Networking

Configure and connect to VPN services in Lion Server

Erik Eckel details the steps to configuring VPN connectivity and connecting via a configuration profile or by manually entering VPN settings in Mac Lion Server.

VPNs remain one of the most popular methods of connecting remote users to LAN-based resources. Using Mac OS X Lion Server, administrators can configure VPN connectivity and create a VPN configuration profile that client systems can import to connect to Lion-powered VPNS. Here's how.

Enable VPN connectivity and create a configuration profile

Administrators can enable VPN services and create a configuration profile by following these steps:

  1. Log in to the server and open the Server app.
  2. Connect to the proper server.
  3. Authenticate using administrative credentials.
  4. Choose VPN from within the Server app.
  5. Enter the Shared Secret, checking the Show shared secret box if you wish to visually confirm the VPN security phrase being entered.
  6. Specify the IP addresses that will be assigned to users who connect via the VPN. Note, the addresses entered must be outside the existing DHCP scope range to prevent IP address conflicts.
  7. Click the On/Off button to enable the VPN.
  8. Click the Save Configuration Profile button.
  9. Specify the location where the configuration profile should be saved.
  10. Confirm the VPN host address reads as required (the entry should list your server name, the domain and the domain extension, such as server1.domain.com).
  11. Click Save.

Connect to the VPN using the VPN profile

Once VPN service is enabled and the configuration profile is transferred to a client machine, administrators can load the VPN profile and connect to the VPN by following these steps:

  1. Open System Preferences.
  2. Click Network.
  3. Click the Gear icon and choose Import Configurations.
  4. Select the VPN profile configuration file and load it to the client workstation.

When the profile is loaded, the VPN connection will appear within the Network window. To connect to the VPN, follow these steps:

  1. Highlight the new VPN connection within the Network pane's left window.
  2. Confirm the Server Address, Account Name and any stored credentials, including the Shared Secret (viewable by clicking the Authentication Settings button).
  3. Click Connect.
  4. Enter the username and password required to connect to the VPN and click OK.

When a VPN connection is active, the VPN status changes to "Connected." Connection information, including the time spent connected, the assigned IP address and sent and received traffic bars, display within the VPN connection's preferences window (as well as on the menu bar if the Show VPN Status In Menu Bar checkbox is selected).

Connect to a VPN using manually entered settings

If no VPN configuration profile is available but you know the individual VPN parameters that must be entered, you may connect to a VPN using a Mac OS X Lion system by following these steps:

  1. Open System Preferences.
  2. Click Network.
  3. Click the + icon.
  4. Select VPN from the Interface drop-down menu.
  5. Specify the VPN Type (available options are L2TP over IPSec, PPTP or Cisco IPSec).
  6. Specify the Service Name you wish to provide the new VPN connection.
  7. Click Create.
  8. Highlight the new VPN connection within the Network pane's left window.
  9. Enter the server address within the Server Address window.
  10. Specify an Account Name.
  11. Click the Authentication Settings button.
  12. Specify the password within the User Authentication section, enter the VPN's Shared Secret and click OK.
  13. Check the box for Show VPN status in menu bar if you wish to have the VPN connection status display within the Mac's menu bar.
  14. Click Apply.
  15. Click the Connect button to connect to the VPN.
  16. Enter a valid username and password for connecting to the VPN network and click OK.

A note on routers

VPNs require that outside traffic be properly routed through hardware-based firewalls. Administrators must ensure that all required ports are opened and routed to the appropriate server; the process is different on each firewall. Consult firewall documentation to ensure required ports are properly opened and forwarded.

About

Erik Eckel owns and operates two technology companies. As a managing partner with Louisville Geek, he works daily as an IT consultant to assist small businesses in overcoming technology challenges and maximizing IT investments. He is also president o...

0 comments

Editor's Picks