1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

VPN on Demand

Discussion in 'Mac OS X Server, Xserve, and Networking' started by lieb39, Jun 4, 2010.

  1. macrumors 6502


    Hello everyone,

    I've searched google for quite a while now and still haven't come up with anything - I'm looking for some sort of guide that explains the 'VPN on Demand' feature and how to implement it. Could anyone point me in the general direction, or explain how to use it?

    If I understand correctly, when a certain domain is being contacted, the VPN on Demand will connect the VPN first?

  2. macrumors 601

    In many non-Apple deployments, that is the way it works. It realizes it needs to establish a VPN first in order to contact those hosts or networks. In situations like these, I usually nail a site-to-site VPN between the two and call it a day.
  3. macrumors member

    It's pretty much what it says. You do configure your VPN the usual way and you tick the "VPN on demand" box. Enter the domain name you would like to become the trigger for the VPN to connect. If you then enter this domain in Safari or you try to ping or ssh to it, the VPN will connect in the background, saving you the hassle of having to connect manually.

    I'm not sure what you want to know about it?

    Apple has a tendency to describe things in their help section as if it was a walk in the park. Sadly, with VPNs that's hardly ever the case. I have several different VPNs configured and most of the time you need to do much more than what Apple claims in their help files. Especially if you want to route only specific IPs while everything else on your mac keeps working and connecting via your normal internet connection.

    Anyway, if you are a bit more specific I may be able to help you further.
  4. macrumors 6502


    Alright, that's the way I thought it would work. Yet, I can't get it to work.

    I've setup a PPTP VPN that works fine when you connect to it - has a saved password and whatnot. It's first in the Service Order to ensure that it's used.
    I've setup the VPN with the configuration 'Australia', and under the VPN on Demand section I have setup the following domains with the following Configurations:

    Domain: abc.net.au Configuration: Australia
    Domain: *.abc.net.au Configuration: Australia
    Domain: .whatismyip.com Configuration: Australia
    Domain: *.whatismyip.com Configuration: Australia

    Yet when going to either domains, no matter how you put them - the VPN won't automatically connect. Have I missed something?


    Attached Files:

  5. macrumors member

    >Have I missed something?

    Yes. Well, no you haven't missed something but it just won't work as far as I can tell from my experience.

    Reason 1:
    If the domain is actually visible without VPN then your on demand feature won't work. Period. In other words you can't get auto connect to work if you can ping abc.net.au via normal network. If you want it to work, you have to play around with your host entries so that the OS thinks it can't get to requested network without VPN. Or add an entry like abc.net.vpn instead of abc.net.au.

    Reason 2:
    You may have IP6 set to auto or enabled. Disable it in both your VPN settings and in the default Ethernet settings.

    Reason 3:
    It's just simply broken. I have disabled this feature because it never really works reliable on my Macbook Pro as I'm constantly moving between networks. Much better to just build the VPN manually and then work away.

    I hope this sheds some light and helps you solve your problem. Main thing is, if the IP is reachable without VPN then you won't get on demand to work without tricks.

    Question: When you connect manually, does it all work fine or do you have some additional problems with the VPN?

    Good luck, mate.

Share This Page