Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security Update 2005-008 and VPN

The tech article you need to refer to is #106439. "Well Known" TCP and UDP Ports Used By Apple Software Products.

What you will find is that you need UDP port 500 as well as UDP port 1701 for L2TP/IPSec

Also in the notes at the bottom of the page, you will see the following.

   9.  For Mac OS X Server 10.3 VPN service: PPTP uses the IP-GRE protocol (IP protocol 47). L2TP/IPsec uses the IP-ESP protocol (IP protocol 50, ESP). 

HTH,

Phil



On Sep 25, 2005, at 10:38 AM, William Cerniuk wrote:

We are going to try and use the IPSec VPN.  Our firewall policies are deny all, permit by exception.

Anyone have an accurate list of what needs to be open and most importantly in what direction in order for the IPSec VPN to have optimal operations?  Understand IPSec requires port 500 TCP as well as protocol 50 and 51. Just starting to research this.

The issue described below can make it hard to get accurate results in testing. Documentation is good but first hand experience is better.  Thanks in advance.
 
Best
Wm

"Those who do not remember the past are condemned to repeat it."

On 25 Sep 2005, at 12:42 AM, Philip Ershler wrote:

Last night, I connected to one of my Xserves running 10.4.2 via a L2TP VPN and Remote Desktop.  This server happens to be the one that provides the VPN service. I ran Software Update which of course required a reboot. After the server came back up, I can no longer connect via the VPN. I can still ssh to the machine because of an exception for this server in a firewall that I have no direct control over. The folks who control this firewall always contact me before making any changes to the firewall that will effect my subnet in any way.

Today, I made a "face to face" visit with the server. The VPN still seems to be enabled. The firewall on the server was not running before the upgrade nor after. But when I try to connect to VPN, the client machine just times out trying to connect to the server. The system log shows no evidence that any VPN connection has even been attempted. Is anybody aware of anything in this update that could have clobbered the VPN? I have read over the docs for the update and it talks about some security issues that were addressed, but nothing seems to relate to the VPN (that I can recognize, at least).

Thanks, Phil

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Security Update 2005-008 and VPN (From: Philip Ershler <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.