Return of the
February 1st 2012. The day PPTP graced the Server.app GUI for the first time.
Almost as if by magic, on the 1st of February Apple released the 10.7.3 combo update for both Server and Client. Included in both are a number of updates but I want to concentrate on Lion Server and the VPN updates.
However, one unclear, yet necessary step is to enable your Lion Server as an Open Directory Server “Lion Server: Configuring and enabling PPTP”. As a general rule of thumb, I do not like to enable and use a directory service unless required as you can’t get a more stable user database then standalone local accounts!
So just a word of advice: Make sure you back up, and do so regularly!
To test out the updated VPN server I created ten test users. Five were created in the Open Directory (via Workgroup Manager) and were called ‘PPTP1’ through to ‘PPTP5’. The remaining five were created in the local directory (again, using Workgroup Manager) and were called ‘L2TP1’ though to ‘L2TP5’. These were then allocated out to the Amsys best and brightest to test.
Overall, both L2TP and PPTP seem to be back to their more robust Snow Leopard incarnation. Both protocols accept connections and created the required tunnels without failures. Additionally, these tunnels seem to be very stable. Well, as stable as you can get running tunnels over the Internet.
However a strange…’feature’… was found. The L2TP users, created in the local directory, would fail with an authentication error. Upon further investigation by the Amsys team, the PPTP users worked fine on both protocols, not just PPTP. It would seem that to run a PPTP and L2TP VPN service; all users must be Open Directory users. Not a deal breaker, but certainly good to know.
It seems Apple Server VPN is back and working as well as ever (despite a change in requirements). We have now taken the steps of reintroducing Lion Server as a viable SOHO VPN solution with our clients.
And now, over to you guys! Have you tired Lion Server 10.7.3? Any successes? Any problems?
Would you like a more step-by-step guide on how we set it up?
As always, let us know in the comments.