# VPN Problem - The Server Did Not Respond



## alixir (Feb 27, 2006)

New to OSX Server (Tiger), not new to OSX but have previous Windows Server 2003 experience and just finding my way in OSX Server with tutorials on the web. Wanted to get remote access working first so that I can jump in from anywhere to toy around with the G4.

I have configured DNS for the server so that when I ping by name, the correct IP comes back so I guess that I have this bit configured properly:

DNS SETTINGS
Zone name: foo.co.uk
Server Name : spongebob

Server IP address 192.168.1.2 (static - In network prefs I have manual setting: IP Address: 192.168.1.2, Subnet Mask: 255.255.255.0, Router: 192.168.1.1, DSN Servers ???.???.???.??? (ISP DNS), Search Domains: foo.co.uk (Tiger server's fully qualified DNS Name))

Name Servers: spongebob.foo.co.uk

NAT SETTINGS:
NAT switched on

DHCP SETTINGS:
DHCP switched off (since VPN has own subnet range?)

VPN SETTINGS:
VPN switched on

L2TP: Enabled, Starting IP Address: 192.168.1.20, Ending IP Address: 192.168.1.30, PPP Authentication: MS-CHAPv2, IPSec Authentication: Shared secred (yeah I did put one in!), Certificate: No Certificate.

PPTP: Enabled, no 40-bit encryption keys, Starting IP address: 192.168.1.40, Ending IP address: 192.168.1.49

Client Information Settings: DNS Servers: 192.168.1.2, Search Domains: foo.co.uk
Network Routing Definition: Network Address: 192.168.1.0, Network Mask: 255.255.255.0, Network Type: Private (to not channel everything through the VPN)

I've got a D-Link Router where I have forwarded PPTP (1723) and L2TP (1701) to 192.168.1.2 on the respective ports.

I then created a test user (VPNUser) and even added them to the dialup group (this would be dialin access with Windows - not too sure about this bit) and created a VPN from the server (I don't know whether it's possible to establish a VPN from inside the network but this does work on Windows sometimes......btw I also tried from a friend's OSX Mac from outside and still did not work!). I also tried PPTP config too.....still does not work.

Now..2 questions arise!

Am I going nuts because all the settings are correct and the router is shagged?

or......have I missed out on something vital?????

Oh yeah....did the update to 10.4.3 which killed my internet connection but recreating the manual settings seemed to fix it?!??!! Got lucky with that one....

You help would be mostly appreciated......I'm the only one in a Windows support team championing the Mac flag!

~Groovy~


----------



## BGprinting (Feb 27, 2006)

along with 1723 you need to add GRE


----------



## BGprinting (Feb 27, 2006)

along with 1723 you need to add GRE


----------



## BGprinting (Feb 27, 2006)

You must have a hugh organization for wanting to be allow so many vpn connection. You do realize that any person within your company that tells a friend a username and password now will have access to your network. I do currently have a PPTP tunnel open in my cisco router pretty much for personal admin use. I realize its encry both directions which is cool but people just cant keep a secret. not sure about L2TP but I know PPTP does require GRE to be open Its required for certain types of udp or tcp traffic.


----------



## BGprinting (Feb 27, 2006)

I hate it when I cant stop. OK I have taken another look at your posts. Each router has their specific instruction but they all are pretty much talking about the same thing. Just a brief list of things to check.
1. Answer ATMP/PPTP Connections need to be on
2. PPTP Authentication should be MS-CHAP
3. Encapsulation Type PPTP
4. Data Encryption shuold be MPPE
5. Initiate Connections No
6. PPTP is not protected by NAT. So If your router uses network profiles your PPTP profile should be off.7. PPTP Partner IP Address 0.0.0.0 as usually this is unknown
7a.Remote IP Address I only have a single tunnel active so I use 1 unique ip address not used by any other machines on my network.
8. This can seem strange but some router want the Remote IP Mask of 255.255.255.255 I guess its not that strange the request is coming from the WAN side.
9. RIP Trasnmit and Receive both off
Id like to help further but I gotta go. good luck


----------

