Mountain Lion Server VPN for home use

Discussion in 'Mac OS X Server, Xserve, and Networking' started by irishv, Feb 4, 2013.

  1. macrumors regular

    Joined:
    Oct 27, 2008
    #1
    Can someone help me through the process of setting up a VPN for external access? I currently have a Mac mini serving as an HTPC. I have my own domain with a subdomain pointed to my home IP. My router has a few select ports open, which it forwards traffic to the mini (VNC, SSH, etc). My goal is to close all of that out and just have a VPN connection to get into the network.

    I just purchased the mountain lion server app. While I plan to play with some other features (wiki server, profile manager, calendar server), the main goal is VPN so I can securely VNC into the box. I ran the setup and configured the server as private. I turned on the VPN service and was able to connect my iphone to it on the local network. What steps are needed now to connect remotely? Are there specific ports I need to forward from the router? I would assume there are different connection settings I need to make on the client devices as well.
     
  2. switon, Feb 4, 2013
    Last edited: Feb 5, 2013

    macrumors 6502a

    Joined:
    Sep 10, 2012
    #2
    RE: VPN ports...

    Hi irishv,

    Depending upon what flavor of VPN you wish to use determines exactly what ports you need to forward through your router. If you are using an Apple router, then the VPN setup should open the appropriate ports for you. If not, then you need to open and forward UDP 1701 for L2TP or TCP 1723 for PPTP, TCP and UDP 3283, 5900 for Remote Management, UDP 4500 if using L2TP IKE NAT, and UDP 500 if using L2TP ISAKMP/IKE. Basically, I'd start with forwarding 1723 if using PPTP or 500, 1701, 4500 if using L2TP. Then you might add 3283 and 5900 if VPN didn't initially work.

    Also make sure your firewall is not blocking VPN connections.

    Regards,
    Switon

    P.S. By the way, you can't use both VPN and Back to My Mac at the same time, as they conflict on their use of ports.
     
  3. macrumors regular

    Joined:
    Mar 27, 2005
    #3
    Sorry to hijack, but what about using ARD? Does that interfere? If so, I would have to use the VPN to use ARD over VPN, rather than just connect over the internet?
     
  4. macrumors 6502a

    Joined:
    Sep 10, 2012
    #4
    RE: ARD and ...

    Hi mus0r,

    ARD uses some of the same ports as VPN (plus others) and thus will potentially also conflict with the wide-area bonjour (wide-area zeroconf or mDNS-like) that Back to My Mac uses. Since I don't use ARD myself, I can't give any specific examples of this possible conflict (an ARD specialist or the ARD documentation may answer this question). But since ARD is Apple's administration tool, they may have taken special steps for it not to conflict. On the other hand, as you suggest you could VPN to your local network and then ARD or VNC (Screen Share) or even run the Server.app from there.

    Good luck,
    Switon
     
  5. macrumors regular

    Joined:
    Mar 27, 2005
    #5
    Thanks for the reply! There seems to be no conflict with BTMM and ARD, specifically. As a matter of fact, I will often use the Bonjour network scan to find my computer being shared via Apple's BTMM wide-area service. It shows in the scan as an absurdly long MAC address, rather than an IP. Works just fine. I just sometimes want to use either ARD or VPN, but it seems I can't do both. That seems to be due to the conflict you mention earlier. I will have to stop BTMM on my Mini, turn VPN on and use ARD that way.

    Thanks!
     
  6. thread starter macrumors regular

    Joined:
    Oct 27, 2008
    #6
    Thanks for the response. I am using a Time Capsule and set the server to manage it, so I assume that should take care of the port forwarding requirements. I was planning to use L2TP. From an external access perspective, I should be able to just forward my domain to my home IP and then use that address when setting up the client (in this case, my iphone).
     
  7. macrumors 6502a

    Joined:
    Sep 10, 2012
    #7
    Your TC and the Server.app...

    Hi irishv,

    Yes, the Server.app will automatically configure your TC to allow VPN through it to your server. The Server.app actually asks if it should do this, and you just answer yes and it will configure your TC for Internet access to your LAN.

    Regards,
    Switon

    ----------

    Thanks mus0r for the information. I'm glad that Apple designed ARD so that it didn't conflict with their BTMM service.

    Switon
     
  8. thread starter macrumors regular

    Joined:
    Oct 27, 2008
    #8
     

Share This Page