Lion Server: Configuring and enabling PPTP

Summary

Learn how to configure PPTP in Lion Server v10.7.3 or later.

Products Affected

Lion Server

Using PPTP support in Lion Server

  • Update to Lion Server v10.7.3 or later if you have not yet done so. Lion Server v10.7.3 or later is needed to provide VPN connections using PPTP.
     
  • Use Server.app to configure the VPN server to support PPTP connections. Note: L2TP and PPTP share an IP address range in Lion Server.
     
  • PPTP can only be used if you are managing network users or users connected to a directory server. Local user accounts can only be used with LT2P.
     

Using existing Open Directory instances

Open Directory instances created prior to Lion Server v10.7.3 will need their password policy modified to allow PPTP connections. Use the following command:

pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"

  • Replace "(vpn_idname)" with the short name of the VPN key agent user, found in Server.app or WorkGroup Manager. Choose View > Show System Accounts/Records to make that record visible.
  • Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" is the default name the system uses.

 

Additional Information

Using with AirPort

It may be necessary to reconfigure the VPN port mappings on an AirPort Base Station after configuring Lion Server to allow PPTP connections.

  1. Click the VPN service.
  2. Click the minus button ("-") and remove.
  3. Click the Restart Airport Base Station button.
  4. After your base station restarts, click the plus button ("+") and re-add the VPN service.
  5. Restart your base station once again.
Not helpful Somewhat helpful Helpful Very helpful Solved my problem
Ask other users about this article
in Apple Support Communities
See all questions on this article See all questions I have asked