tinyapps.org / docs / Enable VPN server in OS X for remote access via iPhone, Windows, and OS X clients

This guide outlines how to enable the built-in VPN service (vpnd) in client versions of OS X, as Apple has neglected to mention (let alone explain) the possibility under non-server editions of OS X. Standard disclaimer applies, as always: You are 100% responsible for your own actions. Using this guide, visiting a link, downloading a program, in short, living, is done entirely at your own risk (and joy).

I. Diagram of Example Network

The domain name and IP addresses above are for example purposes only and will likely differ on your networks.

II. Enabling vpnd on the iMac

1. Download iVPN-2.4b.zip and iVPN-Help-2.4b.pdf (the source code is also available: iVPN-2.4b-src.zip).
2. Copy iVPN.app to your Applications folder
3. Launch iVPN.app
4. Click "No" when asked about downloading the new version
5. Click the PPTP button to disable PPTP
6. Click the L2TP button to enable L2TP
7. Enter a username, password, and shared secret. Do not lose these.
8. Optionally select "Store in Keychain"
9. For the IP Address Range, choose a range of IP addresses in your LAN that you will reserve for VPN clients. In this example, we'll use 192.168.50.200 - 192.168.50.204.
10. Our router in this example is 192.168.50.1, the subnet mask is 255.255.255.0, our primary DNS server is 192.168.50.1, and we'll use one of the OpenDNS servers for our secondary: 208.67.222.222
11. Click "On" to enable the VPN server and enter your OS X user password when prompted.
12. We can now check "Start server at boot time" if desired (this option uses the deprecated but functional /Library/StartupItems)
13. Quit iVPN. You should never need to open it again, as its only purpose is to configure/enable vpnd.

III. Port forwarding

1. You may need to enable VPN passthrough on your router and/or forward the following UDP ports to the VPN server: 500, 1701, 4500. For help with port forwarding, see PortForward.com.

III. Connecting to VPN from iPhone, Windows, or OS X

1. The aforementioned PDF has detailed instructions for connecting to your VPN from iPhone, Windows, and Mac OS X. Make sure to follow the L2TP instructions.
2. You'll need to know the public IP address or domain name of the modem/router. If you don't have a static IP address, you may want to setup a dynamic DNS account.

IV. Notes

• For those who prefer to setup vpnd manually (as opposed to using iVPN):
  • Configure a secure L2TP VPN
  • Setting up VPN server
  • How to setup a VPN server
• See also: PPTP/L2TP VPN Server on Mac OS X Leopard Client, which addresses a possible connection problem with Windows XP SP2 or higher.
• There are loads of fun things you can do once connected to your VPN, but here's one: if you enable Screen Sharing on your VPN server (System Preferences > Sharing), access it from a connected Mac (and optionally any VNC client) via Cmd+K > vnc://server_ip_or_name.
• After 2.4b, iVPN became shareware. Its new homepage can be found here. I decided to avoid the shareware version after reading comments here and here.
• The new and vastly superior EasyVPN offers similar functionality to iVPN, but includes Lion support, launchd (as opposed to StartupItem) startup, and a price tag of only $4.99 (versus £14.99 for the current version of iVPN).
• The VPN server log can be found at: /var/log/ppp/vpnd.log . Here are a few example lines:
  #Start-Date: 2009-04-28 20:57:29 HST
  #Fields: date time s-comment
  2009-04-28 20:57:29 HST Loading plugin /System/Library/Extensions/L2TP.ppp
  2009-04-28 20:57:30 HST Server 'com.apple.ppp.l2tp' moved to background
  2009-04-28 20:57:30 HST Listening for connections...
  2009-04-28 21:41:03 HST Incoming call... Address given to client = 192.168.50.200
  Tue Apr 28 21:41:03 2009 : L2TP incoming call in progress from '192.0.2.11'...
  ...
  Tue Apr 28 21:42:19 2009 : Connection terminated.
  Tue Apr 28 21:42:19 2009 : Connect time 1.3 minutes.
  Tue Apr 28 21:42:19 2009 : Sent 73588 bytes, received 15502 bytes.
  Tue Apr 28 21:42:19 2009 : L2TP disconnecting...
  Tue Apr 28 21:42:19 2009 : L2TP disconnected
  2009-04-28 21:42:19 HST --> Client with address = 192.168.50.200 has hungup
  2009-04-28 21:43:10 HST terminating on signal 15
  #End-Date: 2009-04-28 21:43:10 HST
  

created: 2009.05.03, updated: 2011.09.01