This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
BR200 not "currently" working with existing OSX Server VPN
Hello America, I hope you are all well.
After 9 years of using an Apple Airport Extreme as a router in addition to 3 other Extremes being used as access points, we decided to upgrade our router to a BR200 in increase network speeds and hope it allowed us to use Apple legacy access points....which it has. We are not IT experts, but a small graphic design group. We installed only the basics of the BR200 and we got up quickly and internal LAN speeds in our small network really increased. Now we turn to VPN...legacy VPN. We have always used OSX Server for VPN connections, and the server is still listening for connections based on logs. But after installing the BR200, we just cannot connect. We do not want or need OpenVPN as it seems just to complicated, and we want to use this easy-to-use legacy OSX server. But even though we opened ports 500, 1701, and 4500 on the BR200...the ports do not seem to open based on public port scans and we cannot connect to the running OSX Server VPN. On the other hand, an internal port scan of the server running OSX Server...does not show the ports open either. I would appreciate any ideas on how to proceed or troubleshoot. Thanks.
Re: BR200 not "currently" working with existing OSX Server VPN
Hello,
The port forwarding rules appear to be correc as the traffic would hit the IP ending in .225.
IPSEC is it's own VPN however the BR200 only does site to site IPSEC and you cannot use it as a client to site solution. What resources are being accessed on the Mac server that is needing to be accessed remotely? Do you know if you are able to access the resouces locally?
Re: BR200 not "currently" working with existing OSX Server VPN
Hello,
Is the Apple Airport Extreme still functioning as a router?
IE: Devices still connecting to the Airport, and the Airport routes the traffic out to the BR200? or is the Airport only functioning as a VPN to the devices that are behind the VPN?
Do you have a screenshot of the firewall rules and how it is setup that you can send me?
Re: BR200 not "currently" working with existing OSX Server VPN
Thanks for the reply,
The BR200 router replaced our trusty Apple Extreme. We turned the old Extreme into an wireless access point set to bridge mode, so it was retired as a router. But the old Extreme as a router was set to pass through VPN's 3 port's with IPsec enabled on it, as a one-click button option, and VPN always worked.
We set up the BR200 for DHCP with many DHCP reservations and it fired right up, and offered the correct IP addresses to all of our devices. We then created port forwarding for AFP 548 and VNC 5900, which instantly worked over the internet. Then we turned our attention to VPN using OSX Server which was already on.
I attached our Port Forwarding rules. In the case of ports 500, 1701, and 4500 needed for VPN. The BR200 presented errors when "editing" the VPN rule with all 3 ports separated by comma's, like I always used to do. So I separated the rules for simplicity and if anything to name them properly. VPN on OSX Server logs shows it is in listening mode. Public and private port scans shows these ports not open.
Wondering if IPsec is the issue, not that I understand what that is? Or is this a DNS issue which we do not quite understand either, but we have a Netgear DNS account if we need it.
Thanks again for any troubleshooting ideas, really appreciate it....
Re: BR200 not "currently" working with existing OSX Server VPN
Thank you for the reply.
The BR200 replaced our trusty Extreme. The old Extreme was retired as a router and was converted to a wireless access point set to bridge mode. We fired up the BR200 quickly with DHCP. Then we added port forwards for AFP 548 and VNC 5900, and that worked instantly.
We then turned our attention to connecting to our OSX Server which was always running during our upgrade with VPN on.
We set port forwarding for 500, 1701 and 4500 with comma's, but whenever we tried to edit the rule, we got errors. So we separated them into three rules to get around that. This is exactly how it was setup on the old Extreme router, except the Extreme required a single IPsec checkbox to be selected.
Not that I know what IPsec is, but could that be an issue? Same with DNS, we have a Netgear DNS account if needed.
Re: BR200 not "currently" working with existing OSX Server VPN
Hello,
The port forwarding rules appear to be correc as the traffic would hit the IP ending in .225.
IPSEC is it's own VPN however the BR200 only does site to site IPSEC and you cannot use it as a client to site solution. What resources are being accessed on the Mac server that is needing to be accessed remotely? Do you know if you are able to access the resouces locally?
Re: BR200 not "currently" working with existing OSX Server VPN
Your point about the BR200 not being a site-to-client solution explains why we cannot connect to our OSX Server VPN.
Yes, we can access all volumes from our server locally as well as screen share...and we can do that remotely as well. We knew that AFP will die someday, and since Comcast blocks SMB ports, we know simple remote file sharing will not work for us someday.
So VPN was a nice to have for when that day occurred. I will consider the questioned answered. Thank you kindly and breathe well.
