Setting up Mac OS X Server as VPN Endpoint – Mavricks Server 10.9

General

• Setup server DNS if you have to – tools below to check
• Turn on VPN (L2TP and PPTP is what i did)
• Make Open Directory Users …
  • and group if you are using sharing and assign these users to the group
• PPTP?
  • Setup different NON local users in Open Directory
  • then set the services they have access to.
  • Great video here.http://www.youtube.com/watch?v=gG8HcsQuyjI
• L2TP – local users can access using this protocol
• unblock ports and port forward ports router
  • PPTP TCP 1723 with Protocol 47 or “GRE”
  • L2TP UDP 500
  • http://support.apple.com/kb/ts1629
  • http://blogs.technet.com/b/rrasblog/archive/2006/06/14/which-ports-to-unblock-for-vpn-traffic-to-pass-through.aspx
  • use ipchicken.com to get your ip address

  Set up your client – this is SUPER article with the tweaks and pitfalls to watch out for – scroll down to the client setup part

Here is the nitty gritty.

DNS Setup

• setup DNS either outside your network (advanced) or
  • or you have to setup DNS on the server to point to itself and then the router and/or external DNS – you can use google 8.8.8.8
  • if you don’t do this – the command changeip -checkhostname will give diff Current HostName and DNS Hostnames – this is not good
  • you should see

bash-3.2# changeip -checkhostname

Primary address     = 192.168.2.2

Current HostName    = machinename.subdomain.mydomainthatibought.com
DNS HostName        = machinename.subdomain.mydomainthatibought.com

The names match. There is nothing to change.
dirserv:success = “success”

• if the DNS HostName is not what it should be – set up DNS – because the computer is traversing DNS servers and it finds someone has stored the wrong name somewhere. So if it is your router and you can clear it, great – otherwise you have to work around this- well setting up your own DNS server is best. Follow this advice http://labs.hoffmanlabs.com/node/1436
• Current HostName  off? Change it in the main server Settings or run the advice given by the changeip command above.
  • /Applications/Server.app/Contents/ServerRoot/usr/sbin/changeip 192.168.1.2 192.168.1.2 wrong.name.com  right.name.com

Configure Sharing

• we setup a vpn group and added users to it
• configure that group to have access to a file share on the mac (System Prefs -> Sharing ->File Sharing and add that user as Read/Write to that group

This gets PPTP working. Using WIndows you can set up an FTP config and use it with all default settings.

On a mac – there are lots of articles that tell how to do this.

Other Links:

• iVPN for non servers to configure mac’s vpn
• clear instructions for the geeks in your life – REALLY good resource
• Troubleshooting L2TP – lots of error codes to help you out of VPN Hell
• http://web.stevens.edu/itwiki/w/index.php/VPN_Troubleshooting
• http://en.wikipedia.org/wiki/NAT_traversal
• http://apple.stackexchange.com/questions/102345/what-ports-need-to-be-opened-to-use-the-l2tp-vpn-server-on-mountain-lion-server
  • http://support.apple.com/kb/TS5313
  • http://support.apple.com/kb/HT4748
  • http://support.apple.com/kb/HT6080 **** OH FOR PETES SAKE!!!! A LT2P update for Mac OSX Macricks server!!
    • downlad it http://support.apple.com/kb/DL1716

    http://support.apple.com/kb/ht3953 advice for windows clients trying to connect to mac