Thank you for looking and I hope this is the correct subreddit for this question.
I have RRAS set up on a 2008 R2 server to allow my co-workers to connect to the VPN from home. I am using PPTP and PEAP as security is not critical.
We are using a contractor for some web design work and she needs to be able to connect to the VPN but she is using a MAC. I have been tasked with getting her on the VPN by Monday morning. I have almost zero knowledge of Mac’s and I know that a Mac cannot connect to the VPN as it stands now. Can anyone help me get her set up?
I would rather not have to change the settings for everyone else just to let one contractor connect. We have an option to buy her parallels to run a virtual windows machine and connect, but I would prefer not to do that either. Is there any way I can allow her Mac to connect without changing the whole VPN setup?
I have almost zero knowledge of Mac’s and I know that a Mac cannot connect to the VPN as it stands now
This sentence seems self-contradictory, or do you mean that their particular machine isn’t configured with the VPN? PPTP VPN support is built into OS X, you need to go into the Network pane of System Preferences, add a VPN interface, and configure it with the relevant credentials and settings.
I don’t know much about Windows Server but… Mac OS X has no built-in support for PEAP. If you’d rather not install Parallels on her Mac, you need to change your 2008R2 policy to support CHAP over PPTP.
There’s a serverfault thread and a mac-forums thread with details that might be helpful to you in case you do so. (And don’t forget to set the service order in the network prefs pane on the client)
Sorry about that, I guess I could have been more clear. I don’t have any training or experience using a mac. I have tried to connect to our VPN using another employee’s mac and it did not work. I have since read that mac does not support PEAP/EAP-MSCHAPv2, so my question really should say, can I use a different protocol to allow the mac to connect to the VPN without making all of my regular windows user’s change their settings, which would be a real PITA.
Or can I have multiple VPN protocols running from the RRAS server at one time that would allow everyone to connect to the VPN?
OS X supports both PEAP/MS-CHAPv2 and PEAP/GTC natively and has for some time.
Yes… set up the RRAS server to allow a protocol that the Mac supports (there’s lots), and then set up the VPN connection on the Mac.
Can I get a source on this PEAP/EAP-MSCHAPv2 not working on the current version of Mac OS X? It is my understanding that Mac OS X 10.9 and newer supports EAP-MSCHAPv2 for encryption methods on connecting to WiFi & VPNs.
What version of OS X are you running? That may be the core issue. On my MBA (running 10.10) I can connect to both my home VPN and work VPN. Both use PPTP with EAP-MSCHAPv2.
In fact on my RRAS server for my home connection I only have EAP & MS-CHAPv2 Selected.
(You can change authentication methods by; this is assuming you aren’t running a NAP (Network Access Policy Server) on your network)
-
Open RRAS Console
-
Right click on your RRAS Server in said console.
-
Go To Properties.
-
On the New window that opens up, select Security.
-
Under Authentication Provider (If it is Windows Authentication). Click Authentication Methods.
-
Choose Authentication Methods Allowed.
-
Click OK/Apply on all screens.
-
Retest.
I am running NAP on that server as well. Looks like we are just going to put a Windows VM on her mac so she can have access to the files. Thank you for the help and advice!
You can alter the NAP server itself. I forget the process, but it is very doable. I’d have to log into work to review the steps as we use RRAS & NAP for auth.