I guess I'm not clear on how this would work. Doesn't the VPN server have to run on your firewall? So when I try to connect from the public internet to something inside my private network I first have to make a VPN connection and then I have access to private network assets. So if I have a VPN server running on a machine inside the firewall, how do I get to it to bring up the VPN connection? Seems like a chicken and egg kind of problem. I suspect most folks use the VPN built into their little firewall/NAT/router box. To use a desktop you would need two network connections, one to the public network and one to the private network and then the router/firewall/VPN would control which traffic can cross over the demarcation point. I guess it's possible to run the VPN on a machine on the internal network and then have the firewall portmap the VPN ports to the internal host. Is that typical?
CB Frank Ventura wrote: > Another thing of interest to note is that if you have a Windows XP, 2003, > 2008, etc machine on the home or office network you need to VPN into you can > use that as the VPN host. The ability to do this is built right into Windows. > The beauty of this is that the VPN client built into OSX on the Mac works > flawlessly with that and is of course totally accessible. So if you need, for > example, to VPN into the network at your home from a remote location and you > have a Windows machine at home you can set that up to accept the incoming VPN > connection and then use the Macs VPN client to connect to it. No additional > software to install/purchase. > Frank > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Esther > Sent: Thursday, October 01, 2009 5:52 AM > To: [email protected] > Subject: Re: VPN revisited > > > Hi, > > It's worth commenting as an addition to Dónal's very nice summary of > VPN clients that there was a specific requirement for software to work > with "Open VPN", which is one popular version of VPN software that > works cross-platform and which was the chosen VPN software version for > his organization. > > On this issue of inaccessible status menu icons, I'm moved to wonder, > what does Dropbox do? For background, Dropbox is a popular file > sharing tool that works cross-platform. You register at Dropbox.com > when you download the software and you're initially given 2GB of space > (more if you upgrade to a paid membership). Files that you move into > your Dropbox folder on one machine can be accessed from your Dropbox > on another machine (which could be a Windows or linux machine), or > through a web interface to your account. You can also email people > links to files in your Dropbox and update/sync versions of the file > across your Dropboxes. > > Anyway, there's a very odd interface on the Mac, because the status > bar icon that you need to access to open your Dropbox folder also > can't be navigated to with VO-M twice, or Control-F8 or combinations > of these with arrow keys under VoiceOver. What I found does work is > to bring up your window chooser menu (VO-F2 twice) under Finder. > Then, if you have Dropbox installed, you see a window called > "untitled". If you select that from the window chooser menu and route > your mouse cursor (VO-Command-F5) to that "window" and click (VO-Shift- > Space or any "hardware clicks" by pressing a mouse button, trackpad, > or the "5" on a numeric keypad with NumPad Commander activated) you > get the Dropbox menu to come up as though you had been able to > navigate to the status bar icon and open the menu. > > I haven't seen this documented in other forums or lists, except for my > own comments on another list and some months later on this list. > Whatever Dropbox is doing, I suspect they're not using NSStatusItem or > the Extra menu item that Apple uses -- at least not in any > conventional way. > > It is also possible to work with preference file setups through GUI- > based plist editors, though I think it is more straightforward to just > use the terminal command line if you know what parameters you want to > change. > > Cheers, > > Esther > > Donal Fitzpatrick wrote: > > >> Hi Christina, >> >> VPN stands for "virtual Private Network". Basically, it allows me to >> connect into my work network from home. I can see the network disks, >> send mail, and access all the resources I need to access as though I'm >> in the office. >> >> hth >> >> Donal >> On 29 Sep 2009, at 23:25, Christina wrote: >> >> >>> This may sound dumb but for my information, could you please let me >>> know what a VPN is. >>> >>> Thanks, >>> Christina >>> On Sep 29, 2009, at 2:34 PM, Donal Fitzpatrick wrote: >>> >>> >>>> Hi all, >>>> >>>> Ok I've been playing around with two VPN clients since I raised this >>>> topic about a month ago. The two clients I've looked at are >>>> Tunnelblick and Viscosity. In case anyone needs to use a VPN, my >>>> thoughts on both are given below. >>>> >>>> 1. Viscosity. I chose this one first because, as Esther said at >>>> the >>>> time this topic was discussed, it supports applescript. The >>>> installation for this application follows standard OSX conventions, >>>> and creates no problems with VO whatsoever. >>>> >>>> The application is not very accessible in the typical sense of the >>>> word. It uses a status menu (NSStatusItem which it locates in the >>>> vicinity of time machine, and the other Extra menu items Apple use. >>>> Problems with such status menus are well documented here and on >>>> other >>>> lists so I won't delve into that again. However, suffice it to say >>>> that because the status menu is inaccessible, it precludes getting >>>> to >>>> the menu items, preferences dialog and other aspects of the >>>> software. >>>> I did ask a sighted colleague to open the preferences dialog for me, >>>> and it was navigable, but not easily so. >>>> >>>> I mentioned earlier that Viscosity does support applescript. One >>>> can >>>> easily create scripts to connect to, and disconnect from the VPN. >>>> This feature makes the application usable. Finally, I'd like to >>>> acknowledge the developer of this application. During an email >>>> exchange, he acknowledged that the app could do with some work, and >>>> also succinctly explained the issues with the NSStatusItem. He has >>>> told me that he and other developers have been on to Apple regarding >>>> this issue, and await their response. >>>> >>>> 2. Tunnelblick. This application is very similar to Viscosity >>>> described above. However, it is an opensource project, and as such >>>> the source code is available. Once again, the installation process >>>> is >>>> no problem. However, the same issues regarding NSStatusItems >>>> emerge; >>>> that is, it creates one which cannot be reached using VO. A little >>>> digging on the TunnelBlick wiki produced documentation on the >>>> preferences, which can be found in a ".plist" file located in "~/ >>>> library/preferences". Editing this file in the normal way, (using >>>> some educated guesswork) I could actually configure the application >>>> to >>>> both start wen I logged on, and also to automatically connect to the >>>> VPN thereby negating the need to go near the inaccessible status >>>> menu. >>>> >>>> Finally on this application, while it does not, to the best of my >>>> knowledge support applescript, it does come with a command-line >>>> interface called openvpnstart. One has to drill down into the >>>> application package (using terminal) to run this app. Also, root >>>> privileges seem to be required to run it. However, this can be >>>> scripted using the usual shell-scripts and this approach also works >>>> quite well. >>>> >>>> So in summary, the two clients I've looked at are inaccessible in >>>> one >>>> sense, but are in fact usable with a little tweaking and >>>> experimentation. >>>> >>>> I hope this helps people, and might just save some time for others >>>> in >>>> the future. >>>> >>>> Cheers, >>>> >>>> Donal >>>> >>>> >>> >>> > > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.409 / Virus Database: 270.13.115/2404 - Release Date: 09/30/09 > 18:56:00 > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en -~----------~----~----~----~------~----~------~--~---
