On Jan 11, 2011, at 3:55 PM, Levan, Jerry wrote: > Thanks for putting up with a grumpy old man... > > The good news is that I went down to a hotspot yesterday and > I was able to > > 1) ssh into my server via public key authentication. > 2) create a tunnel so I could mount volumes attached to the server > on my mac at the hot spot.
Why nit just use sshfs? (The ssh filesystem.) Saves all the above effort. > 3) create a tunnel so I could use vnc to view the server. Why not just use the vpn? Why build a ssh tunnel? > I can connect to my server [with my iPad] with ssh and sorta use the vnc > component > but it is not a pleasant experience. Well it's not exactly conducive for VNC. > I have been running a tail on secure.log and it is amazing how many > login request have been rejected. I am glad I choose the public > key authentication to protect the ssh port. You could also have just enabled SACLs > ---- > Now the news on VPN, I hope that someone can give me some guidance > here... > > As I wrote earlier I had the VPN going on my mac mini (client) for > about 3 weeks and then Jan 3 it would no longer connect from outside > of my net. > > [times passes with much anxiety] > > Today I pulled the ethernet cable out of the router ( Airport Extreme Dual > band BaseStation ) and > plugged it directly into my server ie I made a direct connection from the > cable > modem into the server. > > I noted the new IP that the server got when I rebooted with the new > configuration > and adjusted the configuration file for the vpnd and did the same for my > iPhone. > > I fired up the iPhone VPN and it ***connected*** without any problems. Which, as was suggested to you earlier, means you're NAT appliance (it's not a router, it's not routing any traffic, it's at best a gateway) isn't passing all the required IP protocols. > The progress of the connection in system.log came up with no problem...I was > watching with > a tail -f... > > This seems to point the finger at the AEBS. I have done hard resets of the > router and > rentered all of the data by hand a couple of times. > > I have tripled checked that I am forwarding the udp ports 500, 4500, 1701 > several > times. And sa I've repeatedly pointed out to you that you need more than just TCP and UDP traffic passed. There are other IP protocols that must pass thru. Seriously it's not like there's a dearth of information in the googlesphere on this. > Note I *can* connect ok if I am attached to my home net so I think the > base configuration is fine. No that doesn't prove that at all since it doesn't need to route through the ABS. > It seems like one of the three ports in the router is somehow stuck shut. :laughing: > Does anyone have any suggestions? Plenty, but you keep ignoring them. This is a simple thing you just aren't getting. -d ------------------------------------------------------------------------ Dan Shoop [email protected] GoogleVoice: 1-646-402-5293 aim: iWiring twitter: @colonelmode _______________________________________________ MacOSX-admin mailing list [email protected] http://www.omnigroup.com/mailman/listinfo/macosx-admin
