OS X Server: Configuring PPTP

Learn how to configure PPTP.

This article has been archived and is no longer updated by Apple.

If you use Lion Server

Update to Lion Server v10.7.3 or later if you have not yet done so. This version is needed to provide VPN connections using PPTP.

Configuring PPTP

  • Use Server.app to configure the VPN service to support PPTP connections. Note: L2TP and PPTP share an IP address range in Lion Server.
  • PPTP can only be used if you are managing network users or users connected to a directory server. Local user accounts can only be used with LT2P.

Using existing Open Directory instances

Open Directory instances created prior to Lion Server v10.7.3 will need their password policy modified to allow PPTP connections. Use the following Terminal command:

pwpolicy -a (diradmin) -u (vpn_idname) -setpolicy "isSessionKeyAgent=1"

  • Replace "(vpn_idname)" with the short name of the VPN key agent user, found in Server.app or WorkGroup Manager. Choose View > Show System Accounts/Records to make that record visible.
  • Replace "(diradmin)" with the name of your Directory Administrator; "diradmin" is the default name the system uses.


Using with AirPort

It may be necessary to reconfigure the VPN port mappings on an AirPort Base Station after configuring Lion Server to allow PPTP connections.

  1. Click the VPN service.
  2. Click the minus button ("-") and remove.
  3. Click the Restart Airport Base Station button.
  4. After your base station restarts, click the plus button ("+") and re-add the VPN service.
  5. Restart your base station once again.
Published Date: