. I have considered a device like a Cisco ASA 5505 but have not had the chance to investigate how it would work yet.
gdc is offline   0 Reply With Quote
Old Jan 31, 2011, 07:21 AM   #10
gdc
macrumors member
 
Join Date: Aug 2009
Quote:
Originally Posted by belvdr View Post
I just bought a Cisco ASA 5505 to solve these issues. It's a firewall and VPN device with an 8 port switch on it.
Does this allow you to browse out from your home network via a remote vpn connection when on the road without having to use a client located behind your 5505? Or do you need, say, an iMac powered on at home to screenshare with etc.
gdc is offline   0 Reply With Quote
Old Jan 31, 2011, 11:31 AM   #11
belvdr
macrumors 68040
 
Join Date: Aug 2005
I use split tunneling, which only encrypts traffic I want to encrypt to my home network. All other traffic goes out my normal Internet connection. I can certainly change this to full tunneling and have all traffic come through my ASA.

People tend to think that VPNs always forward all traffic from your machine to the remote network. In very few situations is that the case.
belvdr is offline   0 Reply With Quote
Old Jan 31, 2011, 05:17 PM   #12
gdc
macrumors member
 
Join Date: Aug 2009
Quote:
Originally Posted by belvdr View Post
I use split tunneling, which only encrypts traffic I want to encrypt to my home network. All other traffic goes out my normal Internet connection. I can certainly change this to full tunneling and have all traffic come through my ASA.

People tend to think that VPNs always forward all traffic from your machine to the remote network. In very few situations is that the case.
Thanks. I'm only just getting into this and need to do some more reading. I had appreciated that in most cases VPNs don't route all traffic to the remote network, eg a VPN tunnel to a remote server only catches traffic to that server, not other general browsing.

What I haven't grasped yet is how split tunneling works, so I can do online banking via the VPN connection home, and generally browse just via the 'unsecure' network.

I assume then that your 5505 can route out direct from your remote device, and you do not screenshare to a machine behind it for secure browsing?

Thanks for taking the time to reply - much appreciated.
gdc is offline   0 Reply With Quote
Old Jan 31, 2011, 06:20 PM   #13
tivoboy
macrumors 68000
 
Join Date: May 2005
internet connection sharing

I've setup a nice VPN on my mac, 256k encryption, cheap too. Has been working great. What I have noticed though, is that if I am SHARING MY INTERNET connection via Ethernet (so my primary internet connection is WIFI), that ETHERNET connection loses any connectivity WHEN the VPN is running. Is that just the way things are, or is there some way to get ICS to work through the VPN as well?
tivoboy is offline   0 Reply With Quote
Old Jan 31, 2011, 06:29 PM   #14
belvdr
macrumors 68040
 
Join Date: Aug 2005
Quote:
Originally Posted by gdc View Post
What I haven't grasped yet is how split tunneling works, so I can do online banking via the VPN connection home, and generally browse just via the 'unsecure' network.

I assume then that your 5505 can route out direct from your remote device, and you do not screenshare to a machine behind it for secure browsing?

Thanks for taking the time to reply - much appreciated.
It's doing it all via IP routing. When you connect to a VPN, you are usually assigned an IP address from the remote side. Then for the IPs that are to be traversed over the VPN, a route for each subnet or IP is added to the system, pointing to your assigned VPN IP.

Quote:
Originally Posted by tivoboy View Post
I've setup a nice VPN on my mac, 256k encryption, cheap too. Has been working great. What I have noticed though, is that if I am SHARING MY INTERNET connection via Ethernet (so my primary internet connection is WIFI), that ETHERNET connection loses any connectivity WHEN the VPN is running. Is that just the way things are, or is there some way to get ICS to work through the VPN as well?
I have heard of this, but never researched a solution. It sounds as if the VPN in question is doing full tunneling.
belvdr is offline   0 Reply With Quote
Old Jan 31, 2011, 09:11 PM   #15
talmy
macrumors 68040
 
talmy's Avatar
 
Join Date: Oct 2009
Location: Oregon
I've been running a Mac mini with Snow Leopard Server for nearly a year now and have been using VPN. Traffic on my remote Mac can be routed either all through the VPN tunnel or just traffic to my LAN, so it can be used for 100% secure browsing. It does support more than one remote system tunneling at the same time. As mentioned, Bonjour services don't go through, however I've tried ShareTool, and it will allow remote Bonjour access.
__________________
27" i7 iMac, 15" MacBook Pro, Mac mini with Mavericks Server, 5 other Macs and an Apple TV.
talmy is offline   0 Reply With Quote
Old Feb 3, 2011, 10:14 AM   #16
sim667
macrumors 6502a
 
Join Date: Dec 2010
Quote:
Originally Posted by talmy View Post
I've been running a Mac mini with Snow Leopard Server for nearly a year now and have been using VPN. Traffic on my remote Mac can be routed either all through the VPN tunnel or just traffic to my LAN, so it can be used for 100% secure browsing. It does support more than one remote system tunneling at the same time. As mentioned, Bonjour services don't go through, however I've tried ShareTool, and it will allow remote Bonjour access.
Is the splitting the local network traffic and the internet traffic something that is done on the client or the server? I have vpn's set up on freinds macs so we can remotely fileshare, however when they're connected it funnels all data through my vpn..... luckily they dont use it that often.

Unfortunately im not using snow leopard server, just snow leopard.
__________________
Mac Pro, Macbook Pro, G4 Powerbook, iPad 4, iPhone 5, 2X TV, Nikon D200, ACSP Trained - Photography and Mac tech
Music and UK festival Blog
sim667 is offline   0 Reply With Quote
Old Feb 3, 2011, 10:23 AM   #17
sim667
macrumors 6502a
 
Join Date: Dec 2010
Quote:
Originally Posted by gdc View Post
This is something I am interested in - establishing a VPN link to my home network to surf out through, rather than directly via an unsecure network when on the road.

Any details would be much appreciated, either software or hardware based solutions. I have considered a device like a Cisco ASA 5505 but have not had the chance to investigate how it would work yet.
I use a router provided by my isp, and got fed up with how slow it was running, so i took their firmware off and put DDWRT on. DDWRT is a free 3rd party firmware for routers, and I must say its excellent, although there's a lot of options you find in there that you wouldnt find on standard firmware so can be confusing at first.

I've enabled the PPTP VPN server on the DDWRT firmware, and because in the UK we generally have dynamic ip's, i needed to assign a DNS to the router. So i've signed up for a free dyndns account, and luckily there's a built in DNS updater on the DDWRT firmware, so none of the DNS or the VPN runs from my macs, making it easier to administrate (sign on to vpn, use router web interface, DDWRT allows changes to settings to be made without rebooting the router).

I never have issues with the VPN or the DNS. The only thing i do sometimes have issues with is the VNC server running on my mac, and the sharing account access, also on my mac. But i think its because sometimes the WOL doesnt work properly...... I need to work out what the deal is with that.
__________________
Mac Pro, Macbook Pro, G4 Powerbook, iPad 4, iPhone 5, 2X TV, Nikon D200, ACSP Trained - Photography and Mac tech
Music and UK festival Blog
sim667 is offline   0 Reply With Quote
Old Feb 3, 2011, 11:07 AM   #18
talmy
macrumors 68040
 
talmy's Avatar
 
Join Date: Oct 2009
Location: Oregon
Quote:
Originally Posted by sim667 View Post
Is the splitting the local network traffic and the internet traffic something that is done on the client or the server?
On Client:
System Preferences-->Network-->VPN-->Advanced-->Options-->Send All Traffic over VPN connection.
__________________
27" i7 iMac, 15" MacBook Pro, Mac mini with Mavericks Server, 5 other Macs and an Apple TV.
talmy is offline   0 Reply With Quote
Old Feb 8, 2011, 06:04 AM   #19
sim667
macrumors 6502a
 
Join Date: Dec 2010
Quote:
Originally Posted by talmy View Post
On Client:
System Preferences-->Network-->VPN-->Advanced-->Options-->Send All Traffic over VPN connection.
So disabling that would make the clients only use the VPN for network data, and their web data would just go through their own local networks yeah?
__________________
Mac Pro, Macbook Pro, G4 Powerbook, iPad 4, iPhone 5, 2X TV, Nikon D200, ACSP Trained - Photography and Mac tech
Music and UK festival Blog
sim667 is offline   0 Reply With Quote
Old Feb 8, 2011, 07:25 AM   #20
belvdr
macrumors 68040
 
Join Date: Aug 2005
It would also depend on the VPN server configuration. If the VPN server is configured for full tunneling, unchecking that option will have no effect.
belvdr is offline   0 Reply With Quote
Old Feb 9, 2011, 09:15 AM   #21
talmy
macrumors 68040
 
talmy's Avatar
 
Join Date: Oct 2009
Location: Oregon
Quote:
Originally Posted by belvdr View Post
It would also depend on the VPN server configuration. If the VPN server is configured for full tunneling, unchecking that option will have no effect.
Interesting. I just checked this out and it is true, but it doesn't make sense. If the server isn't configured for full tunneling then there is no way to get it. If it is configured for full tunneling (as mine is) then the check box in the client indeed has no effect. ???
__________________
27" i7 iMac, 15" MacBook Pro, Mac mini with Mavericks Server, 5 other Macs and an Apple TV.
talmy is offline   0 Reply With Quote
Old Feb 9, 2011, 05:26 PM   #22
belvdr
macrumors 68040
 
Join Date: Aug 2005
Quote:
Originally Posted by talmy View Post
Interesting. I just checked this out and it is true, but it doesn't make sense. If the server isn't configured for full tunneling then there is no way to get it. If it is configured for full tunneling (as mine is) then the check box in the client indeed has no effect. ???
It makes sense. Why would anyone leave the VPN administration/configuration up to the user(s)? If the VPN administrators do not want the overhead of all traffic coming in, then disallow it. If they want to filter it, then you enable it.
belvdr is offline   0 Reply With Quote
Old Feb 9, 2011, 05:53 PM   #23
mmcxiiad
Thread Starter
macrumors regular
 
Join Date: Jul 2002
Quote:
Originally Posted by belvdr View Post
It makes sense. Why would anyone leave the VPN administration/configuration up to the user(s)? If the VPN administrators do not want the overhead of all traffic coming in, then disallow it. If they want to filter it, then you enable it.

One reason you may leave it up to the user, would depend on where you are VPN'ing from. For example, if you are at home and need to get into work all your http traffic may not need to be routed through them. This would also speed things up for the user. But if you are at a hotel or a open network, you may want the user to route all their traffic through the VPN for security.
mmcxiiad is offline   0 Reply With Quote
Old Feb 10, 2011, 06:34 AM   #24
belvdr
macrumors 68040
 
Join Date: Aug 2005
Quote:
Originally Posted by mmcxiiad View Post
One reason you may leave it up to the user, would depend on where you are VPN'ing from. For example, if you are at home and need to get into work all your http traffic may not need to be routed through them. This would also speed things up for the user. But if you are at a hotel or a open network, you may want the user to route all their traffic through the VPN for security.
What's the additional security (from the company's standpoint) of encrypting the users' traffic to their personal mail account, whether at a hotel or at home? Unless you require full tunneling (for web filtering and such), then split tunneling is fine as you're encrypting the data the business deems important.

A poor security policy would allow the users to dictate what to encrypt. You lose control over how much WAN traffic you'll see and how much load you'll generate on your VPN device.
belvdr is offline   0 Reply With Quote
Old Feb 10, 2011, 09:01 AM   #25
sim667
macrumors 6502a
 
Join Date: Dec 2010
Also if all traffic is tunnelled through the VPN, and you have many users doing ot, then it may cause bandwidth issues.

This is why i want a split tunnel on mine, in case my clients (freinds) forget to disconnect from my VPN and use my bandwidth allowance up quickly.
__________________
Mac Pro, Macbook Pro, G4 Powerbook, iPad 4, iPhone 5, 2X TV, Nikon D200, ACSP Trained - Photography and Mac tech
Music and UK festival Blog
sim667 is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
Opinions on monitor, Asus or Dell? Or something else? SamIchi Buying Tips and Advice 8 May 26, 2009 11:35 PM
Caldigit or G-safe..or something else? Spikeanator6982 Buying Tips and Advice 1 Sep 27, 2007 09:31 PM
Input needed. Trying to convert VHS. Buy old Camcorder or ADVC110 or something else? looking4anotebo Digital Video 9 Jul 17, 2007 10:42 AM
Has anyone got chance to run Xbench or something else on the new iMac or/and Macbook? ug.mac Mac Pro 3 Jan 10, 2006 09:09 PM
What should I get from Apple? White or black nano? Or something else? Help! mariahlullaby Buying Tips and Advice 9 Dec 26, 2005 08:55 PM


All times are GMT -5. The time now is 06:37 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC