Setting up firmware protection reduces the need to use FileVault given that it causes target disk mode to require a password to initiate. Mountain Lion and Lion users have to boot into the Recovery HD to set up firmware password protection.
#ICEFLOOR MAC REVIEW MAC OS#
Secondary click the keychain from the list of keychains in "Keychain Access" to modify these settings.ģ) Set up firmware password protection in Mac OS X. Setting the keychain to lock after 5 minutes of inactivity and to remain locked while sleeping is most secure. Make sure to keep items that require extra security in that separate keychain and make sure to keep that keychain locked as much as possible. Label that separate keychain with the username of the computer user account but give it a different password than the user account password because the login keychain uses that password. OS X Mountain Lion: Allow apps to access your keychainĬreate a separate keychain in "Keychain Access" from the login keychain to store secure notes and login credentials, such as internet passwords, that do not need to stay unlocked while the user is logged in. OS X Mountain Lion: Lock or unlock your keychain If the limits negate the ability to meet the requirements of a secure password presented above, make a password as close to those requirements as possible given the imposed limitations.Ģ) OS X Mountain Lion: About your keychain password Some online accounts will place limits on the length and type of characters that can be used to create passwords. Secure passwords contain at least 8 characters with at least one character from each of the following: upper case alphabet, lower case alphabet, numbers, and is an example of a password that meets the minimum requirement of a secure password. Do not reuse passwords for security sensitive logins specifically, do not use the same password for banking credentials and logins to websites, such as Facebook or Twitter. Make sure to use strong passwords that use a combination of characters from both the upper and lower case alphabet, numbers, and symbols. All this stuff works fine when not on VPN and sitting on the LAN.1) OS X Mountain Lion: Understand passwords Yet tcpdump shows traffic on port 5900 associated with the VPN client. I can ping my server from VPN clients, but nmap fails, and VNC clients fail to hit 10.0.1.3:5900. Are they supposed to be routed back to tun0 somehow? How? The dump above shows them leaving the VNC service on interface en0. Here's the dump of tun0 showing packets going to the VNC service on tun0. Is anyone able to suggest pfctl or other fixes that allow VPN clients on tun0 to access services on the same VPN server available on interface en0?
I'm not sure if packets are correctly crossing over between tun0 and en0 - the result is that services are not available to VPN clients. Tcpdump shows VNC packets going to the server on interface tun0, and leaving the VNC server on interface en0. More details for those who'd be able to suggest a fix: IceFloor is a really nice GUI, but also has this issue, so this approach is missing some basic ingredient.įor example, hitting a VNC server while running tcpdump shows VNC packets going to the server on interface tun0, and leaving the VNC server on interface en0. Still some issues getting packets between VPN clients and services on the VPN Server. # Allow outgoing traffic from NAT'd port $lan_udp_services Load anchor "com.apple" from "/etc/pf.anchors/com.apple" Nat on $int_if from $localnet to any -> ($int_if) Int_if = "en0" # macro for internal interface I used the following script which I got from the OSX discussion:Ĭode: Select all # References for modifications: On pfctl, I forwarded UDP port 1194 in the setup.Īt this point, I'm not sure how I should troubleshoot this issue.ĮDIT: I think the issue has to do with how I setup osx to route vpn packets. It was working great for a while, but after setting up pfctl instead of ipfw, I can't seem to access anything on the local network or the internet when I attempt to connect from the outside. I found a thread on apple discussions that was doing something very similar with iOS here. My goal is to be able to connect to both my local network at my house as well as the internet through the vpn connection.
I'm currently setting up a openvpn server on my macmini server at my house.
First of all, I am new to the server admin side of things, so pardon my lack of knowledge.
0 kommentar(er)
