Tag Archives: OS X Server
OS X Server includes a VPN service. It is very easy to setup VPN, but if you Google fu, you might find different methods, which can be confusing. This post will show you one method, that clears the confusion and should have you up and running in quick time.
In this example, we are going to use a Mac Mini with OS X Server 5.0.x that has already been setup as a .local server. We will be configuring the server using the L2TP/IPSec tunnelling protocol. This isn’t as secure as OpenVPN, but IPSec encryption/decryption occurs at the kernel level with added advantage of multi-threading over OpenVPN. So, it’s a secure enough starting point.
Note: OS X Server 5.0.x supports OS X Yosemite v10.10.5 or OS X El Capitan v10.11.1.
Follow my instructions below, and you will be up and running in about 15 minutes.
Change .local server to .private to use VPN (if you haven’t already):
- Launch Server.app > Edit host name
- Click > Next then Check option > Local Network and VPN > Next
- Edit Host Name: example.private (edit the ‘example’ server name)
- Click > Finish
OS X Server for Mavericks, Yosemite, Mountain Lion and Lion has an adaptive firewall built in that controls incoming access based on client attempts to abuse the OS X Server. The adaptive firewall in Yosemite can be controlled in OS X Server in the Access pane.This allows you to create default access rules and custom rules for specific services.
For the less technical savvy, I’d suggest enabling the adaptive firewall to generate a rule for when a user or IP address generates 10 consecutive failed login attempts. You will need > Terminal and run all the following commands on the Terminal server as an admin:
Cut and paste this code if you use OS X Server on Mavericks or Yosemite:
sudo pfctl -f /etc/pf.conf
You will see an error reporting ‘No ALTQ support in the kernel’ and it being disabled appears; please ignore it. Now cut and paste the following:
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serverctl enable service=com.apple.afctl sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -c sudo /Applications/Server.app/Contents/ServerRoot/usr/libexec/afctl -f
You will see the same error as above reporting ‘No ALTQ support in the kernel’ and it being disabled appears; please ignore it again.
As above and if you use OS X Server on Mountain Lion or Lion (also note the errors):