Networking

Troubleshooting tips for VPN issues in Mac Lion Server

Wil Limoges explains the most common reasons that your VPN may not be working on your Mac Lion Server. Here is his network troubleshooting tip.

Recently a good friend of mine gave me a call and asked if I could stop by his shop and help him set up a VPN using Lion Server. He had been trying to set one up for days to no avail. I realized right then what his issue was over the phone, and I also realized that this would be a great opportunity to share some networking concepts required to get VPN up and running in a small business environment. I want to point out I will not be providing a guide to setting up the service on Lion Server since, really, it is as simple as enabling a couple of services, and Apple provides plenty of great documentation to achieve this task. Instead this will be more of an overview of what to expect and how to plan for it.

First, lets take into account the type of network that you're working with and consider when Lion Server is a good choice. I won't argue that Lion Server is appropriate for an enterprise-class network. Where Lion Server shines is in a small organization with fewer than 50 computers, preferably Macs. For small businesses or a home office, Lion Server is a very inexpensive alternative to the array of servers, routers, and switches that an enterprise might require, and since it's a breeze to configure, it's also a huge time saver.

Let's consider a general network setup of a home or small business where we would deploy Lion Server. In most cases you will have a network that consists of a modem, router/firewall/Wi-Fi, and in most cases a switch, plus the computers on the network. Adding a VPN to this type of network changes the dynamic significantly. In this configuration, your router/firewall/Wi-Fi is handling the distribution of IP addresses to the computers on your network (DHCP). In order for a VPN to work in a standard environment such as this, it will need to take over the responsibility of distributing IP addresses.

So connect to the network, flip the switch for DHCP and VPN on Lion Server, and we are good to go, right? Not quite, as you have to do a little planning.

First, only one device on your network can be allowed to distribute IP addresses. If the router and Lion Server are both passing out IP addresses, you will run into all sorts of nasty network issues. In order to correct this issue using the above small network example, you need to do a few things.

  1. Start by assigning Lion Server a static IP address (See Erik Eckel's post on "How to configure static IPs in Lion"). This is necessary so that you have IP address to forward your ports to.
  2. You will need to configure your router to forward all ports related to VPN to the static IP address that you assigned to Lion Server; you will also have to disable DHCP on the router. Depending on the type of router you are using, disabling DHCP and forwarding ports will vary. See your router's manual to configure these settings or check the router's corresponding support site. If your using Apple's AirPort/TimeCapsule you can now manage the router using Lion Server's Server App. To see how click here.
  3. Now, assuming you have your Lion Server plugged into your router or a switch, open the new Lion Server App located within the Applications folder and enable the services that you’re going to run including VPN and DHCP. To enable the DHCP server and additional information about the DHCP service click here and for greater detail on setting up VPN click here.

So what’s the best method for deploying a VPN? Well, again I don’t want to get into detail about configuration and setup as it can be an overwhelming topic. Instead what I want you to walk away with here is an understanding as to what services VPN is reliant on and what issues may prevent VPN services from working correctly which could be; (1) your Lion Server hasn’t taken on the role of DHCP server, (2) you're not forwarding the associated ports for VPN through your router, or (3) Directory Services are not running on or bound to your server.

For more information see Apple's online documentation found here.

Additional Resources

About

Wil Limoges is a Louisville, KY freelance web designer and Digital Savant at the vimarc group. He has had the pleasure of working for Apple as a Genius, loves science, and aspires to make great things!

2 comments
Boushe
Boushe

First off, this article is far from being pointless. If you actually read the article and used logic instead of verbally bashing the author, it does give configuration advice, as far as what to do with configuring Lion Server to be the DHCP server and what to look for if you find yourself troubleshooting issues where Lion Server is not working in some fashion. This is a great article that I am sure many will benefit from. If you are an IT professional, it is just a matter of taking in what the article does contain and just using logic in the process of configuring Lion Server to suite your needs.

swmace
swmace

So, there's no configuration advice, no sample configs, nothing, essentially, but some bad code throughout the page and the assumption that if your Lion VPN isn't working it's probably either due to the server not handling DHCP or the port forwarding not being setup correctly but no actual troubleshooting tips to determine that?

Editor's Picks