No, not at all, actually most people run the VPN server behnd the server. All you need to do is forward the appropriate prt (usually 1723) to whatever machine on your LAN that is running the VPN server and that is it. What type of VPN server you choose depends upon your needs. If you only need one person at a time to VPN into your network you can run the VPN server on an older Windows XP box. So for example if the internal NAT IP address of your Windows VPN server is 192.168.1.5 then you would configure your firewall to forward all traffic on port 1723 to ip address 192.168.1.5. Then you would configure your remote computer to VPN into your nework using the external IP assigned by the ISP. You really want to use a VPN server running on a computer in the LAN rather then the VPN server in the firewall snce it is much easier to restrict access based on individual users and grant more granual control of resources.
Frank From: macvisionaries@googlegroups.com [mailto:macvisionar...@googlegroups.com] On Behalf Of Chris Blouch Sent: Friday, October 02, 2009 10:29 AM To: macvisionaries@googlegroups.com Subject: Re: VPN revisited I guess I'm not clear on how this would work. Doesn't the VPN server have to run on your firewall? So when I try to connect from the public internet to something inside my private network I first have to make a VPN connection and then I have access to private network assets. So if I have a VPN server running on a machine inside the firewall, how do I get to it to bring up the VPN connection? Seems like a chicken and egg kind of problem. I suspect most folks use the VPN built into their little firewall/NAT/router box. To use a desktop you would need two network connections, one to the public network and one to the private network and then the router/firewall/VPN would control which traffic can cross over the demarcation point. I guess it's possible to run the VPN on a machine on the internal network and then have the firewall portmap the VPN ports to the internal host. Is that typical? CB Frank Ventura wrote: Another thing of interest to note is that if you have a Windows XP, 2003, 2008, etc machine on the home or office network you need to VPN into you can use that as the VPN host. The ability to do this is built right into Windows. The beauty of this is that the VPN client built into OSX on the Mac works flawlessly with that and is of course totally accessible. So if you need, for example, to VPN into the network at your home from a remote location and you have a Windows machine at home you can set that up to accept the incoming VPN connection and then use the Macs VPN client to connect to it. No additional software to install/purchase. Frank -----Original Message----- From: macvisionaries@googlegroups.com [mailto:macvisionar...@googlegroups.com] On Behalf Of Esther Sent: Thursday, October 01, 2009 5:52 AM To: macvisionaries@googlegroups.com Subject: Re: VPN revisited Hi, It's worth commenting as an addition to Dónal's very nice summary of VPN clients that there was a specific requirement for software to work with "Open VPN", which is one popular version of VPN software that works cross-platform and which was the chosen VPN software version for his organization. On this issue of inaccessible status menu icons, I'm moved to wonder, what does Dropbox do? For background, Dropbox is a popular file sharing tool that works cross-platform. You register at Dropbox.com when you download the software and you're initially given 2GB of space (more if you upgrade to a paid membership). Files that you move into your Dropbox folder on one machine can be accessed from your Dropbox on another machine (which could be a Windows or linux machine), or through a web interface to your account. You can also email people links to files in your Dropbox and update/sync versions of the file across your Dropboxes. Anyway, there's a very odd interface on the Mac, because the status bar icon that you need to access to open your Dropbox folder also can't be navigated to with VO-M twice, or Control-F8 or combinations of these with arrow keys under VoiceOver. What I found does work is to bring up your window chooser menu (VO-F2 twice) under Finder. Then, if you have Dropbox installed, you see a window called "untitled". If you select that from the window chooser menu and route your mouse cursor (VO-Command-F5) to that "window" and click (VO-Shift- Space or any "hardware clicks" by pressing a mouse button, trackpad, or the "5" on a numeric keypad with NumPad Commander activated) you get the Dropbox menu to come up as though you had been able to navigate to the status bar icon and open the menu. I haven't seen this documented in other forums or lists, except for my own comments on another list and some months later on this list. Whatever Dropbox is doing, I suspect they're not using NSStatusItem or the Extra menu item that Apple uses -- at least not in any conventional way. It is also possible to work with preference file setups through GUI- based plist editors, though I think it is more straightforward to just use the terminal command line if you know what parameters you want to change. Cheers, Esther Donal Fitzpatrick wrote: Hi Christina, VPN stands for "virtual Private Network". Basically, it allows me to connect into my work network from home. I can see the network disks, send mail, and access all the resources I need to access as though I'm in the office. hth Donal On 29 Sep 2009, at 23:25, Christina wrote: This may sound dumb but for my information, could you please let me know what a VPN is. Thanks, Christina On Sep 29, 2009, at 2:34 PM, Donal Fitzpatrick wrote: Hi all, Ok I've been playing around with two VPN clients since I raised this topic about a month ago. The two clients I've looked at are Tunnelblick and Viscosity. In case anyone needs to use a VPN, my thoughts on both are given below. 1. Viscosity. I chose this one first because, as Esther said at the time this topic was discussed, it supports applescript. The installation for this application follows standard OSX conventions, and creates no problems with VO whatsoever. The application is not very accessible in the typical sense of the word. It uses a status menu (NSStatusItem which it locates in the vicinity of time machine, and the other Extra menu items Apple use. Problems with such status menus are well documented here and on other lists so I won't delve into that again. However, suffice it to say that because the status menu is inaccessible, it precludes getting to the menu items, preferences dialog and other aspects of the software. I did ask a sighted colleague to open the preferences dialog for me, and it was navigable, but not easily so. I mentioned earlier that Viscosity does support applescript. One can easily create scripts to connect to, and disconnect from the VPN. This feature makes the application usable. Finally, I'd like to acknowledge the developer of this application. During an email exchange, he acknowledged that the app could do with some work, and also succinctly explained the issues with the NSStatusItem. He has told me that he and other developers have been on to Apple regarding this issue, and await their response. 2. Tunnelblick. This application is very similar to Viscosity described above. However, it is an opensource project, and as such the source code is available. Once again, the installation process is no problem. However, the same issues regarding NSStatusItems emerge; that is, it creates one which cannot be reached using VO. A little digging on the TunnelBlick wiki produced documentation on the preferences, which can be found in a ".plist" file located in "~/ library/preferences". Editing this file in the normal way, (using some educated guesswork) I could actually configure the application to both start wen I logged on, and also to automatically connect to the VPN thereby negating the need to go near the inaccessible status menu. Finally on this application, while it does not, to the best of my knowledge support applescript, it does come with a command-line interface called openvpnstart. One has to drill down into the application package (using terminal) to run this app. Also, root privileges seem to be required to run it. However, this can be scripted using the usual shell-scripts and this approach also works quite well. So in summary, the two clients I've looked at are inaccessible in one sense, but are in fact usable with a little tweaking and experimentation. I hope this helps people, and might just save some time for others in the future. Cheers, Donal No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.115/2404 - Release Date: 09/30/09 18:56:00 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to macvisionaries@googlegroups.com To unsubscribe from this group, send email to macvisionaries+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en -~----------~----~----~----~------~----~------~--~---
