?
Solved

osx vpn-server behind dfl-210

Posted on 2011-05-12
9
Medium Priority
?
1,294 Views
Last Modified: 2012-08-14
Hi!

I have a osx 10.6 server behind a dlink dfl-210 firewall. On the server I have vpn setup L2TP over IPsec.
I have a range from 192.168.100.40 - 90 and a PSK. There isnt much more to config on the osx server.

In the firewall I have setup 2 rules.
wan-to-lan: SAT and Allow
source interface: any source, network: all-nets detstination interface: core, destination network: wan_ip, service group: l2tp-ipsec
Only difference is on the SAT rule I have the servers ip-adress where it should be. (I guess you get what I mean.)
The l2tp-ipsec service group includes: ike, ipsec-ah, ipsec-esp, ipsec-natt, ipsec-suite and l2tp-ctl.

When I try to connect to the vpn from outside I get conn_open and then unhandled_local drop in the dfl-210 log.
So it looks to me like I get connected but the dfl-210 dont know what to do with the package.

Any ideas?

0
Comment
Question by:anvendarnamn
  • 3
  • 3
  • 3
9 Comments
 
LVL 3

Expert Comment

by:lloydforth1
ID: 35745255
Anything in the VPN server logs on OSX server
0
 

Author Comment

by:anvendarnamn
ID: 35745282
No nothing... except that it is listening.
0
 
LVL 3

Accepted Solution

by:
lloydforth1 earned 1050 total points
ID: 35745378
Why are you bothering to use the VPN server in OSX when the D-link has one built in? If its for some reason i can't think of then you would need to configure the device to pass through the requests for the following ports 1701, 4500, 50, and 500, to the internal IP address of the Mac

0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 8

Expert Comment

by:Mac2010
ID: 35745517
Also keep in mind that L2TP will not work with clients that are behind a NAT router (like DSL/Wifi) using a private IP number.
0
 
LVL 8

Expert Comment

by:Mac2010
ID: 35745523
In addition: using the DLink for IPsec VPN would be a good idea (unless you prefer PPTP on the Mac OS X server).
0
 
LVL 3

Expert Comment

by:lloydforth1
ID: 35745560
@ Mac 2010, i have this working on a number of router and OSX servers so can state that it does indeed work. Agreed i'd would use the d-links VPN server as this will give you potential access to other resources on the network.
0
 
LVL 8

Expert Comment

by:Mac2010
ID: 35745600
Off topic: @lloydforth1 I had problems with L2TP (and client using private IP) and a VPN 'consultant' confirmed this to me. L2TP with clients on public IP works fine so it was not the server(s)...
0
 

Author Comment

by:anvendarnamn
ID: 35752411
I dont really have a reason to go with vpn on the osx server. I have done it both ways before and usually do it in the firewall. I just thought it was time to do it this way since I havent done it in a while.

Im going to use the vpn in the firewall now but thanks for the help.
0
 

Author Closing Comment

by:anvendarnamn
ID: 35752431
I dont think the answer is grade a because its not really what I was looking for. Its still a solution that works though.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question