Ahh. I've used but never set up a VPN and was thinking about doing so. Didn't know that portmapping to the VPN was the typical setup. There is a VPN server (vpnd) built into OSX so I'll probably just use that. Found a little tutorial on setting it up here:
http://tinyapps.org/docs/os_x_vpn_server.html CB Frank Ventura wrote: > > No, not at all, actually most people run the VPN server behnd the > server. All you need to do is forward the appropriate prt (usually > 1723) to whatever machine on your LAN that is running the VPN server > and that is it. What type of VPN server you choose depends upon your > needs. If you only need one person at a time to VPN into your network > you can run the VPN server on an older Windows XP box. So for example > if the internal NAT IP address of your Windows VPN server is > 192.168.1.5 then you would configure your firewall to forward all > traffic on port 1723 to ip address 192.168.1.5. Then you would > configure your remote computer to VPN into your nework using the > external IP assigned by the ISP. You really want to use a VPN server > running on a computer in the LAN rather then the VPN server in the > firewall snce it is much easier to restrict access based on individual > users and grant more granual control of resources. > > Frank > > > > *From:* macvisionaries@googlegroups.com > [mailto:macvisionar...@googlegroups.com] *On Behalf Of *Chris Blouch > *Sent:* Friday, October 02, 2009 10:29 AM > *To:* macvisionaries@googlegroups.com > *Subject:* Re: VPN revisited > > > > I guess I'm not clear on how this would work. Doesn't the VPN server > have to run on your firewall? So when I try to connect from the public > internet to something inside my private network I first have to make a > VPN connection and then I have access to private network assets. So if > I have a VPN server running on a machine inside the firewall, how do I > get to it to bring up the VPN connection? Seems like a chicken and egg > kind of problem. I suspect most folks use the VPN built into their > little firewall/NAT/router box. To use a desktop you would need two > network connections, one to the public network and one to the private > network and then the router/firewall/VPN would control which traffic > can cross over the demarcation point. I guess it's possible to run the > VPN on a machine on the internal network and then have the firewall > portmap the VPN ports to the internal host. Is that typical? > > CB > > Frank Ventura wrote: > > Another thing of interest to note is that if you have a Windows XP, 2003, > 2008, etc machine on the home or office network you need to VPN into you can > use that as the VPN host. The ability to do this is built right into Windows. > The beauty of this is that the VPN client built into OSX on the Mac works > flawlessly with that and is of course totally accessible. So if you need, for > example, to VPN into the network at your home from a remote location and you > have a Windows machine at home you can set that up to accept the incoming VPN > connection and then use the Macs VPN client to connect to it. No additional > software to install/purchase. > Frank > > -----Original Message----- > From: macvisionaries@googlegroups.com > <mailto:macvisionaries@googlegroups.com> > [mailto:macvisionar...@googlegroups.com] On Behalf Of Esther > Sent: Thursday, October 01, 2009 5:52 AM > To: macvisionaries@googlegroups.com <mailto:macvisionaries@googlegroups.com> > Subject: Re: VPN revisited > > > Hi, > > It's worth commenting as an addition to Dónal's very nice summary of > VPN clients that there was a specific requirement for software to work > with "Open VPN", which is one popular version of VPN software that > works cross-platform and which was the chosen VPN software version for > his organization. > > On this issue of inaccessible status menu icons, I'm moved to wonder, > what does Dropbox do? For background, Dropbox is a popular file > sharing tool that works cross-platform. You register at Dropbox.com > when you download the software and you're initially given 2GB of space > (more if you upgrade to a paid membership). Files that you move into > your Dropbox folder on one machine can be accessed from your Dropbox > on another machine (which could be a Windows or linux machine), or > through a web interface to your account. You can also email people > links to files in your Dropbox and update/sync versions of the file > across your Dropboxes. > > Anyway, there's a very odd interface on the Mac, because the status > bar icon that you need to access to open your Dropbox folder also > can't be navigated to with VO-M twice, or Control-F8 or combinations > of these with arrow keys under VoiceOver. What I found does work is > to bring up your window chooser menu (VO-F2 twice) under Finder. > Then, if you have Dropbox installed, you see a window called > "untitled". If you select that from the window chooser menu and route > your mouse cursor (VO-Command-F5) to that "window" and click (VO-Shift- > Space or any "hardware clicks" by pressing a mouse button, trackpad, > or the "5" on a numeric keypad with NumPad Commander activated) you > get the Dropbox menu to come up as though you had been able to > navigate to the status bar icon and open the menu. > > I haven't seen this documented in other forums or lists, except for my > own comments on another list and some months later on this list. > Whatever Dropbox is doing, I suspect they're not using NSStatusItem or > the Extra menu item that Apple uses -- at least not in any > conventional way. > > It is also possible to work with preference file setups through GUI- > based plist editors, though I think it is more straightforward to just > use the terminal command line if you know what parameters you want to > change. > > Cheers, > > Esther > > Donal Fitzpatrick wrote: > > > > Hi Christina, > > > > VPN stands for "virtual Private Network". Basically, it allows me to > > connect into my work network from home. I can see the network disks, > > send mail, and access all the resources I need to access as though I'm > > in the office. > > > > hth > > > > Donal > > On 29 Sep 2009, at 23:25, Christina wrote: > > > > > > This may sound dumb but for my information, could you please let me > > know what a VPN is. > > > > Thanks, > > Christina > > On Sep 29, 2009, at 2:34 PM, Donal Fitzpatrick wrote: > > > > > > Hi all, > > > > Ok I've been playing around with two VPN clients since I raised > this > > topic about a month ago. The two clients I've looked at are > > Tunnelblick and Viscosity. In case anyone needs to use a VPN, my > > thoughts on both are given below. > > > > 1. Viscosity. I chose this one first because, as Esther said at > > > the > > time this topic was discussed, it supports applescript. The > > installation for this application follows standard OSX > conventions, > > and creates no problems with VO whatsoever. > > > > The application is not very accessible in the typical sense of the > > word. It uses a status menu (NSStatusItem which it locates in the > > vicinity of time machine, and the other Extra menu items Apple > use. > > Problems with such status menus are well documented here and on > > other > > lists so I won't delve into that again. However, suffice it to > say > > that because the status menu is inaccessible, it precludes > getting > > to > > the menu items, preferences dialog and other aspects of the > > software. > > I did ask a sighted colleague to open the preferences dialog for > me, > > and it was navigable, but not easily so. > > > > I mentioned earlier that Viscosity does support applescript. One > > > can > > easily create scripts to connect to, and disconnect from the VPN. > > This feature makes the application usable. Finally, I'd like to > > acknowledge the developer of this application. During an email > > exchange, he acknowledged that the app could do with some work, > and > > also succinctly explained the issues with the NSStatusItem. He > has > > told me that he and other developers have been on to Apple > regarding > > this issue, and await their response. > > > > 2. Tunnelblick. This application is very similar to Viscosity > > described above. However, it is an opensource project, and as > such > > the source code is available. Once again, the installation > process > > is > > no problem. However, the same issues regarding NSStatusItems > > emerge; > > that is, it creates one which cannot be reached using VO. A > little > > digging on the TunnelBlick wiki produced documentation on the > > preferences, which can be found in a ".plist" file located in "~/ > > library/preferences". Editing this file in the normal way, (using > > some educated guesswork) I could actually configure the > application > > to > > both start wen I logged on, and also to automatically connect to > the > > VPN thereby negating the need to go near the inaccessible status > > menu. > > > > Finally on this application, while it does not, to the best of my > > knowledge support applescript, it does come with a command-line > > interface called openvpnstart. One has to drill down into the > > application package (using terminal) to run this app. Also, root > > privileges seem to be required to run it. However, this can be > > scripted using the usual shell-scripts and this approach also > works > > quite well. > > > > So in summary, the two clients I've looked at are inaccessible in > > > one > > sense, but are in fact usable with a little tweaking and > > experimentation. > > > > I hope this helps people, and might just save some time for > others > > in > > the future. > > > > Cheers, > > > > Donal > > > > > > > > > > > > > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com <http://www.avg.com> > Version: 8.5.409 / Virus Database: 270.13.115/2404 - Release Date: 09/30/09 > 18:56:00 > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To post to this group, send email to macvisionaries@googlegroups.com To unsubscribe from this group, send email to macvisionaries+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/macvisionaries?hl=en -~----------~----~----~----~------~----~------~--~---
