View Full Version : textbook OSX VPN setup help?

06-30-08, 09:32 PM
Hi all,

I am managing the IT for a small business, and am after some quick
help with the setup of a VPN... the idea being that I may manage the
site from home and also from other work sites (ie. from the 'real
job'). I admit that i'm a bit of a newbie when it comes to VPN
and i'm sure that the configuration I need is textbook stuff.

So, lets start with the basics. They say a picture is worth 1000
words; so here's a diagram of the setup I'm currently hoping to

<a href=”http://www.syntaxparty.org/temp/vpn3.jpg”><img src=”

Following <a href=”www.maclive.net/sid/132”> Maclive's great
instructions</a>, I've attempted to setup a VPN link a few times
the VPN server component of os x server 10.3's Server Admin; with no
real luck. Before I delve into configuration specifics; my first
question is whether I should even be trying to configure a VPN from a
machine that is behind the ADSL router (ie. Gateway)? Like most ADSL
routers, my little Netcomm box (it's an NB504) manages the PpoE
internet connection. As a result, my router is the device that gets
the static IP from my ISP. The router itself is a relatively cheap
little box – and whilst it performs quite well; it does not have VPN
configuration features in itself. I'd be more than happy (in fact,
it's highly desirable) for all VPN traffic to be managed by one of
machines on the internal lan (eg. My mac file server).

Hence – and these are guesses – but:
Is there some way that my VPN server (mac server) can manage
information going to and from the outside world, whilst being behind
the gateway? Would a static route on my ADSL router be something that
I should configure?

I've heard people throw around the idea of registering with
gotdns.com. Whilst i'm not 100% certain why this would be applicable;
my understanding is that this may save a little time when it comes to
the client VPN setup - in that I may connect to http://mycompany.gotdns.com
rather than Is there any other reasons for a
gotdns.com setup that would save time?

OK, now to the VPN server configuration itself. My end users will be
connect by both mac and PC clients, so I need to configure LT2P as
well as PPTP. I'm sure this is a common question: but currently, my
internal lan DHCP pool is configured to nearly the whole subnet:
192.168.20 – Will my VPN work if I concurrently
configure my LT2P and PPTP pools within this range (say, LT2P =, and PPTP = or should I
my DHCP range and set the VPN addresses outside DHCP scope?

My final questions concern server 10.3's “client information” tab
within the VPN setup. In addition to the sections on this screen
dedicated to input of preferred DNS servers and search domains (both
of these fields are of little concern to me); there is a routing
definition table. This routing definition table is something that I
admit i've no real idea on what it does, or how/why I would set it
(it's additionally been at least 7-8 years since i've looked at
routing tables of any kind). Does this table effect what lan
VPN clients can see? or does it have something to do with how they

Thanks for reading, hopefully get this thing off the ground soon