home| ivpn| issh| support| contact

 

iVPN Support

1. How It Works
2. Settings Files
3. General Help
4. Starting the server
5. Stopping the server
6. Starting the server at boot time
7. Uninstalling iVPN
8. Server Settings
9. VPN Type
10. User Accounts
11. Shared Secret
12. IP Address Range
13. Primary and Secondary DNS Servers
14. Port Forwarding
15. PPTP Client Settings
16. Configuring the PPTP VPN client on Leopard
17. Configuring the PPTP VPN client on Tiger
18. Configuring the PPTP VPN client on iPhone
19. Configuring the PPTP VPN client on Windows XP
20. L2TP IPSec Client Settings
21. Configuring the L2TP IPSec VPN client on Leopard
22. Configuring the L2TP IPSec VPN client on Tiger
23. Configuring the L2TP IPSec VPN client on iPhone
24. Configuring the L2TP IPSec VPN client on Windows XP
25. Troubleshooting
26. I can't connect
27. I can't access the remote network's resources
28. I can't register iVPN

 

How It Works

 

iVPN uses the built-in VPN capabilities of Mac OS X. The VPN server Mac OS X uses is called vpnd, an open source UNIX application that is very stable. This same application is used in Apple's very own Mac OS X Server. Obviously, Apple have not included the software needed to configure the VPN server in Mac OS X Client because it would give people one less reason to buy Mac OS X Server.

 

Settings Files

 

After you click 'ON', iVPN takes all the settings you entered and puts them into the appropriate files. These files are the only change that iVPN makes to your system.

• All the configuration goes into a file called 'com.apple.RemoteAccessServers.plist'. This file tells how the VPN server should operate. This file is found at /Library/Preferences/SystemConfiguration.
• Your Usernames and Passwords get put into a file called 'chap-secrets', which is accessed every time someone tries to connect to the server. This file is found at /private/etc/ppp.
• If you chose to start the server at boot time, iVPN will place a folder called iVPN in the folder /Library/StartupItems. The files contained within this folder are accessed when you start your computer.
• If you use L2TP IPSec and store the shared secret in the Keychain, iVPN will create a keychain item in the System keychain that is accessed by a UNIX app called 'racoon' that handles IPSec authentication.

General Help

 

Starting the server

1. Click on 'Edit Accounts' and add at least one user account; the clients connecting to the server will use these. Click 'Done'.
2. Enter an IP address range (e.g. From: 192.168.1.100, To: 192.168.1.200). This will determine what IP address is given to your clients.
3. Choose at least one VPN type, PPTP or L2TP IPSec. If you choose L2TP, enter a shared secret and choose whether or not to store it in the keychain (to store it in the keychain, iVPN must be located in the Applications folder on your hard drive).
4. Leave the other settings as default unless you know of any specific reason for you to change them.
5. Click 'ON'

Stopping the server

1. Open iVPN and click 'OFF' - you will be asked for an administrator password.
2. You can also stop the server manually by killing the 'vpnd' process from Activity Monitor or the Terminal.

Starting the server at boot time

 

If you would like the server to automatically start when turning on your computer, check this option. You will be asked for a password and then it is done.

 

Note: You have to have started the server at least once before using this option.

 

Uninstalling iVPN

 

Delete the following files/folders:-

• /Applications/iVPN.app
• /Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
• /private/etc/ppp/
• A keychain item called 'com.apple.net.racoon' in the System keychain

Server Settings

 

VPN Type

 

Choose at least one VPN type, PPTP or L2TP to determine which type of VPN server to run. L2TP is typically more secure so it is advised to use this. But, PPTP is more stable when run from iVPN. You may find it useful to run both.

 

User Accounts

 

These are the usernames and password that your clients will use to connect to your VPN server. They do not have to correspond with your computer's user accounts; these are completely separate. You can import and export user accounts (keep in mind, they are stored in plain text).

 

Shared Secret

 

You have to enter this if you chose to use L2TP IPSec. This secret is just a password that is used to encrypt your connections. Make sure you use something complex but memorable. E.g. Smith1+john2@ivpn.maC. The shared secret can be stored in the keychain (to do this, iVPN must be located in the Applications folder on your hard drive).

 

IP Address Range

 

This section allows you to designate a range of IP address for all of your clients. This can be any valid IP range ( e.g. 192.168.1.100 to 192.168.1.200 ). In this case, when the first client connects, they would get the first available IP address, which would be 192.168.1.100. When the next client connects they would get 192.168.1.101, etc.

 

Primary and Secondary DNS Servers

 

Unless you have specific DNS servers you would like to assign to your clients, leave these at their defaults (208.67.222.222, 208.67.220.220).

 

Port Forwarding

 

To allow clients to connect to your VPN server certain ports need to be open to the Internet. If you have any sort of firewall such as a router, or other software firewall including Mac OS X's built in firewall you will need to specifically tell the firewall to accept incoming connections on these ports. If you are using Leopard, you do not need to open these ports on Mac OS X's built in firewall as these are opened automatically.

 

For PPTP connections, TCP port 1723 needs to be opened.

 

For L2TP connections, TCP port 1701 and UDP ports 4500 and 500 need to be opened.

 

So, on your router, tell it to forward the relevant ports to the IP address of your computer running iVPN. Also, some routers have an option to allow a VPN pass-through. If your router has this functionality, make sure you enable the relevant pass-through.

 

In some cases, you will have to enable the appropriate VPN pass-through on the client-side's router also, otherwise negotiation will fail or hang on the client.

 

For specific help on forwarding ports on your router, refer to your routers instruction manual.

 

PPTP Client Settings

 

Configuring the PPTP VPN Client on Leopard

1. Open 'System Preferences'
2. Click on 'Network'
3. Click the '+' button
4. Choose 'VPN' as the interface
5. Choose 'PPTP' as the VPN type and name the service whatever you like
6. Click 'Create'
7. Enter the 'Server Address' of your computer running iVPN
8. Enter the username you entered in iVPN in the 'Account Name' field
9. Choose 'Maximum (128 bit only)' for the Encryption
10. Click on 'Authentication Settings…'
11. Make sure 'Password' is chosen and enter the password you entered in iVPN then click 'OK'
12. Choose whatever options you want in 'Advanced…'
13. Click 'Apply'
14. Click 'Connect'

Configuring the PPTP VPN Client on Tiger

1. Open 'Internet Connect'
2. Click on the 'VPN' tab
3. Choose 'PPTP' and click 'Continue'
4. Choose 'Edit Configurations…' from the 'Configuration' drop down box
5. Name the connection in the 'Description' field
6. Enter the 'Server Address' of your computer running iVPN
7. Enter the username you entered in iVPN in the 'Account Name' field
8. Make sure 'Password' is chosen for 'User Authentication' and enter the password you entered in iVPN
9. Choose 'Maximum (128 bit only)' for the Encryption
10. Click 'OK'
11. Click 'Connect'

Configuring the PPTP VPN Client on iPhone

1. From the home screen, tap on 'Settings', scroll down to 'General' then tap on 'Network'.
2. Tap on 'VPN'
3. Tap on 'Add VPN Configuration...'
4. Choose 'PPTP'
5. Enter a description for the VPN connection in the 'Description' field
6. Enter the address of your computer running iVPN in the 'Server' field
7. Enter the username you entered in iVPN in the 'Account' field
8. Make sure 'RSA SecurID' is turned 'OFF'
9. Enter the password you entered in iVPN in the 'Password' field
10. Choose 'Maximum' for the 'Encryption Level'
11. Turn 'Send all traffic' ON
12. Tap 'Save'
13. Make sure the new configuration has a tick by it
14. Use the ON/OFF slider to control the VPN connection

Configuring the PPTP VPN Client on Windows XP

1. Click on 'Start' then 'Control Panel'
2. Double click on 'Network Connections'
3. Click on 'Create a new connection'
4. Click 'Next'
5. Choose 'Connect to the network at my workplace' then click 'Next'
6. Choose 'Virtual Private Network connection' then click 'Next'
7. Choose a name for the connection and click 'Next'
8. Enter the address of your computer running iVPN then click 'Next'
9. Choose 'Anyone's use' then click 'Next'
10. Click 'Finish'
11. Right click on the connection you just made and choose 'Properties'
12. In the 'Networking' tab, choose 'PPTP' from the 'Type of VPN' drop down box
13. Click 'OK'
14. Double click on the connection you made
15. Enter the username you entered in iVPN in the 'User name' field
16. Enter the password you entered in iVPN in the 'Password' field
17. Choose to save this user name and password
18. Click 'Connect'

L2TP Client Settings

 

Configuring the L2TP VPN Client on Leopard

1. Open 'System Preferences'
2. Click on 'Network'
3. Click the '+' button
4. Choose 'VPN' as the interface
5. Choose 'L2TP over IPSec' as the VPN type and name the service whatever you like
6. Click 'Create'
7. Enter the 'Server Address' of your computer running iVPN
8. Enter the username you entered in iVPN in the 'Account Name' field
9. Click on 'Authentication Settings…'
10. Make sure 'Password' is chosen for User Authentication and enter the password you entered in iVPN
11. Make sure 'Shared secret' is chosen for Machine Authentication and enter the shared secret you entered in iVPN then click 'OK'
12. Choose whatever options you want in 'Advanced…'
13. Click 'Apply'
14. Click 'Connect'

Configuring the L2TP VPN Client on Tiger

1. Open 'Internet Connect'
2. Click on the 'VPN' tab
3. Choose 'L2TP IPSec' and click 'Continue'
4. Choose 'Edit Configurations…' from the 'Configuration' drop down box
5. Name the connection in the 'Description' field
6. Enter the 'Server Address' of your computer running iVPN
7. Enter the username you entered in iVPN in the 'Account Name' field
8. Make sure 'Password' is chosen for 'User Authentication' and enter the password you entered in iVPN
9. Make sure 'Shared secret' is chosen for Machine Authentication and enter the shared secret you entered in iVPN
10. Click 'OK'
11. Click 'Connect'

Configuring the L2TP VPN Client on iPhone

1. From the home screen, tap on 'Settings', scroll down to 'General' then tap on 'Network'.
2. Tap on 'VPN'
3. Tap on 'Add VPN Configuration...'
4. Choose 'L2TP'
5. Enter a description for the VPN connection in the 'Description' field
6. Enter the address of your computer running iVPN in the 'Server' field
7. Enter the username you entered in iVPN in the 'Account' field
8. Make sure 'RSA SecurID' is turned 'OFF'
9. Enter the password you entered in iVPN in the 'Password' field
10. Enter the shared secret you entered in iVPN in the 'Secret' field
11. Turn 'Send All Traffic' ON
12. Tap 'Save'
13. Make sure the new configuration has a tick by it
14. Use the ON/OFF slider to control the VPN connection

Configuring the L2TP VPN Client on Windows XP

1. Click on 'Start' then 'Control Panel'
2. Double click on 'Network Connections'
3. Click on 'Create a new connection'
4. Click 'Next'
5. Choose 'Connect to the network at my workplace' then click 'Next'
6. Choose 'Virtual Private Network connection' then click 'Next'
7. Choose a name for the connection and click 'Next'
8. Enter the address of your computer running iVPN then click 'Next'
9. Choose 'Anyone's use' then click 'Next'
10. Click 'Finish'
11. Right click on the connection you just made and choose 'Properties'
12. In the 'Networking' tab, choose 'L2TP IPSec' from the 'Type of VPN' drop down box
13. In the 'Security' tab, click on 'IPSec Settings…', make sure the 'Use pre-shared key for authentication' is checked and enter the shared secret you entered in iVPN then click 'OK'.
14. Click 'OK'
15. Double click on the connection you made
16. Enter the username you entered in iVPN in the 'User name' field
17. Enter the password you entered in iVPN in the 'Password' field
18. Choose to save this user name and password
19. Click 'Connect'

Troubleshooting

 

I can't connect

 

If you cannot connect to the server running iVPN from your client make sure you have done the following:

• Forwarded TCP port 1723 for PPTP, or UDP port 4500 and 500 for L2TP IPSec, through any firewalls you may have, this includes Mac OS X's built-in software firewall and any NATs or routers you may have. Please read your router's manual on how to forward ports. Also, some routers have a VPN pass-through feature; if you have this, make sure you enable PPTP or L2TP and IPSec pass-through on both the client-side router and server-side router. To check that ports are open, search Google for an open port checker.
• Check that 'Activity Monitor' lists the process 'vpnd' (and 'racoon' if L2TP IPSec was chosen) To be able to see these processes, the 'Show' menu must be set to 'All Processes'. If not they are not listed, email me with your situation.
• Check that you do not have any other software or hardware that could interfere with the VPN server. Little Snitch is a common cause for any network related problems.
• Make sure you have entered the settings correctly in your client.

I can't access the remote network's resources

 

If you can't connect to any network resources from the connected client such as computers, servers, printers, NAS or the Internet, check the following:

• Make sure that the VPN connection on the client is at the top of the network services list. To do this, open System Preferences and go to Network. Then, click on the settings button below the list on the left and choose 'Set Service Order...'. Drag the VPN service to the top of the list and click OK and then Apply.
• Check that Internet Sharing is not turned on; this can interfere with the NAT provided to VPN clients.
• Make sure you have entered the IP settings correctly in iVPN.
• Make sure you do not have the same IP address range on the server's network as the client's network.

I can't register iVPN

 

If you are having trouble registering iVPN, please contact me immediately. There are some cases in which invalid serials are being generated. Also, if PayPal's record of your name includes a middle name or any non-standard characters (e.g. Japanese characters or accents), your serial may be invalid. If this is affecting you, I will issue you with a new serial.

Copyright © MacServe 2008. All rights reserved.