Star VPN is a free VPN application for Mac OS that provides fast access to VPN servers. Star VPN lets you surf the web anonymously with no concern about being tracked by your ISP or anybody else, as your IP will be changed. It gives you access to entire websites and applications in your country, at school or at work.
Mountain Lion VPN
A step by step (by step) guide
We have a lot of customers who use their Mac mini as a VPN server. This works great when you need an IP address in the US, or a secure internet connection on the road, or a number of other reasons. When Apple released Lion, they changed the setup a bit. This continues in Mountain Lion. By default, Mountain Lion Server VPN will distribute IP addresses in the same range the Mac itself uses. This doesn't work well in a facility like Macminicolo where each Mac mini has a static WAN IP address. (Update: here is a tutorial for VPN on a Mavericks Server)
We asked Rusty Ross to help us put together a tutorial that will help Macminicolo customers setup their Mac minis to serve as VPNs. He's broken it down in a few parts so be sure to take the steps that are best for your situation:
PART I: VLAN and DNS
PART II: Internet Routing (*OPTIONAL*)
PART III: VPN
PART IV: Client Setup
If you are simply looking to enable VPN service on your OS X Server for secure connection(s) between your server and client(s), you can skip PART II. That's right: you can jump straight from PART I to PART III. The procedures discussed in PART II are intended for those who are looking to route internet traffic from their VPN clients over the VPN and out to the internet via their server's public internet connection at Macminicolo.
Also, it should be mentioned that server administration (particularly at the command line level) can be tricky. If you do proceed beyond this point, which shall be exclusively at your own risk, then please proceed carefully, and as always, don't ever proceed without a backup of your server and other irreplaceable data.
Still here? Okay, let's get started.
PART I: VLAN and DNS
First, let's set up a VLAN.
In System Preferences, go to Network, and choose 'Manage Virtual Interfaces..'
Then choose 'New VLAN..'
Let's just name our VLAN something like 'LAN', and all other defaults here should be fine:
After pressing 'Create', you'll see this:
After pressing 'Done', you'll be able to enter network info for your new VLAN. Make sure to choose 'Manually' for 'Configure IPv4', and set the IP Address, Subnet Mask, and Router as shown below.
(Advanced: We'll be using a 10.0.0.1 private IP for the server and 10.0.0.0/24 private network in this walkthrough, but note that the technique documented here will work with any private IP addressing scheme. To accomplish that, you'd substitute that alternate network info here, as well as a few other places further along in this walkthrough.)
After pressing 'Apply', you should see an something like this, indicating that your newly-created VLAN is active:
Nice work. Now, let's get basic DNS up and running. Launch Server.app, and click on the 'DNS' section of the sidebar:
Now press 'Edit..' next to Forwarding Servers:
Empty inbox in outlook. ..and add both Macminicolo DNS IP addresses:
All other DNS defaults in Server.app should be fine, so let's switch DNS service on:
Great. Now, once again, if you are NOT interested in routing public internet traffic from your VPN client(s) over the VPN and out to the internet via your server's public internet connection at Macminicolo, you should SKIP from here to PART III.
PART II: Internet Routing (*OPTIONAL*)
So far, so good. Now things get a little trickier, as we need to dive into the command line a bit to get NAT and routing set up. First, we'll need to edit two privileged text files, so we are going use Terminal to summon TextEdit.app with root privileges. (Advanced: If you are comfortable with your own command line text editor, you can obviously make the next couple edits on your own.)
Launch Terminal.app, and inside the terminal window that appears, enter the following command (as a single line), and press return:
Lightweight video editor for mac windows 10. And while YouTube uploaded directly to my channel without incident, you may have to save your video to your hard drive with social media specs and then upload to the social network yourself.Compared to HitFilm's high-energy interface, has a simple, soothing look which makes it the best free video editing software for novices.
sudo killall TextEdit; sudo -b '/Applications/TextEdit.app/Contents/MacOS/TextEdit'
You'll be prompted for your password, and if you've not used sudo on this Mac in the past, you may see a warning about using sudo, which is fine.
(This command first tries to quit any instances of TextEdit that are already running. If TextEdit isn't already running, you'll see a 'No matching processes were found' message, which is fine.)
Next, let's open the first file we need to edit. In the same Terminal window you used before, enter this command (as a single line) and press return:
sudo open -t /etc/pf.anchors/com.apple
Upon doing this, you should expect to see the following file, entitled com.apple, open in TextEdit.app:
Great. We are now going to make three sets of (minor) changes to this file.
First, look for the four lines with references to 'InternetSharing' (indicated with red arrows in the picture below), and simply add a single # character at the beginning of each of these four lines. For example,
scrub-anchor '100.InternetSharing/*'
..will become..
#scrub-anchor '100.InternetSharing/*'
Now, let's take a moment to look at the last line. The one that begins with 'load anchor'. If you happen to see a trailing slash character, indicated with red arrows below, after '400.AdaptiveFirewall/', remove that single slash character right now. This was an Apple typo bug from some early Mountain Lion versions (prior to 10.8.2), and needs to be removed. This is important, and the entire VPN setup process will fail if this typo is not corrected. So if necessary, remove only the slash, so that the line now reads:
load anchor '400.AdaptiveFirewall' from '/Applications/Server.app/Contents/ServerRoot/private/etc/pf.anchors/400.AdaptiveFirewall'
And, of course, if the line doesn't contain this unwelcome slash, and already reads like the example above, do nothing. (Except maybe thank Apple for fixing their bug.)
And finally, we are now going to add three custom lines to this document. Red arrows in the picture below indicate where these lines should go. The three lines you'll be adding are:
nat-anchor '100.customNATRules/*'
rdr-anchor '100.customNATRules/*'
load anchor '100.customNATRules' from '/etc/pf.anchors/customNATRules'
See here:
Great. Now close the window of this 'com.apple' document you've been editing so that TextEdit.app will save the changes you just made.
Okay, one more text file needs to be edited with TextEdit.app, and in fact, you'll be creating this one from scratch. Back in your Terminal.app window, enter the following command (as a single line) and press return:
sudo touch /etc/pf.anchors/customNATRules; sudo open -t /etc/pf.anchors/customNATRules
Upon doing this, you should expect to see an empty text file titled 'customNATRules' open as a window in TextEdit.app. Enter the following two lines of text into this file (make sure to press return after the second line):
nat on en0 from 10.0.0.0/24 to any -> (en0)
pass from {lo0, 10.0.0.0/24} to any keep state
(Advanced: If you are using private IP addressing other than 10.0.0.0/24, you should customize these two lines to match your chosen network.)
Nice. Now close the window of this 'customNATRules' document you've been editing so that TextEdit.app will save the changes you just made.
Now, just a couple more commands in Terminal.app, and we'll be done with the command line.
Enter this command (as a single line) into your Terminal.app window and press return:
sudo /usr/libexec/PlistBuddy -c 'add :ProgramArguments:3 string -e' /System/Library/LaunchDaemons/com.apple.pfctl.plist
And finally, enter this command (as a single line) into your Terminal.app window and press return:
echo 'net.inet.ip.forwarding=1' sudo tee -a /etc/sysctl.conf
The Terminal should respond with 'net.inet.ip.forwarding=1', which is what we want.
Well done. You can now close your Terminal.app window entirely.
Okay, you have now set up NAT and routing for your private network. The last piece of the puzzle on the server will be to configure and enable VPN service.
Before you proceed, though: RESTART your server now. (We'll wait..)
Now that you have restarted your server, let's continue.
PART III: VPN
Whether or not you have just completed Part II or skipped to this point straight from Part I, rest assured that everyone is welcome here in Part III.
First, open Server.app and click on the 'VPN' section of the sidebar:
Several default settings here are already in place as we'd want them, so we'll just edit a few.
Enter your Shared Secret as desired:
Now press 'Edit..' next to DNS Settings. You will likely see the Macminicolo DNS IP addresses here, which is NOT what we want in this particular place:
Instead, change this to 10.0.0.1 as follows:
(Advanced: If you are using an alternate private network, customize the above appropriately.)
Press 'OK' and we're back here:
Now press 'Edit..' next to Client Addresses, and enter settings as pictured below. (Advanced: If you are using an alternate private network, or have different needs in terms of address pool size, customize appropriately.)
Press 'OK' and you will likely see the following warning:
Since this won't actually be a problem, breathe easy, and press 'Continue'. Now once again, we're back here:
..and should be all set to go. Switch the VPN service on:
Brilliant. Wait about 30 seconds for the VPN service to become fully active, and your Mac mini server should now be ready to serve VPN clients and (optionally, if you completed Part II) route their public internet traffic over its connection.
PART IV: Client Setup
Now that your server's VPN is configured, enabled, and (optionally) ready to route public internet traffic for its clients, you may want a little guidance on how best to configure a client.
Let's set up a Mountain Lion client as an example.
In System Preferences, go to Network, and press the '+' in the lower-lefthand corner:
Choose 'VPN', make sure you are using 'L2TP over IPSec', and give your service a name:
Press 'Create', and then make sure your new VPN is selected in the sidebar on the left, so you can edit its details on the right:
As shown above, enter the IP address or DNS name for your server in the 'Server Address' field. In the 'Account Name' field, enter the username for the account on the server that you want to use to log in from the client.
Press 'Authentication Settings..' and you'll see this:
Enter the Password for the account you just specified, and the Shared Secret exactly as you set it up on the server.
Press 'OK', and you are back to:
Now press 'Advanced..' and you should see:
If you chose to complete optional 'Part II: Internet Routing' section earlier:
Then check the option to 'Send all traffic over VPN connection' so that your client will, um, send all its traffic (including public internet-bound traffic) over the VPN when the VPN connection is active.
Otherwise, if you skipped the optional 'Part II: Internet Routing' section, make sure to un-check 'Send all traffic over VPN connection' (unlike the picture above).
Press 'OK', and you are back to:
Press 'Apply' to save changes.
And now your client should be ready to connect to your server's VPN.
Just press 'Connect' when you want make this happen.
Well done.
As I mentioned, this tutorial came from Rusty Ross, a great hands-on consultant that works with a bunch of happy MMC customers on a wide range of topics, including setup, migration, troubleshooting, maintenance, networking, strategic planning, and creative thinking. He's available for a quick-fix, a specific project, or a longer-term relationship. If you have questions, you can find us on Twitter @macminicolo. And if you're looking for somewhere safe and connected to place a VPN server, checkout our prices to host a Mac mini with us.
About Macminicolo
Macminicolo, a Las Vegas colocation company, has been hosting Mac minis since their introduction in January 2005. They are the leaders in this niche market and are known for their personal service. They currently host hundreds of Mac minis for satisfied customers located in 36 different countries around the world. Get more info on our frequently asked questions page.
More Information
Contact Macminicolo.net
Pricing and Options
Setting up VPN on Mac 10.7 Lion & 10.8 Mountain Lion
Here you will find the setup guide for your Mac OS X 10.7 lion and 10.8 Mountain Lion. We will begin with PPTP VPN and proceed with L2TP IPsec VPN. Two different types of VPN protocols and it may be a good idea to create one of each. If one fails to connect depending on how restrtictive your network, you try the second connection.
When travellign abroad to countries such as China, Thailand, Malaysia, United Arab Emirates, Qatar, Oman, Kingdom of Saudi Arabia, Belize etc you should know that one of both protocols MIGHT fail to connect. Simply use the other. This could also occur in the US. Just depends on the network being used.
Users who already had the vpn configured on Mac 10.7 reported an issue when upgrading to 10.7. The VPN had to be removed and re-added from scratch. This seems to resolve the issue.