VPN and File sharing

cavi · Aug 5, 2016

Hello everyone,

I want to enable file sharing for users on my local network. In case that someone wants to connect from his/her home (or any other location which is not the office (i.e. the office network)he/she will must use VPN. The thing is that I didn't managed to understand how to set this configuration on the server app... shall I use "privet networks" of "this Mac" option under the "permission" pane? How do I define the only people who are in the office network can connect without VPN?

Thanks!
A.

satcomer · Aug 5, 2016

Depends! What version of is OS X and or server are you using?

cavi · Aug 6, 2016

Hi,
Latest software (10.11 and 5+ [I don't remember the exact number])

satcomer · Aug 6, 2016

cavi · Aug 7, 2016

Hi!
I know this video (I watched all the videos of Todd – highly recommended =]) and I even contacted him about this issue (and he kindly respond to my email, but I didn't understand it...).
The thing is if I turn on file sharing, the user didn't need a VPN connection to see the files. I want that if the user is in remote location he will use VPN in order to see the shared files...

satcomer · Aug 8, 2016

cavi said:
Hi!
I know this video (I watched all the videos of Todd – highly recommended =]) and I even contacted him about this issue (and he kindly respond to my email, but I didn't understand it...).
The thing is if I turn on file sharing, the user didn't need a VPN connection to see the files. I want that if the user is in remote location he will use VPN in order to see the shared files...

Yes he will VPN into a network from outside that network as long as you have a VPN server setup.

cavi · Aug 9, 2016

OK, Thanks! I thought that I need to make some changes in order to "force" him/her to use VPN.
THANKS!

satcomer · Aug 9, 2016

cavi said:
OK, Thanks! I thought that I need to make some changes in order to "force" him/her to use VPN.
THANKS!

If he is using a Mac the VPN client software is in System Preferences->Network then the + button to for a new VPN setup.

cavi · Aug 9, 2016

And if he or she "forget" to connect via VPN. If file sharing is on they have access to the files (which are more exposed...)?
Sorry of being "annoying", I'm in a middle of setting up my business which contains sensitive data and I want to make sure that everything is protected as much as it can.

DJLC · Aug 9, 2016

VPN is a "tunnel" from a trusted user outside your network. Thus they can connect to file sharing services on the local network when the connection is active.

If you're able to connect to the file shares outside when disconnected from VPN, check your firewall. Those ports should not be open to the outside.

Altemose · Aug 9, 2016

cavi said:
And if he or she "forget" to connect via VPN. If file sharing is on they have access to the files (which are more exposed...)?
Sorry of being "annoying", I'm in a middle of setting up my business which contains sensitive data and I want to make sure that everything is protected as much as it can.

No. The VPN is a way to allow a client access into the local network. While the person is halfway across the world, their machine connects in to the server and is just like a local client. Only at that point can they use File Sharing on the server.

There are two primary protocols for File Sharing: SMB (Server Message Block) and AFP (Apple Filing Protocol). Most ISPs block SMB (ports 139 and 445), but allow AFP (port 548). Those ports should not be open unless you opened them on your router, thereby forcing the user to VPN in before having any File Sharing access.

komatsu · Aug 10, 2016

This might be a good solution without messing around with ports.

http://www.parallels.com/eu/products/access/

cavi · Aug 13, 2016

Thank you all for your comments! =]

komatsu · Aug 13, 2016

You're welcome.

Did you find a suitable solution?

kiwipeso1 · Aug 13, 2016

cavi said:
Hello everyone,

I want to enable file sharing for users on my local network. In case that someone wants to connect from his/her home (or any other location which is not the office (i.e. the office network)he/she will must use VPN. The thing is that I didn't managed to understand how to set this configuration on the server app... shall I use "privet networks" of "this Mac" option under the "permission" pane? How do I define the only people who are in the office network can connect without VPN?

Thanks!
A.

VPN is basically a private broadband connection that is like a "dialup" direct to your server.
Your local network people direct connect by AFP or SMB as usual, by connect to server K. (They don't need VPN)
The only thing you need do to setup VPN is have a password and address to share to users.
Then all they do is add the office VPN to their network preferences, and set it to run from the menubar (connect).

It should only take a couple of minutes on each mac to setup & maybe five minutes on the server to pick a good password.

cavi · Aug 13, 2016

komatsu said:
You're welcome.

Did you find a suitable solution?

I spoke with an advisor which toled me that as long as I use SMB with encrypted connecting I don't really need a VPN (for remote users also)... That is true also to other services like mail and calendar — as long as I use SSL for the service.

Altemose · Aug 14, 2016

cavi said:
I spoke with an advisor which toled me that as long as I use SMB with encrypted connecting I don't really need a VPN (for remote users also)... That is true also to other services like mail and calendar — as long as I use SSL for the service.

SMB is one of the most compromised ports and as a result most ISPs block SMB traffic altogether requiring the use of VPN to get File Sharing running.

cavi · Aug 14, 2016

Altemose said:
SMB is one of the most compromised ports and as a result most ISPs block SMB traffic altogether requiring the use of VPN to get File Sharing running.

Even if encrypted?

chrfr · Aug 14, 2016

cavi said:
Even if encrypted?

Back in the early days of Windows XP, it was possible for the computer to be compromised via these ports even before the user had a chance to install patches that might block it. Consequently, most ISPs blocked these ports back then.

kiwipeso1 · Aug 14, 2016

cavi said:
I spoke with an advisor which told me that as long as I use SMB with encrypted connecting I don't really need a VPN (for remote users also)... That is true also to other services like mail and calendar — as long as I use SSL for the service.

Your advisor knows nothing about basic cryptography, or networking.
You need a VPN to keep your secrets safe, as SSL is not as reliable for connections.

Altemose · Aug 14, 2016

cavi said:
Even if encrypted?

Yes. SMB is a protocol that is commonly compromised. You NEED VPN instead of trying to work around it if you care about the security of your data.

cavi · Aug 15, 2016

OK, so how I enforce the use of VPN on users?
lets say that I have a user which I allow to him several services, including file sharing. now, this user also has a MacBook which he uses at his home (or iPad, iPhone etc'). when this user enters his username and password he can see all the files and he do not need to use VPN. so, how I create a rule which allow users to see the office files only if they use VPN?

Thanks a lot!

Altemose · Aug 16, 2016

cavi said:
OK, so how I enforce the use of VPN on users?
lets say that I have a user which I allow to him several services, including file sharing. now, this user also has a MacBook which he uses at his home (or iPad, iPhone etc'). when this user enters his username and password he can see all the files and he do not need to use VPN. so, how I create a rule which allow users to see the office files only if they use VPN?

Easy... Make sure that the AFP and SMB ports are not open on the router. If you created a port forward allowing port 548 to be open, then the Mac can connect without VPN.

cavi · Aug 17, 2016

Thanks! I'll try

LC Phil · Aug 18, 2016

cavi said:
Thanks! I'll try

Hi Cavi,

I just read this thread and I'm not too sure this is the best road for you to go down, especially as your technical knowledge may not be sufficient for setting up and troubleshooting a VPN. Plus, you mentioned sensitive data.

What is your current upload speed (not download) for the Server?
What firewall or router do you have, could it handle the VPN connection instead?
Do you have a static IP address with your ISP?
If so, is that mapped to a sub-domain for ease of use?
How are the files stored? Are they on a drive that mirrors your data in case of a single drive failure, or just a typical external HDD?

At the end of the day anyone can setup a VPN. But is it actually going to work for your business, it may not. Perhaps have a look at other file sharing solutions such as Dropbox for Business as there is more to consider then just access to the data.

If cost is an issue make sure your data isn't just stored on an external drive but that it's a proper storage solution that allows for the mirroring of drives for when a drive fails.

If you must setup a VPN, then I'd recommend opening the ports for 1701, 4500, 500 for L2TP VPN, then the ports for Calendar and Contact DAV if you are using that too. I wouldn't open the ports for AFP and SMB, it will be inviting trouble. Ensure your Firewall will not respond to pings.

Good luck!

Regards,

Phil

VPN and File sharing

macrumors regular

Suspended

macrumors regular

Suspended

macrumors regular

Suspended

macrumors regular

Suspended

macrumors regular

macrumors 6502a

macrumors G3

macrumors 6502a

macrumors regular

macrumors 6502a

Suspended

macrumors regular

macrumors G3

macrumors regular

macrumors G5

Suspended

macrumors G3

macrumors regular

macrumors G3

macrumors regular

macrumors newbie

Our Staff