Start learning with our library of video tutorials taught by experts. Get started
Viewed by members. in countries. members currently watching.
In Mac OS X Server 10.6 Snow Leopard: DNS and Network Services, instructor Sean Colins introduces the networking services available in Snow Leopard Server. This course covers setting up a DNS server to provide network resources, using firewalls to protect systems against intrusion and to route traffic, using DHCP to automatically configure network settings for computers when they join a network, and accessing a network securely via a remote VPN (virtual private network) connection. Exercise files accompany the course.
On your client machine it's best to do this while connected to a device that is outside of your network, and we have accomplished that by connecting via a cellular modem attached directly to this computer. This will allow you to VPN into your network and test your settings. Now, if you have a client machine, but you don't quite know how to do that, just be sure that your router has an active public IP address, and that it's configured as I suggested in the last movie. So go to the Network pane. Here we are, and you can see we already have our Access Card Active, and it's got an outside IP address that's not on the network we're on, and it's sending and receiving traffic.
The first step is we're going to click the Plus button to add a new network configuration. When we do this, we get to a selection where we can add all sorts of different connections. We're going to add a VPN here, and the first one we're going to select is L2TP over IPSec. I'm selecting this first, because it's not going to work, and I want to show you what that looks like. It's not going to work because the router we have-- again we said we bought an inexpensive router to do this class-- doesn't support passage of this and yours may not either. I want to show you what that looks like. So we have our VPN connection here and what I'm going to do is I'm going to click Import Configurations.
What I've done in the Exercise Files here in a folder called VPN, I've saved the configuration file that I pulled off of the Server Preferences in the last movie. I'll open that up and because I only have one VPN connection available here it just pulls it right into the one that I've got. If you didn't have one of these, it would create a new one for you and if you already had a bunch, it would ask you which one you wanted to import the configuration into. So anyway, now that we are here, you'll note that we're using the server address. I'm going to show you how that works right now.
We know that this server does actually work out here with DNS on the Internet. So that's fine from where we are right now. I'm going to put in my account name. Under Authentication Settings, I'm going to put in my password for that account. Remembe, how I said the shared secret would be imported for you automatically? Well there it is. Click OK, click Apply, and click Connect. Now, while it's doing that, you'll notice then in the upper corner here we've got a VPN icon here with the word Connecting. If we go to Utilities and we go to the Console, click OK, it's warning us that it didn't connect.
If we open up Console and we look at All Messages, we can see right here that we've got pppd and the racoon process, and those processes are showing us what they're doing. They're initiating the attempt of the connection. We can see here that server. groundswellgear.com is where it's going to and that the DNS is working properly, because we have the IP address right here. So we know that's functioning. If we pull this out, we can get a better view of the entire window here. The IPSec connection is started. It's trying to make its connection. The IKE Packets are being transmitted successfully, but the IPSec connection is failing every time.
So if we look at the server logs, if we come over here to Server Admin, we can see that during that time code in the 1:50 range, there is just nothing there. The last stuff that we had was when we were doing some stuff before we started this recording that was about 10 minutes ago. So it's not even hearing these requests. The server is not seeing this traffic at all. What that indicates for us is that our router or something in between us and our router is not letting us get through to the server or our firewall is not configured properly.
But if we go back to our Firewall and we look at our Settings, we know that this is hitting the any group. So if we just sort on Description, and scroll down to where it says VPN, all of the VPN stuff is active. There is just not much else that we can do here. So the firewall is configured correctly, our router we know we've got every option turned on that we can turn on, and we've got our port forwarding configured properly. L2TP looks like it is not going to work for us. So this is a really good example of a time when it's a good idea to fall back to that PPTP configuration.
So let's do that one next. I'm going to click the Plus button, go in to select VPN, and I am going to select PPTP. Now, you might also notice here that we have Cisco IPSec. Now, in 10.6, the client has a really good Cisco IPSec client. So if your server is running Cisco VPN software, you can connect to it right from here. You don't need the Cisco third-party VPN client anymore, which is nice, but we're not teaching that. We're teaching OS X Server. So we're going to PPTP, and I'm going to name this lynda PPTP VPN and click Create.
Now, when you do that, I'm not going to be able to import the configuration as I did before because the configuration that's exported from the Server Preferences is only for the L2TP service. Keep that in mind. We click on PPTP. We put in the server address. I'm going to go by the name again, but you can go by your IP Address. Nice thing about using the IP address is that your DNS isn't working from whatever remote location you're in, the IP Address will still go through, but we are going to use DNS right now. And put our account name in. Under Authentication Settings we'll put in our password.
Again, no opportunity here to put in anything beyond a password. There is no additional machine level authentication. So that's it. That's all you need to do and whenever we do that, we can also come into here into Advanced and we can tell it to send all traffic over the VPN connection. This is really useful. It does tax your Internet connection, and it also taxes your server a little bit more than it would if you left this off. But the plus side of this is that you know when you're connecting remotely that all of the traffic coming off of your remote machine into your server is going to be in that encrypted private tunnel, and that's a really good thing.
So I am going to leave the rest of this as default. VPN on Demand is possible here, and this can be another thing that's really cool. You can configure this for clients that perhaps don't always remember to activate the VPN when they should. What you can do here is say, "hey! Anytime I'm going to access corequick. com as a domain, I'm going to have that automatically connect up to the VPN." Nifty thing there is once you hit OK on that, if you go to corequick.com, the VPN will automatically start to connect before it makes that connection to that domain, and that would be for e-mail or to get to the web site, or for any traffic that goes to that domain.
It's a useful thing to put in place. I'm going to take that out right now, because I don't want to test that at the moment. We want to leave IPv6 off and this is going to be true until we get IPv6 straightened out across the board, across all of our network devices everywhere. So for now I'm just recommending you turn this off on just about everything. Under DNS, we're going to pick this up from the VPN server, so we don't need to reconfigure anything here. We're not using any proxies. So these are all solid. Since it's our first connection, it could be useful to turn on verbose logging however. So let's just leave that on there, and we'll hit OK and Apply.
Then when we're done, we click Connect. So you see, PPTP is pretty quick and it makes that connection and once you have a connection you'll get a counter up here in the upper-right corner that gives you how long you've been connected to the VPN. Once you're in the Network System Preferences, you can come here and look at a little bit more detailed information about what your IP address is once you've got into the network. Again, this is one of those IP addresses in that VPN range that we set up in our VPN settings of Server Admin. So this is how you get VPN to work on the client system, and we went into the logs just briefly here on the client.
This is a great place to go for troubleshooting. And remember, look for these pppd and racoon processes to give you an idea of what's going on, on your client's side. When you want to check your VPN logs over here for the server, just come into the Server Admin VPN service if you don't have immediate access to your server, and you can see the VPN D log right here. It's telling you exactly where that's located. It's in var/log/PPP, and it's in the vpnd.log and of course like you did in the other services that we showed during this title, you can always go into the server and just double-click on that log, and it will open up in Console on the server itself.
So I hope this helps you to configure VPN so that it functions well for your environment. One side note. We've been mentioning throughout this title that we did not use an AirPort Base Station because we couldn't get NAT and DHCP to work independently of one another. But one of the cool things about an AirPort Base Station would be that it does indeed support the L2TP VPN protocol very, very nicely and configuring that port forwarding is extremely easy in that device. So if you prefer to have that and you want to go out and buy a device that is sure to work, that AirPort Base Station either the Extreme or the Express would work very well for that.
So that's it for VPN client and troubleshooting.
There are currently no FAQs about Mac OS X Server 10.6 Snow Leopard: DNS and Network Services.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.