A client I have been working on recently asked me to setup a Vpn for them to work remotely and still maintain security. Now I knew the definition of Vpn connections but had never needed to implement one. What I did know was that there are two main configurations: Microsofts PPTP and IpSec but that was about as far as it went 😛 . So I did some reading and it turns out that the fastest and most used is PPTP for remote connections. However, IpSec seems to be the obvious choice for bridging locations such as office_1 to office_2. The security features of PPTP are not that strong, due to the high level of abstraction before the encryption takes place. IpSec is a much lower and “raw” layer which has much stronger security features, but suffers on speed because of this.
In this case I will be only using remote connections, so PPTP “seems” the way to go?? Anyway, it seemed a sinch to setup the user connections on the “Billion 7404 Vgp(M)” having only to select username, pass and some default configuration settings like: Encryption type; session mode and timeout. At this stage I was thinking how easy 😉 . To my suprise it was not this easy!
In this case I was not connecting to the vpn using Win pc’s but Mac’s instead. Mac’s have a built in Vpn client that supports PPTP and IpSec connections under “Internet Connections”. This made it a lot easier since I did not have to install a client. So I opened the vpn client and tried to connect to the network and found that it would not connect?? This is due to a bug in the mac vpn client which does not support “statefull” connections (radar.apple.com Bug ID# 4581573).
So with this new info i went back to the configuration settings for the vpn and made sure the settings were :
- Encryption Enabled
- Force 128bit
- Force Stateless
When I tried the connection again all was good and I was connected. However, there still remains some strange behavior. Once connected I cannot access the internet using the Vpn and I also cannot connect to the servers using names, but only IP’s. This is not a show stopper but it is a little annoying as the clients will only be able to do work without accessing the internet. To me this looks like a simple dns problem but I have no idea how to correct it. I have submitted a post to the billion forum and hope they will resolve the problem for me, but I will keep playing in the meantime to see what is going on.
I am also wondering if this is the same problem that I am having with my linux box? I can make the connection to the vpn network and ping/connect to the server, but I have no access to anything else on the network. I cannot ping any machines and connect to the smb shares. So basically I can do nothing when connected unless i use a mac. I have not had a chance to try a pc but will see if i can have a go next week to see what happens?
So my current status is: I got the vpn setup relativly easy and can connect using my mac but not my linux box; when connected I can access the shares using the mac but cannot access the internet and the linux box cannot do anything. So, hopefully billion lends a hand and tells me what I need to do to get this working sweet?