osx vpn-server behind dfl-210
Hi!
I have a osx 10.6 server behind a dlink dfl-210 firewall. On the server I have vpn setup L2TP over IPsec.
I have a range from 192.168.100.40 - 90 and a PSK. There isnt much more to config on the osx server.
In the firewall I have setup 2 rules.
wan-to-lan: SAT and Allow
source interface: any source, network: all-nets detstination interface: core, destination network: wan_ip, service group: l2tp-ipsec
Only difference is on the SAT rule I have the servers ip-adress where it should be. (I guess you get what I mean.)
The l2tp-ipsec service group includes: ike, ipsec-ah, ipsec-esp, ipsec-natt, ipsec-suite and l2tp-ctl.
When I try to connect to the vpn from outside I get conn_open and then unhandled_local drop in the dfl-210 log.
So it looks to me like I get connected but the dfl-210 dont know what to do with the package.
Any ideas?
I have a osx 10.6 server behind a dlink dfl-210 firewall. On the server I have vpn setup L2TP over IPsec.
I have a range from 192.168.100.40 - 90 and a PSK. There isnt much more to config on the osx server.
In the firewall I have setup 2 rules.
wan-to-lan: SAT and Allow
source interface: any source, network: all-nets detstination interface: core, destination network: wan_ip, service group: l2tp-ipsec
Only difference is on the SAT rule I have the servers ip-adress where it should be. (I guess you get what I mean.)
The l2tp-ipsec service group includes: ike, ipsec-ah, ipsec-esp, ipsec-natt, ipsec-suite and l2tp-ctl.
When I try to connect to the vpn from outside I get conn_open and then unhandled_local drop in the dfl-210 log.
So it looks to me like I get connected but the dfl-210 dont know what to do with the package.
Any ideas?
Anything in the VPN server logs on OSX server
ASKER
No nothing... except that it is listening.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also keep in mind that L2TP will not work with clients that are behind a NAT router (like DSL/Wifi) using a private IP number.
In addition: using the DLink for IPsec VPN would be a good idea (unless you prefer PPTP on the Mac OS X server).
@ Mac 2010, i have this working on a number of router and OSX servers so can state that it does indeed work. Agreed i'd would use the d-links VPN server as this will give you potential access to other resources on the network.
Off topic: @lloydforth1 I had problems with L2TP (and client using private IP) and a VPN 'consultant' confirmed this to me. L2TP with clients on public IP works fine so it was not the server(s)...
ASKER
I dont really have a reason to go with vpn on the osx server. I have done it both ways before and usually do it in the firewall. I just thought it was time to do it this way since I havent done it in a while.
Im going to use the vpn in the firewall now but thanks for the help.
Im going to use the vpn in the firewall now but thanks for the help.
ASKER
I dont think the answer is grade a because its not really what I was looking for. Its still a solution that works though.