Lion Server and VPN

As some of you know, I blogged last week about my experiences with Lion Server  concentrated on a particular gripe with Lion’s VPN service.

Over the last week I’ve had the chance to play with 3 different solutions to my problem (hint: one isn’t alcohol!).

VPN

iVPN

The first solution I have found, and the most reliable in use, is a program called iVPN. It markets itself as the “GUI that Apple left out”. It’s main use is to tie into the UNIX core that provides the VPN service and is present in all versions on Mac OS X, to provide the VPN server service on any Mac, client or server.

Cost: £15.00 (GBP)

Pros: It enables the PPTP and L2TP service in a nice clean GUI interface.

Cons: The license fee is £15! Also through testing, we have found it will only work with the first user account created within the Application.

Thoughts: Due to the price and one user only issue, I would not recommend this. Additionally, despite a claim of a 60-day refund if you are not happy, Mac Serve does not respond to emails (at time of writing)!

 

Easy VPN

The second solution I came across is a program called Easy VPN. This markets itself as easy to use and the ‘same as OSX server’ and I have had great success but for a much worse reliability.

To make this application work, I found I had to use Server.app to turn the VPN service off, make the changes in Easy VPN, then use Server.app to turn the service on (rather than the built in on/off button). Once setup, I could successfully have 5 or 6 Macs connected without any issues. However, a few days later, it just stopped working and no amount of pleading could get it to work.

Cost: AUS $5 (around £3.35 GBP)

Pros: It enables the PPTP and L2TP service in a nice clean GUI interface, with multiple users.

Cons: Despite working fine at the start, it seems to have failed unexplainably.

Thoughts: Due to the lack of stability, I would not recommend this.

 

Admin Tool VPN

This product is unique in that it is available through Apple’s Mac App Store  and for a low price. However, installed onto a fresh Lion server, this just plain refused to work. None of the settings stuck and the on/off switch did not work.

Cost: £1.49 GBP

Pros: Super Cheap, available on the Mac App Store.

Cons: Doesn’t actually seem to work

Thoughts: Avoid

 

Conclusion

It seems I have hit a stalemate at the moment. I’m not a fan of Apple’s implementation of VPN in Lion Server, nor its lack of stability. But the alternatives are few and far between. To make matters worse, they all use the built in command line VPN solution. At the moment, the only real solution appears to be either lump-it, or shell out for a dedicated network appliance.

I will be looking into other solutions, but most likely down the security appliance route.

Well that’s enough from me, what about your stories? Please share your own views on Lion Server, VPN, and experiences, below.

Links

Apple Lion Server

Apple Lion Server download

Mac Serve’s iVPN

Squashed’s Easy VPN

Admin Tool VPN

Looking for Server Support? Why not check out our Server Support Service.

5 Replies to "Lion Server and VPN"

  • agentx

    I too have found a few issues with Lion VPN.
    However my sort of fix which i think works is to make sure the order of port forwarding rules on gateway is set up like so…..

    IKE (500 UDP), L2TP (1701 UDP) , IPSec (4500 UDP)

    Now some routers have options to pass VPN. I ignore this setting and make sure i have port forwarding to server IP instead. Not sure if this will help anyone but it improved things from 50/50 to 80/20 so not perfect.

  • Update: As the Lion 10.7.3 update mentions VPN so much I’m currently testing the built-in tools again, and will have an update in the next week or two.

  • Mario

    I had the experience, that after a restart the VPN service doesn’t come up properly. It requires a manual restart over the Mac Server Admin interface. Apart from that it works good.

  • Bosco

    Hi,

    I have the same issue as Mario. I have VPN service configured under Lion Server 10.7.5 on a Mac mini. Whenever after reboot, VPN service doesn’t come up automatically, which I expect it should have behaved as a background service. I’ll have to login to the admin account (which I setup the VPN service in Server.app) then VPN service will be up automatically. This create inconvenience to me because I configure to reboot Mac mini every week. If I forgot to login before I go on the road, then I’ll lose VPN capability. I have a workaround to configure Auto-Login to the admin account, but this is not really desirable. Not sure you or anyone have a way to make the VPN come up after reboot automatically?

    Thanks,
    Bosco

  • Hi Bosco,

    Is there any reason you schedule weekly server reboots? Generally speaking you shouldn’t need to reboot a server unless there is a specific issue (such as an update requiring it, or a specific issue which a reboot is part of troubleshooting).

    Regardless, it would be possible to configure a Script launched by a top level Launch Daemon at boot.

    I haven’t tested it, but the idea would be something like:

    delay 2 minutes (to allow the services to settle)
    stop VPN service (using the serveradmin command)
    start VPN service
    Check if start was successful and take appropriate action.

    I hope that helps. Otherwise Mountain Lion Server tends to be a better all round server product. If you go down the root of a Software Upgrade, please take the appropriate (tested) backups, planning and precautions.

    Darren

Leave a Reply

Your email address will not be published. Required fields are marked *