OSX L2TP Server - Preconfigurable Win and OSX Client

[jyer]

Hey,

I have set up a Mac OS X server for the NGO I am working in and now need to enable VPN access to our team.

The problem is that most of the team is working abroad so I need to be able to provide them with an easy way to access the server and preferably without giving out my shared secret.

Most of the team is running Windows but a few are running Mac (or even Linux).

I know that Cisco provides a client for its VPN system by which you can simply send out a preconfigured program that the rest of the team can simply install on their computer to access the network.

I was wondering if any alternative open source client would provide something similar for the Mac L2TP protocol ?

If I understand correctly, OpenVPN would not do the trick, since it only works with an OpenVPN server, right ?

In sum, I need something free, cross-plateforms and extremely easy to set up for end users.

Thank you very much for your help !

 

[mbestel]

A document?

Hi,

Both Mac and Windows clients can connect to a Mac VPN Server without difficulty, so the simplest solution may be to create a step-by-step document that walks your people through setting up and using the VPN connection.

Then, you send them the document and a set of credentials and hope for the best.

In my experience this has reduced the config work and the number of support calls drastically.

Hope this helps.

Cheers,

Mark

 

[Alrescha]

The problem is that most of the team is working abroad so I need to be able to provide them with an easy way to access the server and preferably without giving out my shared secret.

For OS X, you can run Server Preferences, select the VPN and click the "Save As" button under 'Client Configuration'. This gives you a file to send your users. They will still need to know their own authentication information.

A.

 

[jyer]

Hey,

Thanks a lot for your suggestions !

Mbestel : I was indeed thinking of drafting a document for Windows clients, since I have not found an application that would set everything up instead. It's really a shame that there isn't any opensource program out there, could be useful for Linux servers too...

Alrescha : Thank you very much for the tip regarding Mac OS X export file. It will definitely be extremely useful !

Cheers,

Jyer

 

[jyer]

Hey,

I'm back with the same issue.

While the Mac clients are doing fine, I still have not been able to configure a Win client.

I read that Vista is supposed to support L2TP and I've been trying to configure it since. Vista generates error 789 :

"The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer"

If I understand correctly, configuration through the PPT requires a certificate that I have not configured on my Mac Server. I've actually been following this tutorial, but I have more option on my 10.6 Server which I do not know what to do with.

Could someone please explain to me how to set up windows clients for a Mac VPN Server ?

Thanks a lot !

 

[Alrescha]

Hey,
While the Mac clients are doing fine, I still have not been able to configure a Win client.

OS X Server is using IPSec with NAT traversal. While Windows can do this, the last time I researched it you had to manually turn it on via a registry entry.

For Windows XP:

http://support.microsoft.com/kb/885407

For Vista(?):

http://support.microsoft.com/kb/947234

There is some tweaking you have to do in addition to that. In Windows XP, connection properties, the following items are set (XP is the last Windows I support, I imagine Vista and Win7 have similar settings):

Options
'Display progress while connecting' and
'Prompt for name and password' are checked.

Security
Security options
'Typical' is selected
'Validate my identity' is set to: Require secured password
'Require data encryption' is checked

In IPSec Settings
'Use pre-shared key for authentication' is checked
'Key' is filled in with the IPsec pre-shared key

Networking
'Type of VPN' is: L2TP IPSec VPN (PPP settings are the default)

Good luck,

A.