Site to Site VPN with Mac OS X Server (10.3)


I am running an Xserve with Mac OS X Server 10.3, and have set it up as a VPN server. However, I understand that I really want a "site-to-site" VPN setup, and not just a "client-to-server" VPN setup, which 10.3 does not do. I should say that I have read that 10.3 has all the capability of site-to-site VPN, but it's hidden in the command line underground. No GUI like 10.4 is supposed to have.

I really need to get a site-to-site VPN up and running... how can I do this? If I elect to keep using 10.3 and save myself $999, I need instructions designed for a dummy (me) to get through the command line.

I also need a hardware device that acts as the client VPN router... It appears as if Sonicwall has some solutions, but I'd like something that will work with my Xserve for sure...


Just a quibble: unless you're using this for a large number of people to connect to as a file server, it's only $499, not $999.

As for the VPN, I'm actually not sure. I can give you a little warning, though: don't try deciding on what VPN hardware to get based on the specs. If one device says it supports PPTP, and another device says it supports PPTP, there is NO GUARANTEE that either device will ever be able to work with the other. Especially the earlier Sonicwall firewalls, which I have thrown days of my life into that I will never see again.

If it were me, honestly, I would probably pick up two Cisco Pix firewalls, the cheapie ones, the PIX 501. You can make a VPN tunnel between them, plus they're plenty good firewalls, and you can (if you so desire) VPN into either end from outside as well. (Or you can turn that off. These are highly configurable from the java-based works-with-Safari tools, and almost infinitely configurable if you can figure out the command line interface. Which I haven't bothered with. These are 'cheapie' ONLY in price, space, and power consumption... they are plenty good for a business of 50 people, or a satellite office of a larger business, unless everyone needs to be able to connect from outside via separate VPN connections at the same time.)

Yes, it's nice to do everything from your Mac, and that's what I do from home. (I have a developer subscription, so I have a Mac OS X Server license to play with.) But at work, a good firewall on each end is a wise investment.

Incidentally, if you want to skimp and only get one device for one end of the VPN tunnel, and either muddle through with the CLI stuff or upgrade to Tiger, I can say that I've had good luck with getting the pix to work with the Mac's built-in VPN software (though I haven't tried it with Tiger yet), whereas I have had nothing but trouble with our two-year-old SonicWalls. Though they certainly could have improved things in the last two years.


AWESOME. Thanks so much for that reply. I feel like I've been asking and asking for the same thing, and your reply goes a long way towards pointing towards what I should do. I very much appreciate small details like the "java-based works-with-Safari" info too. :)

I'll be looking into it...