Go Back   MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 4, 2013, 09:00 AM   #1
irishv
macrumors member
 
Join Date: Oct 2008
Mountain Lion Server VPN for home use

Can someone help me through the process of setting up a VPN for external access? I currently have a Mac mini serving as an HTPC. I have my own domain with a subdomain pointed to my home IP. My router has a few select ports open, which it forwards traffic to the mini (VNC, SSH, etc). My goal is to close all of that out and just have a VPN connection to get into the network.

I just purchased the mountain lion server app. While I plan to play with some other features (wiki server, profile manager, calendar server), the main goal is VPN so I can securely VNC into the box. I ran the setup and configured the server as private. I turned on the VPN service and was able to connect my iphone to it on the local network. What steps are needed now to connect remotely? Are there specific ports I need to forward from the router? I would assume there are different connection settings I need to make on the client devices as well.
__________________
Aluminium MacBook, iPhone 5, iPad Air, iPad mini, AppleTV, AppleTV 3, Unibody Mac Mini, Apple Cinema Display, Time Capsule 1TB
irishv is offline   0 Reply With Quote
Old Feb 4, 2013, 09:54 PM   #2
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: VPN ports...

Quote:
Originally Posted by irishv View Post
Can someone help me through the process of setting up a VPN for external access? I currently have a Mac mini serving as an HTPC. I have my own domain with a subdomain pointed to my home IP. My router has a few select ports open, which it forwards traffic to the mini (VNC, SSH, etc). My goal is to close all of that out and just have a VPN connection to get into the network.

I just purchased the mountain lion server app. While I plan to play with some other features (wiki server, profile manager, calendar server), the main goal is VPN so I can securely VNC into the box. I ran the setup and configured the server as private. I turned on the VPN service and was able to connect my iphone to it on the local network. What steps are needed now to connect remotely? Are there specific ports I need to forward from the router? I would assume there are different connection settings I need to make on the client devices as well.
Hi irishv,

Depending upon what flavor of VPN you wish to use determines exactly what ports you need to forward through your router. If you are using an Apple router, then the VPN setup should open the appropriate ports for you. If not, then you need to open and forward UDP 1701 for L2TP or TCP 1723 for PPTP, TCP and UDP 3283, 5900 for Remote Management, UDP 4500 if using L2TP IKE NAT, and UDP 500 if using L2TP ISAKMP/IKE. Basically, I'd start with forwarding 1723 if using PPTP or 500, 1701, 4500 if using L2TP. Then you might add 3283 and 5900 if VPN didn't initially work.

Also make sure your firewall is not blocking VPN connections.

Regards,
Switon

P.S. By the way, you can't use both VPN and Back to My Mac at the same time, as they conflict on their use of ports.

Last edited by switon; Feb 5, 2013 at 06:39 AM. Reason: Added P.S.
switon is offline   0 Reply With Quote
Old Feb 5, 2013, 08:11 AM   #3
mus0r
macrumors regular
 
Join Date: Mar 2005
Quote:
Originally Posted by switon View Post
P.S. By the way, you can't use both VPN and Back to My Mac at the same time, as they conflict on their use of ports.
Sorry to hijack, but what about using ARD? Does that interfere? If so, I would have to use the VPN to use ARD over VPN, rather than just connect over the internet?
__________________
2012 Mini with Fusion drive
2012 MacBook Pro
120GB iPod Classic
mus0r is offline   0 Reply With Quote
Old Feb 5, 2013, 10:07 AM   #4
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: ARD and ...

Quote:
Originally Posted by mus0r View Post
Sorry to hijack, but what about using ARD? Does that interfere? If so, I would have to use the VPN to use ARD over VPN, rather than just connect over the internet?
Hi mus0r,

ARD uses some of the same ports as VPN (plus others) and thus will potentially also conflict with the wide-area bonjour (wide-area zeroconf or mDNS-like) that Back to My Mac uses. Since I don't use ARD myself, I can't give any specific examples of this possible conflict (an ARD specialist or the ARD documentation may answer this question). But since ARD is Apple's administration tool, they may have taken special steps for it not to conflict. On the other hand, as you suggest you could VPN to your local network and then ARD or VNC (Screen Share) or even run the Server.app from there.

Good luck,
Switon
switon is offline   0 Reply With Quote
Old Feb 5, 2013, 10:11 AM   #5
mus0r
macrumors regular
 
Join Date: Mar 2005
Quote:
Originally Posted by switon View Post
Hi mus0r,

ARD uses some of the same ports as VPN (plus others) and thus will potentially also conflict with the wide-area bonjour (wide-area zeroconf or mDNS-like) that Back to My Mac uses. Since I don't use ARD myself, I can't give any specific examples of this possible conflict (an ARD specialist or the ARD documentation may answer this question). But since ARD is Apple's administration tool, they may have taken special steps for it not to conflict. On the other hand, as you suggest you could VPN to your local network and then ARD or VNC (Screen Share) or even run the Server.app from there.

Good luck,
Switon
Thanks for the reply! There seems to be no conflict with BTMM and ARD, specifically. As a matter of fact, I will often use the Bonjour network scan to find my computer being shared via Apple's BTMM wide-area service. It shows in the scan as an absurdly long MAC address, rather than an IP. Works just fine. I just sometimes want to use either ARD or VPN, but it seems I can't do both. That seems to be due to the conflict you mention earlier. I will have to stop BTMM on my Mini, turn VPN on and use ARD that way.

Thanks!
__________________
2012 Mini with Fusion drive
2012 MacBook Pro
120GB iPod Classic
mus0r is offline   0 Reply With Quote
Old Feb 5, 2013, 10:18 AM   #6
irishv
Thread Starter
macrumors member
 
Join Date: Oct 2008
Quote:
Originally Posted by switon View Post
Hi irishv,

Depending upon what flavor of VPN you wish to use determines exactly what ports you need to forward through your router. If you are using an Apple router, then the VPN setup should open the appropriate ports for you. If not, then you need to open and forward UDP 1701 for L2TP or TCP 1723 for PPTP, TCP and UDP 3283, 5900 for Remote Management, UDP 4500 if using L2TP IKE NAT, and UDP 500 if using L2TP ISAKMP/IKE. Basically, I'd start with forwarding 1723 if using PPTP or 500, 1701, 4500 if using L2TP. Then you might add 3283 and 5900 if VPN didn't initially work.

Also make sure your firewall is not blocking VPN connections.

Regards,
Switon

P.S. By the way, you can't use both VPN and Back to My Mac at the same time, as they conflict on their use of ports.
Thanks for the response. I am using a Time Capsule and set the server to manage it, so I assume that should take care of the port forwarding requirements. I was planning to use L2TP. From an external access perspective, I should be able to just forward my domain to my home IP and then use that address when setting up the client (in this case, my iphone).
__________________
Aluminium MacBook, iPhone 5, iPad Air, iPad mini, AppleTV, AppleTV 3, Unibody Mac Mini, Apple Cinema Display, Time Capsule 1TB
irishv is offline   0 Reply With Quote
Old Feb 5, 2013, 10:28 AM   #7
switon
macrumors 6502a
 
Join Date: Sep 2012
Your TC and the Server.app...

Quote:
Originally Posted by irishv View Post
Thanks for the response. I am using a Time Capsule and set the server to manage it, so I assume that should take care of the port forwarding requirements. I was planning to use L2TP. From an external access perspective, I should be able to just forward my domain to my home IP and then use that address when setting up the client (in this case, my iphone).
Hi irishv,

Yes, the Server.app will automatically configure your TC to allow VPN through it to your server. The Server.app actually asks if it should do this, and you just answer yes and it will configure your TC for Internet access to your LAN.

Regards,
Switon

----------

Quote:
Originally Posted by mus0r View Post
Thanks for the reply! There seems to be no conflict with BTMM and ARD, specifically. As a matter of fact, I will often use the Bonjour network scan to find my computer being shared via Apple's BTMM wide-area service. It shows in the scan as an absurdly long MAC address, rather than an IP. Works just fine. I just sometimes want to use either ARD or VPN, but it seems I can't do both. That seems to be due to the conflict you mention earlier. I will have to stop BTMM on my Mini, turn VPN on and use ARD that way.

Thanks!
Thanks mus0r for the information. I'm glad that Apple designed ARD so that it didn't conflict with their BTMM service.

Switon
switon is offline   0 Reply With Quote
Old Feb 5, 2013, 10:59 AM   #8
irishv
Thread Starter
macrumors member
 
Join Date: Oct 2008
[QUOTE=switon;16790479]Hi irishv,

Yes, the Server.app will automatically configure your TC to allow VPN through it to your server. The Server.app actually asks if it should do this, and you just answer yes and it will configure your TC for Internet access to your LAN.

Regards,
Switon[COLOR="#808080"]


Looks like my issue was at the domain level. Configuring my client to connect via the IP address seems to work fine. The issue seems to be with how my sub-domain redirects to that IP. Thanks for the help.
__________________
Aluminium MacBook, iPhone 5, iPad Air, iPad mini, AppleTV, AppleTV 3, Unibody Mac Mini, Apple Cinema Display, Time Capsule 1TB
irishv is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > Mac OS X Server, Xserve, and Networking

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Share VPN connection with Mountain Lion Server velvia Mac OS X Server, Xserve, and Networking 0 Nov 30, 2013 02:54 AM
Cisco VPN on 10.8 Mountain Lion Ripmax2000 OS X 10.8 Mountain Lion 14 Mar 16, 2013 02:53 PM
Mountain Lion Server-VPN Status dazey Mac OS X Server, Xserve, and Networking 3 Nov 2, 2012 04:28 AM
VPN Between Mountain Lion Server VPN Server and Native Mac Client - What's Missing??? 19austin85 Mac OS X Server, Xserve, and Networking 24 Sep 12, 2012 05:52 PM
Mountain lion server - portable home directory - iphoto Cuckoo Mac OS X Server, Xserve, and Networking 8 Aug 5, 2012 01:23 PM

Forum Jump

All times are GMT -5. The time now is 12:36 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC