How to Guides

Do VPNs really keep your MAC system safe?

While no security measure is foolproof, users can use a variety of ways to keep their computers, and their data, as safe as possible. One way is by using a virtual private network, or VPN, to help keep your computer safe while on the internet.

VPNs are especially useful for employees who need to access their company’s network. A VPN will allow them to securely access their company network, even from home.

While Apple systems such as Mac OS X 10.7 and Mac OS X 10.9 have security features on their own which make them less prone to attacks, such as encryption, connections are still vulnerable. A VPN adds layers of security to make systems more foolproof. This is especially valuable when accessing the internet through a public network.

Requirements

In order to set up a VPN on Mac OS X, you will need several things. These include:

  1. An Apple computer (OS X Server needs to be installed)
  2. Internet access (broadband)
  3. A static IP address assigned to OS X Server
  4. Firewall configured to allow TCP/UDP ports

It is recommended to have a static IP address so that there will be no changes in dynamic addressing.

While not required to have a host name registered with a third-party name service, it may be needed if communication with the VPN server is needed via a web address (URL). It is also optional to have DNS entries registered with a third-party service or internet service provider (ISP).

It is important to note that the Apple OS X VPN Server communicates using several ports, and VPN access may not work if they are blocked by a firewall. If any problems are encountered, it may be useful to have a list of TCP and UDP ports commonly used by Apple services, to open ports as needed.

How to setup VPN

After ensuring that you have the requirements, you can begin setting up the VPN on a Mac OS X system such as Mac OS X 10.7 or Mac OS X 10.9.

  1. First, you will need to launch Server.app on your machine, then choose the server you want to manage.
  2. Login with your administrator user name and password, then click “VPN” from the Services panel.
  3. Click on “Restart VPN” for your changes to take effect, then set “Configure VPN” to L2TP, which is more secure than PPTP.
  4. Next, you will need to set the VPN Host name to the static IP assigned to the OS X Server, or hostname. You will need to enter the hostname if the server as configured using third-party DNS entries or by domain name registration.

Afterwards, it will be necessary to create a Shared Secret passphrase composed of alphanumeric characters and symbols. This is needed for authentication by the client end-point with the VPN. Make sure to select a passphrase that is complex enough to be easily cracked, else all your security measures will have been for nothing.

Client Addresses

After creating a secure passphrase, it will be necessary to configure IP addresses assigned to VPN clients. Access “Client Addresses” by clicking on “Edit”. Ensure that the external range is different from the internal range used by the server, in order to avoid conflicts.

  1. Set the maximum number of concurrent connections to be hosted by the VPN service, then save your settings.
  2. Next, configure the name servers and search domains by editing the DNS Settings. Click OK to save.

It is optional to configure Routes.

After configuring the settings, tick “ON” to start the VPN service. If configured correctly, the status should be green. If the status turns red, review if all settings were configured correctly.

Access your computer VPN via mobile

One of the upsides to set up a VPN on Mac OS X instead of subscribing to a paid VPN service is that it is possible to remotely access your computer’s system using your iPhone or iPad.

  1. On your iPhone or iPad, go to Settings, then look for “VPN” under “General” then “Network”. Add a new configuration.
  2. Customize the settings for your connection by selecting L2TP, then naming your connection.
  3. Enter your public IP address or hostname in the server field, then set the account and password. Leave RSA SecurID off. Enter the secret key and select “Send all traffic”.
  4. Select the VPN, then turn the connection on. A VPN icon will be visible on the iOS status bar to indicate if the connection was successful.

You can use the connection to connect apps to your computer, which you can use for a variety of things such as browsing files on your computer, and even mirroring your computer screen.

Aside from providing an added layer of security, a VPN connection can extend not only your secure network, but your computer’s functionality as well. Definitely worth exploring? You tell us.

Leave a Comment