New Feature: Playlist Center! Pick a topic and let our playlists guide the way.

Start learning with our library of video tutorials taught by experts. Get started

Mac OS X Server 10.6 Snow Leopard: DNS and Network Services
Illustration by Neil Webb

Troubleshooting your VPN


From:

Mac OS X Server 10.6 Snow Leopard: DNS and Network Services

with Sean Colins

Video: Troubleshooting your VPN

On your client machine it's best to do this while connected to a device that is outside of your network, and we have accomplished that by connecting via a cellular modem attached directly to this computer. This will allow you to VPN into your network and test your settings. Now, if you have a client machine, but you don't quite know how to do that, just be sure that your router has an active public IP address, and that it's configured as I suggested in the last movie. So go to the Network pane. Here we are, and you can see we already have our Access Card Active, and it's got an outside IP address that's not on the network we're on, and it's sending and receiving traffic.

Watch this entire course now—plus get access to every course in the library. Each course includes high-quality videos taught by expert instructors.

Become a member
please wait ...
Mac OS X Server 10.6 Snow Leopard: DNS and Network Services
2h 4m Intermediate Jul 16, 2010

Viewers: in countries Watching now:

In Mac OS X Server 10.6 Snow Leopard: DNS and Network Services, instructor Sean Colins introduces the networking services available in Snow Leopard Server. This course covers setting up a DNS server to provide network resources, using firewalls to protect systems against intrusion and to route traffic, using DHCP to automatically configure network settings for computers when they join a network, and accessing a network securely via a remote VPN (virtual private network) connection. Exercise files accompany the course.

Topics include:
  • Deploying, troubleshooting, and understanding OS X 10.6 DNS server
  • Understanding and configuring OS X and OS X Server-based firewalls
  • Fixing server- and client-side firewalls
  • Configuring and troubleshooting DHCP
  • Setting up and troubleshooting a VPN server
Subjects:
Business Developer Servers
Software:
Mac OS X Server
Author:
Sean Colins

Troubleshooting your VPN

On your client machine it's best to do this while connected to a device that is outside of your network, and we have accomplished that by connecting via a cellular modem attached directly to this computer. This will allow you to VPN into your network and test your settings. Now, if you have a client machine, but you don't quite know how to do that, just be sure that your router has an active public IP address, and that it's configured as I suggested in the last movie. So go to the Network pane. Here we are, and you can see we already have our Access Card Active, and it's got an outside IP address that's not on the network we're on, and it's sending and receiving traffic.

The first step is we're going to click the Plus button to add a new network configuration. When we do this, we get to a selection where we can add all sorts of different connections. We're going to add a VPN here, and the first one we're going to select is L2TP over IPSec. I'm selecting this first, because it's not going to work, and I want to show you what that looks like. It's not going to work because the router we have-- again we said we bought an inexpensive router to do this class-- doesn't support passage of this and yours may not either. I want to show you what that looks like. So we have our VPN connection here and what I'm going to do is I'm going to click Import Configurations.

What I've done in the Exercise Files here in a folder called VPN, I've saved the configuration file that I pulled off of the Server Preferences in the last movie. I'll open that up and because I only have one VPN connection available here it just pulls it right into the one that I've got. If you didn't have one of these, it would create a new one for you and if you already had a bunch, it would ask you which one you wanted to import the configuration into. So anyway, now that we are here, you'll note that we're using the server address. I'm going to show you how that works right now.

We know that this server does actually work out here with DNS on the Internet. So that's fine from where we are right now. I'm going to put in my account name. Under Authentication Settings, I'm going to put in my password for that account. Remembe, how I said the shared secret would be imported for you automatically? Well there it is. Click OK, click Apply, and click Connect. Now, while it's doing that, you'll notice then in the upper corner here we've got a VPN icon here with the word Connecting. If we go to Utilities and we go to the Console, click OK, it's warning us that it didn't connect.

If we open up Console and we look at All Messages, we can see right here that we've got pppd and the racoon process, and those processes are showing us what they're doing. They're initiating the attempt of the connection. We can see here that server. groundswellgear.com is where it's going to and that the DNS is working properly, because we have the IP address right here. So we know that's functioning. If we pull this out, we can get a better view of the entire window here. The IPSec connection is started. It's trying to make its connection. The IKE Packets are being transmitted successfully, but the IPSec connection is failing every time.

So if we look at the server logs, if we come over here to Server Admin, we can see that during that time code in the 1:50 range, there is just nothing there. The last stuff that we had was when we were doing some stuff before we started this recording that was about 10 minutes ago. So it's not even hearing these requests. The server is not seeing this traffic at all. What that indicates for us is that our router or something in between us and our router is not letting us get through to the server or our firewall is not configured properly.

But if we go back to our Firewall and we look at our Settings, we know that this is hitting the any group. So if we just sort on Description, and scroll down to where it says VPN, all of the VPN stuff is active. There is just not much else that we can do here. So the firewall is configured correctly, our router we know we've got every option turned on that we can turn on, and we've got our port forwarding configured properly. L2TP looks like it is not going to work for us. So this is a really good example of a time when it's a good idea to fall back to that PPTP configuration.

So let's do that one next. I'm going to click the Plus button, go in to select VPN, and I am going to select PPTP. Now, you might also notice here that we have Cisco IPSec. Now, in 10.6, the client has a really good Cisco IPSec client. So if your server is running Cisco VPN software, you can connect to it right from here. You don't need the Cisco third-party VPN client anymore, which is nice, but we're not teaching that. We're teaching OS X Server. So we're going to PPTP, and I'm going to name this lynda PPTP VPN and click Create.

Now, when you do that, I'm not going to be able to import the configuration as I did before because the configuration that's exported from the Server Preferences is only for the L2TP service. Keep that in mind. We click on PPTP. We put in the server address. I'm going to go by the name again, but you can go by your IP Address. Nice thing about using the IP address is that your DNS isn't working from whatever remote location you're in, the IP Address will still go through, but we are going to use DNS right now. And put our account name in. Under Authentication Settings we'll put in our password.

Again, no opportunity here to put in anything beyond a password. There is no additional machine level authentication. So that's it. That's all you need to do and whenever we do that, we can also come into here into Advanced and we can tell it to send all traffic over the VPN connection. This is really useful. It does tax your Internet connection, and it also taxes your server a little bit more than it would if you left this off. But the plus side of this is that you know when you're connecting remotely that all of the traffic coming off of your remote machine into your server is going to be in that encrypted private tunnel, and that's a really good thing.

So I am going to leave the rest of this as default. VPN on Demand is possible here, and this can be another thing that's really cool. You can configure this for clients that perhaps don't always remember to activate the VPN when they should. What you can do here is say, "hey! Anytime I'm going to access corequick. com as a domain, I'm going to have that automatically connect up to the VPN." Nifty thing there is once you hit OK on that, if you go to corequick.com, the VPN will automatically start to connect before it makes that connection to that domain, and that would be for e-mail or to get to the web site, or for any traffic that goes to that domain.

It's a useful thing to put in place. I'm going to take that out right now, because I don't want to test that at the moment. We want to leave IPv6 off and this is going to be true until we get IPv6 straightened out across the board, across all of our network devices everywhere. So for now I'm just recommending you turn this off on just about everything. Under DNS, we're going to pick this up from the VPN server, so we don't need to reconfigure anything here. We're not using any proxies. So these are all solid. Since it's our first connection, it could be useful to turn on verbose logging however. So let's just leave that on there, and we'll hit OK and Apply.

Then when we're done, we click Connect. So you see, PPTP is pretty quick and it makes that connection and once you have a connection you'll get a counter up here in the upper-right corner that gives you how long you've been connected to the VPN. Once you're in the Network System Preferences, you can come here and look at a little bit more detailed information about what your IP address is once you've got into the network. Again, this is one of those IP addresses in that VPN range that we set up in our VPN settings of Server Admin. So this is how you get VPN to work on the client system, and we went into the logs just briefly here on the client.

This is a great place to go for troubleshooting. And remember, look for these pppd and racoon processes to give you an idea of what's going on, on your client's side. When you want to check your VPN logs over here for the server, just come into the Server Admin VPN service if you don't have immediate access to your server, and you can see the VPN D log right here. It's telling you exactly where that's located. It's in var/log/PPP, and it's in the vpnd.log and of course like you did in the other services that we showed during this title, you can always go into the server and just double-click on that log, and it will open up in Console on the server itself.

So I hope this helps you to configure VPN so that it functions well for your environment. One side note. We've been mentioning throughout this title that we did not use an AirPort Base Station because we couldn't get NAT and DHCP to work independently of one another. But one of the cool things about an AirPort Base Station would be that it does indeed support the L2TP VPN protocol very, very nicely and configuring that port forwarding is extremely easy in that device. So if you prefer to have that and you want to go out and buy a device that is sure to work, that AirPort Base Station either the Extreme or the Express would work very well for that.

So that's it for VPN client and troubleshooting.

There are currently no FAQs about Mac OS X Server 10.6 Snow Leopard: DNS and Network Services.

 
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.
Upgrade now


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

join now Upgrade now

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed Mac OS X Server 10.6 Snow Leopard: DNS and Network Services.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.