Windows xp vpn mac server
This shows the IP Address and country that you are currently connecting from, in this example, the user is connecting from Singapore. Getting Started. Click on Windows Start button and then Control Panel. When the new connection wizard appears, press Next to continue. Select Connect to the network at my workplace to configure your VPN connection.
Setup VPN BoxPN at Windows XP | Really Anonymous, Protected & Fast
Select Virtual Private Network connection and click Next. K service or something similar if you are connecting to one of our other countries and click Next. This is simply the name that Windows will give to the new connection. Host name or IP address: If you wish to use our Free service, the servername that you need to use is fre. To connect to any of our other servers, ie. And, the more digits in the Shared Secret, the better. The 3 weakest parts of the VPN are the username and password the user uses to connect, and the Shared Secret.
If you use weak passwords or secrets, a tunnel could be established by anyone who might be able to guess that information. Next, select the PPTP tab. Since many corporations use internal DNS servers, the servers specified here will be used on any traffic that is traveling through the VPN. In my example, the corporate network is a Class C or addresses ranging from In this example, the Network Address is entered as The final key value here is the Network Type.
It is set to Private. This means that any traffic to or from the client that is destined for the Any addresses not listed as private here are not secure and the VPN client will route that traffic over the normal internet connection rather than sending it down the VPN tunnel to the corporate network. Lastly, a user account must be created on the server. This is done through the Workgroup Manager, and application located in the same directory as the Server Admin.
When you create the account, be sure to set a strong password for the account. The username and password created here will be the credentials that the remote user will use when they log into the VPN. A new profile will open. If you do, you will miss one vital piece of information. There is no place to specify the Shared Secret for the connection.
Without it, the tunnel will never establish. Select Edit Configurations from the Configuration menu. Fill in the fields with the appropriate information. The description can be anything you want it to be. VPN On Demand is a new feature in When you enable this feature, you are required to list domains that will trigger activation of the VPN tunnel when you try to access them.
It is worth looking at some of the advanced options available under the Connect menu and then Options. There is an option to send all traffic over the VPN. This can be a powerful option. Normally you would not want to do this as it will increase traffic on the corporate end of the network. But, if you are a user on the road and using a hotspot or public wireless network, it might be a good idea to enable this option. In doing that, all of the traffic becomes protected from other users who might be sniffing traffic on the wireless network. First and foremost, it does not fully comply with standards based VPN servers.
Once again, Microsoft has decided that it knows better and went in its own direction. First of all, right click on My Network Places a choose Properties. You will see a list of your network adapters. Click Create a New Connection on the left. Its an odd name for it, but this allows you to create a VPN.
Click finish here. We need to make some changes to the VPN adapters configuration before you can connect to the Mac server. Now go back to the Network Connections window. A new adapter should have been added to the screen. It will have the name that you gave the VPN connection when you ran the wizard. Click OK and you are done configuring the client. You will be prompted for your login information. Once you click connect, your computer should negotiate the connection with the Mac sever. Most corporate VPN servers are behind a firewall.
A virtual private network connects two private networks over the internet
In order for people outside of the firewall to gain access to the VPN server, certain Access Controls need to be added to the firewall. The example is directly from a Cisco router. Some users have reported their configurations would not work until these rules were added. I attempted to set up the VPN server on my home network so that I could access my files from remote locations. Given the limitations of my Linksys broadband router, I was unable to make the configuration work.
I was able to get a Mac remote client connected through the NAT some time ago, but never had luck connecting with a PC. If you setup a server in this configuration, I am interested in hearing about your experiences. Please leave your comments in the field below. With only a little knowledge of the subject, it is easy to get a remote secure connection up and running. All in all, a wide range of services and support for a single operating system.
I strongly suggest trying it out for yourself! I did not need those in my firewall rules, but several readers have emailed explaining that their VPNs work until they activate Allowing these ports may resolve the issue. Please post your feedback below. There is one important thing to keep in mind when you specify these addresses. Many DNS servers do not allow recursion. This means that they only allow lookups to be made by clients in select subnets. This is done for a number of reasons, but mainly for security.
If your VPN server is sitting on your corporate network, be sure to specify the DNS servers that other clients on the corporate network would use. Similarly, if your VPN server is on your home network, specify the DNS servers you would use when you are surfing the web at home Example: Comcast DNS servers if Comcast provides your internet connection at home.
Remember that when clients connect to the VPN server, they receive an IP address from the pool of addresses you specified when you set up the server. If you connect to the VPN server but find that you cannot connect to any other services once you are there, you can easily determine the problem. If you are entering the name of the remote service but cannot connect, open up the Terminal and try to ping that address via its name.
Also try to ping the address via its IP. If you can ping it via the IP and not via the name, odds are the DNS servers you specified are your problem. If the box is not checked, the pings you send must be located on the VPN servers network. If the box is checked, you should be able to ping any address that would normally be ping able. Should you work with router to router, or network to network VPN connections in the future, be mindful of the virtual IP addresses distributed on either side of the VPN. By default, most routers use In router to router VPN connections, it is essential to have unique subnets if virtual addresses are used on both sides of the VPN tunnel.
For example, if your home router connects to your corporate router and your business uses an internal NAT subnet of Try something like I am not sure how well that works, but this rule will be something to keep in mind. As Joe noted in the comments below, this is great for people using public access, like a wireless network at the upcoming MacWorld show.
This comment was right on the money, and I thought the idea warranted a little further detail. First, the down side. Consider the bandwidth available to your VPN server. If you are on a corporate network, odds are you have a synchronous internet connection, meaning that the internet connections upstream bandwidth is equal to its down stream. This is the case with the T1 at my office. If your VPN server is using a consumer level broadband provider, odds are your connection is asynchronous. This is often the case with DSL or cable modem connections. The downstream might be a high as 8Mb, while the upstream is limited to Kb.
That is the case with my cable modem at home. The problem occurs when you route all of your traffic through an asynchronous connection. This is because all traffic is essentially being funneled through the asynchronous network connection before it arrives at the VPN client. Even if your clients access point might offer higher speed access, this performance bottleneck will keep you from surfing at the speeds you might expect.
Also, keep in mind that several VPN users in this situation can use up the available bandwidth much quicker than you expect. As for the advantages, there are many worth considering. For example, say you are accessing a wireless hotspot from the MacWorld show floor. That means that your mail servers POP3 login information is sent in the clear for anyone to literally grab out of thin air. So are the contents of your email messages for that matter. The same goes for your FTP login, or any telnet access.
When you route all traffic through the VPN tunnel, you effectively protect all of that data. Since the data is passing through the tunnel both incoming and outgoing , it is unreadable to anyone between you and your VPN server. Once the traffic reaches the VPN Server, it is no longer encrypted and it flows out onto the internet as needed to reach its intended destination.
By then, your data is clear of the danger zone. This concept is important to consider when you realize that once someone has access to your email login, they have full control over your email. And if you plan on blogging from the show floor, this may be the only way to stay truly secure. If consider any of your internet based traffic confidential, this really is the best way to go. Apparently this not needed in all situations, but it does correct this issue. This might be necessary in some configurations.
That being said, it can still be a very painful experience. But another software alternative has been released that could solve many users issues. Hamachi is a powerful VPN alternative and it is very easy to configure and operate. Hamachi is simply a great example of a powerful alternate solution!
What do I need to change? I just posted an update to the story above. It links to an Apple Tech Note that details the ports used in Mac software. Joe December 30, Reply. Very cool. Thank you for this timely tutorial. It will be nice to have secure access to files stored at my office while attending Macworld in just over a week. I set up port forwarding on my router to ping the server, I enabled both VPN protocols, and I do not have the firewall turned on.
Not sure what I missed configuring L2TP. Thanks again. John C. Randolph December 31, Reply. Interesting to see how clunky the windows client configuration is, compared to the Mac. Not surprising, just interesting. Elliot December 31, Reply. The mac to mac side is all fine, but XP just tries to verify the username and password and then fails. Sat Dec 31 PPTP connection established. Using interface ppp0 Sat Dec 31 Connection terminated. PPTP disconnected I am not sure why this fails, but from what I have read, it has something to do with the changes made to packets when they pass through the NAT.
It may be a limitation of PPTP. Elliot January 1, Reply. Urme January 3, Reply. Andy January 3, Reply. Hi, thanks for your time. A few weeks ago the router was broken. Since then I was using my Airport Base Station as router but I was not able to get L2TP working, or are forwarded to the server, but if I scan from wan side seems to be all closed.
I just posted an update to the end of the story above under todays date.
Windows XP L2TP VPN Setup
I think you will want to check your DNS server settings. I think the problem might be recursion as i detail above. Still, once you connect to the VPN server, you should be able to ping other machines on that same network. Depending on your router config, that could be a problem. It would be interesting to see if this has any effect on your problem.
It seems that the cause is unique to the Apple hardware. If you restrict access based on MAC address, you might want to remove those rules to help troubleshoot the problem. Please let me know if you resolve the problem. I can see this sort of thing being an issue for others as well.
Smanke, thanks for your answer. I think that I will buy a D-Link router…. I have updated the story to further explain the advantages and disadvantages of routing all internet traffic over the VPN connection. If you travel a lot, or you plan on attending the upcoming MacWorld Expo, please checkout the notes I just added to the end of the article. Hope that helps, Elliot. And thanks for this really well-written article, Steve! Andy January 8, Reply.
Now L2TP its working again. Tadd January 17, Reply. Could it just be a crappy firewall, and should I look into getting a better one? Or am I missing the wrong ports? TCP Jamie January 17, Reply. They are able see see the LAN, but unable to connect to the internet. I believe that I have everything set up correctly. If not, what should I look at next??? Steve January 17, Reply. It looks like you have everything set. As long as you are using L2TP from a Mac, you should be able to connect.
You should only have to setup After that, your secure traffic should go through the VPN and the rest should go over your normal internet connection. I did have someone tell me that they made one other change to the PPTP setup. From what I understand, this prevents all of the traffic from flowing through the VPN connection. Thanks for the update.
Hopefully Apple will correct the problem in a future update of the firmware. Tadd January 18, Reply.
Download the VPN app
Hi Steve, thanks for the quick reply. I did test it using L2TP off of a Mac running Jamie January 18, Reply. Thanks for the reply. And no go. Still can only seen the LAN, but not the Internet. On the Mac, I have both, at the same time, no problems. Any other suggestions?? Or just tell this Windows user to switch, which would be the right thing to do for more reasons then just this. I have a friend that can do magic with this stuff. I will ask him to take a look at your notes and see if he has any ideas.
Oh dear God, I wish I could get rid of every windows machine in this place. Life would be much easier. THanks for asking your friend to look at thins for me. Any advice they could give would be much appreciated. Matt January 18, Reply. When you uncheck that box on the Windows VPN client setup that allows for split tunneling only traffic destined for the remote LAN will go over the tunnel , which should also allow your XP box to access the LAN via the tunnel and the Internet via the default gateway of the XP machine.
It might be helpful to take a look at the routing table on the XP machine before and after connecting to the VPN server to see what changes. In a default configuration you should see a couple things happen, once connected to the VPN server you should see a route entry for the IP address assigned to XP from the VPN server pointing to the IP address of the server. Then you should also see a new entry for the default route 0. You should notice that the new default route has a metric of 1, which should be lower thant the default gateway already in XP usually Richard January 26, Reply.
I am trying to set up vpn from a remote desktop running OSX I have set most of it up as described above, but I do not understand what I should enter in the client info part of the server vpn settings. The internal network, fed off the server with IP addresses The allocated addresses for the vpn are Can you please tell me what I put in the three client info fields — 1. DNS servers. Search domains.
Network Routing Definition. DNS Servers: Set that to You should be able to check one of your other workstations to find that, or check your DHCP server for the info. I see what your subnet is. You want to use a subnet of I read through your info too quickly and missed the note that the rest were address for your VPN pool.
Richard February 2, Reply. Richard February 6, Reply. Another thought — would the router at either end be the problem? Does the firewall need to be disabled on the router, or any other settings changed? I read somewhere about port forwarding. What is that? Thanks for taking the time to read this and any help is appreciated. Assuming you are using a NAT router, you must set up the proper port forwarding in order to get this working. In the example posted in the story, I explained that these rules were added to my firewall in order to allow access: Note that the example lists permit udp any I am betting this is what has been keeping your from getting the VPN server functions.
Without the port maps, all of the traffic will just bounce off the firewall. Twintails February 6, Reply. When I run the s2svpnadmin and have te firewall rules setup, like the apple document says to do, nothing connects, and services fail on eithr private network. In Hopes of not having you repeat yourself in some steps, would you be so kind as to run through a successful Site-to-Site Setup using s2svpnadmin like discribed in this document.
That was a very interesting question. I took a look at the PDF in your link, and the documentation looks good. I am tempted to try, but there are other alternatives that might be easier.
I have had a lot of luck setting things up that way. As for the software VPN solution, I am guessing there is a problem with the portmap. Even if you are using clients to connect to the VPN server, it is possible that a site to site link will not be possible using two broadband or small office routers. I suspect that the site to site link is less tolerant of the fact the home routers will not let you map protocols other than TCP and UDP. As I say, this is only a guess. I have seen similar issues in the past.
I am planning to do a review of the Linksys RV in the near future. I found a nifty program that helps configure port forwading on OS X Server. It makes configuring port forwading a breeze…well for me anway. The NAT service is lacking functions. I did it…but I it was no cakewalk. I got the solution from the Apple discussions forum thanks Leif: You need to turn on IP forwarding on the server.
At least, it solved the problem for me. Richard February 17, Reply. Lucky you Eric I have been trying to get this working for three months, with I have followed all instructions to the letter. Have done the port forwarding from the nat router, but that changed nothing!!!! I have posted an update to the end of the story to include the NAT fix that Urme and Eric have described. If you switch to L2TP, you should be all set.
Its really no more difficult if you are using the Mac client. Hi Smanke, cool topic!
Wanted to get remote access working first so that I can jump in from anywhere to toy around with the G4. Server IP address IP Address: Enabled, Starting IP Address: Shared secred yeah I did put one in! No Certificate. Enabled, no bit encryption keys, Starting IP address: Client Information Settings: Network Address: Private to not channel everything through the VPN. I also tried PPTP config too….. Oh yeah…. Got lucky with that one…. After your first post, I was going to suggest that you open up UDP port , but thanks to your second post I see you have done that. I know that another user was using an Apple Airport as a router and for whatever reason, he was unable to get his VPN configuration working.
When he replaced the Airport with another router the problem was resolved. One other idea comes to mind. It would be interesting to see if that helps. Good luck! And let us know how it works out for you. Ben March 6, Reply. Do I have to own those IPs? The machines on the LAN all have manually assigned addresses in the Can I use Graham March 7, Reply.
We have OS X server. We want to use VPN. What would your suggestion be. Thanks in advance for your help. Its a hardware VPN solution, so it should be more stable. That is what I use most of the time. I keep it ready for action at all times. It works well for me when I am on the road and need secure access to my network. If you go with the Linksys RV, you will have the best of both worlds.
I need to get my review of the RV finished, but I have been very impressed with it. It is a more expensive VPN router, but it really is worth the money. If you want a cheaper VPN router, Linksys offers those as well. You want to assign internal addresses, so you are on the right track. Just use a range from your Keep in mind that you will need to make sure the subnet on the other end of the VPN tunnel does not use Anything other than those will work, but the same subnet cannot be on both sides of the tunnel.
Would we need this? Sorry if the answer is obvious, and thanks again for your advice! From what I have read, I believe its the same router as the RV except that it has less ethernet ports and a slightly slower processor. It may actually have a PPTP built-in. That part is not clear. Since your main goal is to connect 2 office between routers, the RV should be perfect. If you do get it, let me know what you think of it and whether or not it has a PPTP server built in. Graham March 9, Reply. Will do. What is your opinion on this? I have only played with SSL tunneling a little bit. There is a really cool new point to point VPN tool coming out soon from this site: The XP client is really kick ass.
The Mac client is still pre release, but looks encouraging. They have yet to finish the GUI for it. Once we have the GUI, it will be a really nice alternative. Its beyond my ability to explain here, but I encourage everyone to check it out! First off, thanks a ton for this article. I had a problem initially seeing the whole LAN when connecting through a wireless router from home straight through the cable modem was no problem.
No amount of IP forwarding helped server, router, etc. Hope that helps anyone experiencing that. The shared secret is only necessary when you are connecting using L2TP. That should explain why changing the subnet solved the routing issue. Brian Hall April 9, Reply.
Great article. I did have to open ports , , and all UDP. Both networks have different IP address ranges. The problem is that will only work on a Cisco. I only have one other idea. Have you checked to make sure your firewall is disabled on the Mac server? Brian Hall April 10, Reply.
Something must be missing somewhere. I have tried everything but to no avail — is there some other step to kick PPTP into gear? I have never attempted it. I think you can do what you need with a Linksys RV on either end. You can also do it with a full blown Cisco router, but that is well beyond my scope. From the sound of what you are trying to do, I would suggest you contact a consultant for help. It will be the simplest solution and it will get you up and running quickly. I can provide you the contact info for someone that I recommend, if you like. He can do amazing things with these routers and he has never found a VPN issue he could not solve.
First connection usually takes not more then a minute. After connection you should now see the VPN connection successfully established. After the initial setup, whenever you want to use BoxPN security, click on Network icon bottom right of windows 7 desktop. Choose BoxPN Germany and select connect. Be sure that username and password is correct in the pop up connection screen. If so, just click to Connect and wait few seconds. All your traffic will be secure via BoxPN again.
Support How to setup Contact Us. We accept: