PDA

View Full Version : textbook VPN setup with 10.3?


mr_scotty
07-03-2008, 12:19 AM
Hi all,

I am managing the IT for a small business, and am after some quick
help with the setup of a VPN... the idea being that I may manage the
site from home and also from other work sites (ie. from the 'real
job'). I admit that i'm a bit of a newbie when it comes to VPN
setups; and i'm sure that the configuration I need is textbook stuff.

So, lets start with the basics. They say a picture is worth 1000
words; so here's a diagram of the setup I'm currently hoping to
setup:

<a href=”http://www.syntaxparty.org/temp/vpn3.jpg”><img src=”
http://www.syntaxparty.org/temp/vpn3.jpg”></a>

Following Maclive's great instructions (www.maclive.net/sid/132) , I've attempted to setup a VPN link a few times using the VPN server component of os x server 10.3's Server Admin; with no real luck. Before I delve into configuration specifics; my first question is whether I should even be trying to configure a VPN from a machine that is behind the ADSL router (ie. Gateway)? Like most ADSL routers, my little Netcomm box (it's an NB504) manages the PpoE internet connection. As a result, my router is the device that gets the static IP from my ISP. The router itself is a relatively cheap
little box – and whilst it performs quite well; it does not have VPN
configuration features in itself. I'd be more than happy (in fact,
it's highly desirable) for all VPN traffic to be managed by one of
the machines on the internal lan (eg. My mac file server).

Hence – and these are guesses – but:
Is there some way that my VPN server (mac server) can manage
information going to and from the outside world, whilst being behind
the gateway? Would a static route on my ADSL router be something that
I should configure?

I've heard people throw around the idea of registering with gotdns.com. Whilst i'm not 100% certain why this would be applicable; my understanding is that this may save a little time when it comes to the client VPN setup - in that I may connect to http://mycompany.gotdns.com rather than http://200.201.202.203. Is there any other reasons for a gotdns.com setup that would save time?

OK, now to the VPN server configuration itself. My end users will be
connect by both mac and PC clients, so I need to configure LT2P as
well as PPTP. I'm sure this is a common question: but currently, my
internal lan DHCP pool is configured to nearly the whole subnet:
192.168.20 – 192.168.1.255. Will my VPN work if I concurrently
configure my LT2P and PPTP pools within this range (say, LT2P =
192.168.1.235-237, and PPTP = 192.168.1.238-239)? or should I
redefine my DHCP range and set the VPN addresses outside DHCP scope?

My final questions concern server 10.3's “client information” tab
from within the VPN setup. In addition to the sections on this screen
dedicated to input of preferred DNS servers and search domains (both
of these fields are of little concern to me); there is a routing
definition table. This routing definition table is something that I
admit i've no real idea on what it does, or how/why I would set it
up. (it's additionally been at least 7-8 years since i've looked at
routing tables of any kind). Does this table effect what lan
resources VPN clients can see? or does it have something to do with how they connect?

Thanks for reading, hopefully get this thing off the ground soon

-scott-