DHCP, NAT and VPN

Discussion in 'Mac OS X Server, Xserve, and Networking' started by varsis, Aug 26, 2014.

  1. varsis macrumors regular

    Joined:
    Nov 30, 2005
    #1
    Ok here is the deal, I have a Apple TV and some other devices that I would like to run through a vpn.

    My Current setup desktop --LAN-- AirPortExtreme --WAN-- MODEM
    The rest is running on wifi, and my desktop does not have a wifi card, otherwise i would just use internet sharing.

    Is it possible to setup DHCP and NAT to the desktop (192.168.0.201-254 for example) and leave .2-200 for the router. For the rerouted dhcp stuff, it would then use the VPN my desktop is connected to. If this is not possible I will stop, if it is how do i set this up? I tried a few setups but have not been able to get it working yet. :cool:
     
  2. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #2

    You can change the range of IP addresses in AirPort Utility.
     
  3. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #3
    I tried that, I was able to sometimes connect to the DHCP server. I think I may of had the setting incorrect.

    I followed this guide: http://support.apple.com/kb/HT200188?viewlocale=en_US

    The DHCP server was setup using 192.168.0.2 as the router (The desktop), and using range 201-254. However I was unable to turn the NAT network on.

    I assume these rules should be 192.168.0.0?
    Code:
    nat on en0 from 10.0.0.0/24 to any -> (en0)
        pass from {lo0, 10.0.0.0/24} to any keep state
    Do I also need to run a DNS server to use the local connection the desktop has? I did manage to connect, but I could only access the local network.
     
  4. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #4

    So were you having an issue getting an IP to your desktop?
     
  5. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #5
    I can connect to the server, but I cannot use the servers internet. I can only access local ips. No external ips.
     
  6. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #6

    So you have it going modem --> AirPort --> Server (out of IP range)?
     
  7. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #7
    I think so. To clarify the server is behind the router and so are the other clients, trying to route local through the connection the server has which is a vpn.
     
  8. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #8

    Does the server maintain a static connection to the web by setting it up at like 192.168.1.201?
     
  9. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #9
    I would assume no since the router is providing the server access to the web. Do I need multiple Ethernet connections to do this?
     
  10. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #10

    No you should be fine with one. Can you access the internet on the server?
     
  11. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #11
    Yes, no problem with connections. Maybe my setup is not correct? I'm not much of a network guru.
     
  12. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #12
    This is my nat setup I'm not sure this is correct.
    Code:
    nat on en0 from 192.168.0.0/24 to any -> (en0)
        pass from {lo0, 192.168.0.0/24} to any keep state
    attached is the DHCP settings.
     

    Attached Files:

  13. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #13
    Seems this stuff above is giving a syntax error...
     
  14. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #14
    fixed the syntax error, retyped it out in vim and all is well there. but I still have no access to the internet.
     
  15. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #15
    Have you tried putting the server in the AirPort's DHCP range and reserving the IP for it? You could put it at 192.168.1.199 and have the range go 192.168.1.200-240.
     
  16. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #16

    tried that no go.
     
  17. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #17
    So clients on the network in the AirPort's DHCP range can access the internet. When you connect them through the server they lose access?
     
  18. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #18
    that is correct. But they still can access local ips.
     
  19. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #19
    It sounds like you some how have a firewall or NAT blocking it since I don't see an obvious issue with the configuration.
     
  20. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #20
    So found the problem as soon as a vpn connection is on it's no longer able to route correctly so I need to do a redirect Through the vpn, I will try again tomorrow.
     
  21. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #21
    Keep us posted!
     
  22. varsis thread starter macrumors regular

    Joined:
    Nov 30, 2005
    #22
    well tried changing the through to tun0 (interface used by tunnelblick) and It is a no go. I am unable to get this working correctly.

    Any ideas?
     
  23. Altemose macrumors G3

    Altemose

    Joined:
    Mar 26, 2013
    Location:
    Elkton, Maryland
    #23
    This has me scratching my head too. I don't know what I don't know! It is kind of hard to offer help since I am not right there working on your server. Perhaps someone else has some ideas?
     

Share This Page