Simon, I run VPN service successfully on MacOS Server. What error or errors are you having that are causing you difficulty?
Later... Tim Kilburn Fort McMurray, AB Canada On Oct 22, 2017, at 18:26, Simon Fogarty <si...@blinky-net.com> wrote: Thanks for this, might help me sort out the problems I’m having with my vpn setup on my mac server From: macvisionaries@googlegroups.com <mailto:macvisionaries@googlegroups.com> [mailto:macvisionaries@googlegroups.com <mailto:macvisionaries@googlegroups.com>] On Behalf Of Angus MacKinnon Sent: Sunday, 22 October 2017 12:45 PM To: 'Janina Sajka' via MacVisionaries <macvisionaries@googlegroups.com <mailto:macvisionaries@googlegroups.com>> Subject: Re: accessible vpn How to setup your own VPN with macOS Server Monday, May 29, 2017 at 8:00 am EDT <image001.jpg> Want a VPN but don't want to trust a third-party service? Roll your own with macOS Server! If you've decided you need a virtual private network (VPN) <safari-reader://why-do-i-need-vpn> but you don't want to pay for a third-party VPN service <safari-reader://what-look-when-choosing-vpn-provider>, then macOS Server can be a great alternative. It's built on the macOS you already know and love and lets you quickly and easily get your very own VPN up and running. Set up macOS Server If you haven't already done so, download and install macOS Server <safari-reader://how-download-and-install-macos-server-mac-mini> and optionally enable remote administration <safari-reader://how-administer-all-your-macs-single-device-using-macos-server> for easier setup. Find your router's internet facing IP Address Before we begin with the actual setup of the VPN service, you'll need to know your internet "co-ordinates" — your router's IP address. It's quite easy to determine your current IP address simply by Googling: "What is my IP Address". Most home users have what's called a dynamic IP address <http://whatismyipaddress.com/dynamic-static>, though. That means that your router's IP address may change every so often. <image002.jpg> <https://go.nordvpn.net/aff_c?offer_id=15&aff_id=940&file_id=164> Advertisement If you use a dynamic IP address to setup your VPN service, there is no guarantee that you'll have that IP address will still be yours in the future, and the remote connection will fail. To work around this, there are a number of dynamic domain name services <https://en.wikipedia.org/wiki/Dynamic_DNS> you can purchase. That way, you'll get an alias known as a "host name" that won't change, even if your IP address does. Many ISP's also offer what's known as static IP address. These are typically used for business accounts but, depending on your ISP, can be available for an addition fee. Once you have your static IP address or have a host name for your dynamic IP address, you can go on and configure your VPN service in macOS Server. Configure the macOS Server VPN service Launch the Server app from your applications. Log into your macOS Server. Select VPN under the Services listings. <image003.jpg> <https://www.imore.com/sites/imore.com/files/styles/xlarge/public/field/image/2017/05/macos-server-vpn-1.jpeg?itok=V6TMFLXC> Under VPN Host Name, enter either your static IP address or dynamic host name depending the method you used when finding out your IP address above. Click Edit Permissions and select the users you want to be able to connect to your VPN. <image004.jpg> <https://www.imore.com/sites/imore.com/files/styles/xlarge/public/field/image/2017/05/macos-server-vpn-2.jpeg?itok=Ke-kKfZL> Create a new Shared Secret. The more complicated and random the better. Optionally click Client Addresses if you want to change the number of VPN clients that can simultaneously connect to your VPN server. Optionally click DNS Settings if you want to change the default DNS server your VPN clients will use when connected to your VPN server. Optionally click Routes if you need special networking routes you need to configure. Optionally click Save Profile if you wish to create a configuration file so that clients can simply load your server's connection information for easier client setup. Select your macOS Server computer name. Select the Access tab. <image005.jpg> <https://www.imore.com/sites/imore.com/files/styles/xlarge/public/field/image/2017/05/macos-server-vpn-3.jpeg?itok=j2Hbe1nc> Click the Add button (looks like +) and select VPN. Select Allow Connections From only some users. Enter the users you wish to have VPN access. Click OK. Select VPN under the Services listings. Toggle the ON/OFF switch to On. <image006.jpg> <https://www.imore.com/sites/imore.com/files/styles/xlarge/public/field/image/2017/05/macos-server-vpn-4.jpeg?itok=sFZP54ME> If you're on a Apple-centric network with an Airport Base Station, you'll be prompted to automatically setup your Airport Base Station to allow for connections to your macOS Server VPN service. If you don't have an Apple Airport Base Station, you'll have to manually setup your router to allow for VPN traffic to travel through your router to your macOS Server. Here's how! Allow VPN traffic through your router to macOS Server Depending on who manufactured your router, you'll have to consult the documentation from the manufacturer to be able to allow VPN traffic to your internally networked macOS Server running the VPN service. The ports you need to have forwarded to your macOS Server are UDP 500, UDP 1701 and UDP 4500. Here is what it would like like on an Airport Base Station if you were to manually set up port forwarding of VPN traffic. Launch Airport Utility. Select your router and click Edit. <image007.jpg> <https://www.imore.com/sites/imore.com/files/styles/xlarge/public/field/image/2017/05/macos-server-vpn-5.jpeg?itok=aC6QtpVL> Select the Network tab at the top. Under Port Settings click the +. Type VPN in the Description. In Public UDP Ports type in 500, 1701, 4500. In Private IP Address enter the internal IP address of your macOS Server running the VPN service. In Private UDP Ports type in 500, 1701, 4500. <image008.jpg> <https://www.imore.com/sites/imore.com/files/styles/xlarge/public/field/image/2017/05/macos-server-vpn-6.jpeg?itok=WhSULmmL> Click Save. Click Update and allow your Airport Base Station to restart. <image002.jpg> <https://go.nordvpn.net/aff_c?offer_id=15&aff_id=940&file_id=164> Advertisement Connect using your various clients All you have left to do is connect with your various client devices! The VPN service on macOS Server is using L2TP over IPSec as it's authentication module so simply select that version of VPN when you setup your clients. Enter your user name and password as well as your shared key you created above. How to configure and connect to a VPN on iPhone and iPad <safari-reader://how-configure-vpn-access-your-iphone-or-ipad> Have you set up a macOS Server VPN? The benefits of VPN access go beyond just having a secure connection to your home or office network. It allows for having encrypted traffic so that your private usage remains exactly that. Private. It offers a layer of protection from hackers trying to get access to your passwords. It deters ISPs from collecting your browsing habits. Have you set up a macOS Server VPN? Are you planning to? Leave a comment or question below! -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: macvisionaries+modera...@googlegroups.com <mailto:macvisionaries+modera...@googlegroups.com> and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com <mailto:caraqu...@caraquinn.com> The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ <http://www.mail-archive.com/macvisionaries@googlegroups.com/> --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com <mailto:macvisionaries+unsubscr...@googlegroups.com>. To post to this group, send email to macvisionaries@googlegroups.com <mailto:macvisionaries@googlegroups.com>. Visit this group at https://groups.google.com/group/macvisionaries <https://groups.google.com/group/macvisionaries>. For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: macvisionaries+modera...@googlegroups.com <mailto:macvisionaries+modera...@googlegroups.com> and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com <mailto:caraqu...@caraquinn.com> The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ <http://www.mail-archive.com/macvisionaries@googlegroups.com/> --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com <mailto:macvisionaries+unsubscr...@googlegroups.com>. To post to this group, send email to macvisionaries@googlegroups.com <mailto:macvisionaries@googlegroups.com>. Visit this group at https://groups.google.com/group/macvisionaries <https://groups.google.com/group/macvisionaries>. For more options, visit https://groups.google.com/d/optout <https://groups.google.com/d/optout>. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
