One of the most important and most requested service for our clients has been secure remote access to their office or server. With more and more contractors and employees working remotely VPN has become a staple service of OS X Server. The alternative to VPN is far quicker and easier solution of opening up access into your office network by poking holes in your firewall or router. The quicker and easier path comes at the price of security not something worth compromising. Unfortunately many small business owners take their chances because they never had reason for concern before, or they feel that larger companies are the focus not the small ones. They couldn’t be more wrong as hackers simply exploit weakness, and they have more recently focused more to attacking small businesses because it’s easier. In fact PC World and Entrepreneur Magazines both have articles out explaining the shift in focus. Before diving into VPN setup let’s first review what should be done.
In order to help protect you and your business online Start On Technology recommends the follow:
- Ensure you are using a hardware firewall to protect your network on your router. For those unsure, looking for an extra layer, or interested in this tutorial should install Ice Floor a software firewall for free on their Mac. Please remember this tool is from a donation funded project, so please do as we have and donate to ensure it will stay available for everyone.
- Use two factor authentication when possible. An example is for users of Google Apps downloading the Google Authenticator app on their device and enabling two factor authentication to their Google Account. This can prevent unauthorized access by requiring a secondary code or pin to gain access just like the PIN on your debit card.
- Don’t use the same password for everything and consider using a password generator and storage solution to make this easier to manage. Changing passwords often places the odds back in your favor at the very least.
- Be aware of odd emails alerting you to login to your account. Make sure the address bar makes sense to the company contacting you. It’s very easy for anyone to replicate a site and capture your username and password by using misdirection.
- Be aware what information is being put in the cloud or on your devices and the level of security provided. Features such as passcodes, remote wipe, and encryption can help reduce the risk of theft.
- Contact us for a full network evaluation and explanation of your current setup.
Using Haynet’s IceFloor v2.0.1 software helps us manage the software firewalls on a server that helps prevents unauthorized access and allows VPN on OS X Server to work in many different environments by using NAT. In this example we will setup the server in a colocation environment or data center hosted with our friends at macminicolo.net a typical situation where you would want to manage remote access and setup a VPN.
- Create a VLAN in the Network pane of System Preferences ( > System Preferences > Network) by clicking on the gear next to the plus and minus symbols and selecting “Manage Virtual Interfaces…” then + add a New VLAN. Give it a name, ID, and make sure the interface is Ethernet.
- Go to your newly created VLAN and select manual IPv4 Configuration then assign an IP address, subnet, and Router (same as IP address). See graphic below and make sure to click Apply to save.
- Launch IceFloor 2.0.1 and navigate to the NAT section. Select to share your Internet connection from your WAN port (i.e. Ethernet en0) to computers using the VLAN (vlan0). Also check the Redirect DNS box as shown below.
- Now you can set up your VPN service. Be sure to set up your client addresses to match your new VLAN. In this example we would set the VPN to start at 192.168.2.2 and add as many addresses as we need. Then move to DNS settings and make sure your machine’s IP is one of the DNS servers. Be sure to set your host name and type then you are all set to switch the service on.
Now you should be able to set up clients to use your VPN service to your colocated or office Mac Mini. Of course you will need adjust your firewall to allow the VPN traffic into the network from the outside. Otherwise have smooth secure surfing my friend and give us a ring or shoot us an email if you need our services in setting up this IceFloor configuration for OS X Server VPN.