iVPN is the original VPN server for non-server Macs. It uses Apple's built-in, rock solid VPN server; the same used in Mac OS X Server.
iVPN easily creates a standards-based PPTP and L2TP VPN server on your home or office Mac. With just a few details and a couple of clicks, you'll be ready to connect securely to your Mac from anywhere in the world and from nearly any device!
iVPN uses the built-in VPN capabilities of Mac OS X. The VPN server Mac OS X uses is called vpnd, an open source UNIX application that is very stable. This same application is used in Apple's very own Mac OS X Server. Obviously, Apple have not included the software needed to configure the VPN server in Mac OS X Client because it would give people one less reason to buy Mac OS X Server.
After you click 'ON', iVPN takes all the settings you entered and puts them into the appropriate files. These files are the only change that iVPN makes to your system.
You don't need to do anything to make the VPN server start at boot time. Once you turn it on, it will stay on until you turn it off, even across reboots.
Use the "Uninstall iVPN..." menu item in the iVPN main menu. If you don't have a copy of iVPN running on your Mac, you can delete the following items manually (if they exist):-
Choose at least one VPN type, PPTP or L2TP to determine which type of VPN server to run. L2TP is typically more secure so it is advised to use this. But, PPTP is sometimes more compatible with routers, especially when using Windows clients. You may find it useful to run both.
To authenticate your VPN clients, they must connect using a username and password. In iVPN, there are two methods of authentication; using a directory server or using custom accounts. Custom accounts are the easiest to set up as they do not have to correspond with your computer's user accounts; these are completely separate. All you have to do is add at least one username and password and you're done. You can also import and export custom user accounts with the choice of encrypting them for security. Using directory authentication is slightly more complicated. First you must have a directory server already set up such as Mac OS X Server's Directory Service. Once you have confirmed this, you must join that directory server from the Mac that iVPN is running on to add your directory server to the list of available directory servers. You can then use the "Manage Directories" button in iVPN to choose which directories to use for authentication. If you're not exactly sure how to use a directory server for authentication, I would strongly advise you use custom accounts.
You have to enter this if you chose to use L2TP IPSec. This secret is just a password that is used to encrypt your connections. Make sure you use something complex but memorable. E.g. Smith1firstname.lastname@example.orgC. The shared secret can be stored in the keychain (recommended).
This section allows you to designate a range of IP address for all of your clients. This can be any valid IP range ( e.g. 192.168.1.100 to 192.168.1.200 ). In this case, when the first client connects, they would get the first available IP address, which would be 192.168.1.100. When the next client connects they would get 192.168.1.101, etc.
Unless you have specific DNS servers you would like to assign to your clients, leave these at their defaults (184.108.40.206, 220.127.116.11). If you have several DNS servers you would like to use, or you would like to provide custom search domains to your connected clients, you can do this in the Advanced DNS panel.
To allow clients to connect to your VPN server certain ports need to be open to the Internet. If you have any sort of firewall such as a router, or other software firewall including Mac OS X's built in firewall you will need to specifically tell the firewall to accept incoming connections on these ports.
For PPTP connections, TCP port 1723 needs to be opened.
For L2TP connections, UDP ports 1701, 4500 and 500 need to be opened.
So, on your router, tell it to forward the relevant ports to the IP address of your computer running iVPN. Also, some routers have an option to allow a VPN pass-through. If your router has this functionality, make sure you enable the relevant pass-through.
In some cases, you will have to enable the appropriate VPN pass-through on the client-side's router also, otherwise negotiation will fail or hang on the client.
For specific help on forwarding ports on your router, refer to your routers instruction manual.
If you cannot connect to the server running iVPN from your client make sure you have done the following:
If you can't connect to any network resources from the connected client such as computers, servers, printers, NAS or the Internet, check the following:
If you are having trouble registering iVPN, please try to use the online tool to fix your license. You must have a MacServe account for this to be available to you. There are some cases in which invalid serials are being generated. Also, if PayPal's record of your name includes a middle name or any non-standard characters (e.g. Japanese characters or accents), your serial may be invalid. If this is affecting you, the online tool should fix this for you. If you still have problems after using this tool, please contact me and I will issue you with a new serial.