Any dummy's guide to windows and mac server setup?

[runnin17]

Okay, so I have been meaning to do this for a very long time and finally since I am getting a new Macbook Air I am going to jump into it.

My wife has an old style macbook, I will soon have a macbook air. I have three main computers (all PC and running windows 7) at my home. One main computer, one media server (relegated to the closet) and an HTPC.

I want to eventually install WHS on the server, but since I have over 10TB of storage space (about 4TB filled) and no way to back all this up while I update the OS; I have just left windows 7 pro on the server and it has been working okay.

I want a simple (remember it is for the wife too) way that I can share files back and forth between the two macbooks and the server mainly. Most likely via FTP. I have been doing some reading and could probably figure all this out, but I want a simple solution.

My ultimate goal is to have a semi-cloud backup/storage design. I would also like to eventually be able to direct friends and families to specific photo or video directories that they could access maybe through a VPN (or something like it).

Any guidance would be a big help.

 

[KaosDG]

OS X has SMB (Windows File Sharing) access built in.

From the Finder menu, you can type command-K (forget the menu item) and type in smb://<name or ip of server>/<share name>

OS X will mount that share as a network drive. Providing your permissions are correct and people use the proper logins (guest accounts are bad, mmmkay) then there shouldn't be an issue of sharing files.

 

[DeChache]

OS X has SMB (Windows File Sharing) access built in.

From the Finder menu, you can type command-K (forget the menu item) and type in smb://<name or ip of server>/<share name>

OS X will mount that share as a network drive. Providing your permissions are correct and people use the proper logins (guest accounts are bad, mmmkay) then there shouldn't be an issue of sharing files.

This


My setup at home is alot like your my main rig is Win7 the girls laptop is Win7 and my media center is Win7 my Server is Server 2008 R2.

Then I have my new Macbook Pro and an old Macbook. Things work just as KaosDG said they would.

 

[runnin17]

I know about the SMB. That is what I am using right now.

My question is about access to my server when I am not at home. Say I am sitting at starbucks and want to grab a picture off my server at home. Is there an easy to follow guide on how I would set this up?

 

[KaosDG]

I know about the SMB. That is what I am using right now.

My question is about access to my server when I am not at home. Say I am sitting at starbucks and want to grab a picture off my server at home. Is there an easy to follow guide on how I would set this up?

ah ok.

So first you'll need an external IP (easy enough with a dynamic DNS service) see dyndns.com, no-ip.com, etc.

Then the question becomes how you want people to access this.

Open access (no vpn) is dangerous. For example, if you leave open FTP then someone could brute force the password and use your server.

Setting up a VPN is the best option, and depending on your router (untangle, ipcop, etc) there are addons to install. For a normal consumer grade (linksys, netgear, etc) there really aren't router-based solutions, so you'd have to get something that runs on the server.

This is really outside the realm of the Apple forum and more suited for the networking forum. (Since it's more about configuring network access than Mac related config)

If you'd like I can move this thread there.

 

[runnin17]

If you'd like I can move this thread there.

Sure that would be great. Thanks for the info.

 

[dashpuppy]

setup a firewall infront of all your equipment, i recommend Astaro or Untangle, then once you have it running, setup the vpn and wola

I do this and it works great

Having a vpn, its just like being at home hitting the apple K and then mounting your shares = good :0

Also setting your vpn up so you can surf through your home firewall = more security

 

[C7J0yc3]

setup a firewall infront of all your equipment, i recommend Astaro or Untangle, then once you have it running, setup the vpn and wola

I do this and it works great

Having a vpn, its just like being at home hitting the apple K and then mounting your shares = good :0

Also setting your vpn up so you can surf through your home firewall = more security

In theory this works well, but depending on your ISP could end up being crap. I have 2mb up so this ends up being pretty painful but for someone on fiber it wouldn't be an issue.

 

[dashpuppy]

In theory this works well, but depending on your ISP could end up being crap. I have 2mb up so this ends up being pretty painful but for someone on fiber it wouldn't be an issue.

i'm on cable with 27mb down and 980k up, works great it's slower but it's so useful when you need that word document or something when on the road, this combined with Dropbox = wicked.

 

[runnin17]

what if the place that you are at doesn't allow VPN access???

 

[DeChache]

what if the place that you are at doesn't allow VPN access???

Most of the suggestions above are SSL VPNs that work over port 443 so unless they don't https the VPN works.

I like most the people above have OpenVPN setup and just use that to get into my systems at home.

I've yet to find a place were my VPN didn't work.

 

[dashpuppy]

Most of the suggestions above are SSL VPNs that work over port 443 so unless they don't https the VPN works.

I like most the people above have OpenVPN setup and just use that to get into my systems at home.

I've yet to find a place were my VPN didn't work.

agree, most places have it open so, business people can connect to work office and work from coffee shops etc etc.

Along with them connecting to their offices, all the traffic is directed through the vpn, for security.

J'

 

[RavinDJ]

How about using Remote Desktop to access your server at home? You don't need VPN, just an external IP or a DNS name from dyndns.org

Am I missing something? Is RD as safe as a VPN?

 

[dashpuppy]

How about using Remote Desktop to access your server at home? You don't need VPN, just an external IP or a DNS name from dyndns.org

Am I missing something? Is RD as safe as a VPN?

If you can do vpn, DO IT! Opening ports for port forwarding kinda defeats the propose of having a firewall.

 

[RavinDJ]

What about changing the port?

For example, my DynDNS account is: my-sub-domain.dyndns.org:12345

12345 is an arbitrary port.

Does that help or not really?

 

[dashpuppy]

What about changing the port?

For example, my DynDNS account is: my-sub-domain.dyndns.org:12345

12345 is an arbitrary port.

Does that help or not really?

it helps a little till some one port scan's and trying to brut force attacking it.

VPN is so easy now a-days and its worth every penny, even throwing in a "untangle" and installing open vpn is better than port forward / changing.

Untangle is cheap, easy to setup, easy to manage, and provided MORE security than any off the shelf firewall / router.

Install untangle / astaro, and watch your logs, you would be surprised on what goes on.

 

[runnin17]

Thanks for the info. Going the untangle route seems like a good idea.

Are there any step by step guides on the best way to setup the VPN (keep in mind I will be using both windows PC's and OSX PC's)? Thanks in advance.

 

[dashpuppy]

Thanks for the info. Going the untangle route seems like a good idea.

Are there any step by step guides on the best way to setup the VPN (keep in mind I will be using both windows PC's and OSX PC's)? Thanks in advance.

I'm pretty sure that you won't have any problems setting it up, Enable it, download client use

J'

 

[runnin17]

So let me see if I have this right.

1. I install Untangle on my server (where the untangle software is the new OS for my server).
2. Decide which add-ons I need. Most likely the firewall and the OpenVPN add-on?
3. Install OpenVPN on the computers I want to connect to the server.
4. Login to the vpn and be on my way...

The question I have is; what about when I need to connect to the server when I am at home? If the server is running untangle how do I set it up so that my office PC, my HTPC and my two macbooks can connect to the home server like I do now (without using a VPN)?

 

[dashpuppy]

So let me see if I have this right.

1. I install Untangle on my server (where the untangle software is the new OS for my server).
2. Decide which add-ons I need. Most likely the firewall and the OpenVPN add-on?
3. Install OpenVPN on the computers I want to connect to the server.
4. Login to the vpn and be on my way...

The question I have is; what about when I need to connect to the server when I am at home? If the server is running untangle how do I set it up so that my office PC, my HTPC and my two macbooks can connect to the home server like I do now (without using a VPN)?

Make sure that your Untangle box is not running in a vm or anything like that, make the box dedicated, its a firewall keep it that way.

I can't remember how many vpns you can have with Untangle, i bet someone will post the number tho.!

 

[dashpuppy]

Here is how i had one of my setups,

 

[runnin17]

Hmmm, I follow your diagram. Just not real sure I would use it with my setup.

I will take a look at astaro and see how that is configured.

 

[dashpuppy]

Hmmm, I follow your diagram. Just not real sure I would use it with my setup.

I will take a look at astaro and see how that is configured.

If you are confused with Untangle, then i wouldn't even touch Astaro yet. Learn Untangle first, its super easy.

 

[dashpuppy]

Here, this more bigger and simplified.

 

[runnin17]

I think I am confused about the "computer as firewall" aspect of the whole thing.
If I install untangle on a PC, can that PC have shared files on it?

For example, currently my "server" has windows 7 installed. It is the PC with 10TB of storage. My other PC's can connect to the shared directories on the server. The macbooks also connect via smb to the shared directories.

If I install untangle on the "server", will I still be able to have shared drives on that PC? I have two RAID5 arrarys on the server, so I don't really want to mess them up by installing untangle if it is not meant to be used that way.

 

[dashpuppy]

I think I am confused about the "computer as firewall" aspect of the whole thing.
If I install untangle on a PC, can that PC have shared files on it?

For example, currently my "server" has windows 7 installed. It is the PC with 10TB of storage. My other PC's can connect to the shared directories on the server. The macbooks also connect via smb to the shared directories.

If I install untangle on the "server", will I still be able to have shared drives on that PC? I have two RAID5 arrarys on the server, so I don't really want to mess them up by installing untangle if it is not meant to be used that way.

NO! the pc you use and install untangle on is ONLY A FIREWALL, that's it not a webserver not a file sharing server not a print server, its a stand alone firewall that's it.

It's like a router, but a MORE powerful one with more features and more options.

You need a dedicated machine, for untangle or astaro or for any firewall software.

 

[cymon]

Untangle and Astaro are full-featured operating systems. Installing untangle on a PC turns that PC into a dedicated firewall. You will not be able to host files or services on the firewall box.

Untangle is something you would use on a spare PC. If you do not have a spare PC, look into setting up OpenVPN (which works over SSL and therefore is reasonably easy to set up). OpenVPN can be set up on the server. Forward port 443 to the servers internal IP address, and then have the clients connect to your external IP. You will want to get an account with no-ip.org (or equivalent) because you likely do not have a static IP.

A potential to-do list.

-Register with no-ip.org, dyndns.org
-Install the dynamic update client on your fileserver
-Configure OpenVPN server on your fileserver
-Configure the OpenVPN client on the macbooks.
-Point the client towards yourdomain.no-ip.org or whatever

Basic OpenVPN setup:
-Create certificates (these identify the server and clients)
-Set up passwords
-Set up routing on the server. The VPN users usually get a seperate subnet. You will need to configure IP routing on the server so that it acts as a gateway for the VPN subnet. (The openvpn site has more info on this).

The OpenVPN site does have a how-to guide, this is just a brief overview so you have an idea of what you are getting into. Untangle or equivalent help to automate this process, however, if you do not have a spare pc laying around, untangle is not an option.

 

[runnin17]

Ahhh, makes a lot more sense now.

I might look into finding some spare parts to setup myself a dedicated firewall. In the meantime, I will play around with OpenVPN. I am sure I will have some more questions though.

So if I do use untangle, I don't have to go the no-ip.org or dyndns.org route, correct?

 

[dashpuppy]

Ahhh, makes a lot more sense now.

I might look into finding some spare parts to setup myself a dedicated firewall. In the meantime, I will play around with OpenVPN. I am sure I will have some more questions though.

So if I do use untangle, I don't have to go the no-ip.org or dyndns.org route, correct?

you will still need one or the other.

IF your building a box, make sure you get intel network cards ( yes 2 ) and something close to a P4 2.0 or higher with 1gig of ram at least.

 

[cymon]

No matter which way you go, you will need a domain name with no-ip.org. Whether you're using a linksys home router, or Untangle, pfSense, or a Cisco router, you still need to know the IP address of the router for the VPN to work. no-ip.org (or equivalent) will give you a domain name. They also provide a program that will automatically update the domain so that it is always point to the correct IP address.

Untangle's VPN setup is just a simplified frontend around OpenVPN. From a basic setup point of view, configuring OpenVPN server on the fileserver is going to be the fastest and easiest way to get this working with the hardware you already have. Untangle does have some advantages (better scalability and QoS configuration being some of them), however, all you really need to start with this project is to set up OpenVPN server on the fileserver and forward port 443 on your router.

Here is a page with howtos to set up OpenVPN. Install the 'Access Server' on the fileserver. Then, configure the client on the macbooks.

http://openvpn.net/index.php/open-source/documentation/howto.html

Regarding key configuration: Normally the encryption/certificate generation is the most complicated part of the VPN setup (it has the potential to be very confusing). The page I linked has a section on static key versus certificate setups. Static Key is likely a good choice for you to start with. Static Key is basically just a password that you set up on each end. It's harder to manage (in larger deployments) then a cert-based setup, however, it's simple. You can just program the key in on the server + macbooks.

http://openvpn.se/
http://code.google.com/p/tunnelblick/

The top link is a windows GUI program to configure OpenVPN. The bottom link is a Mac OS program to configure and control OpenVPN. I have not used these programs, I found the links from the openVPN community (the open-source free edition) page. They may help you in your quest.

 

[dashpuppy]

Here is a page with howtos to set up OpenVPN. Install the 'Access Server' on the fileserver. Then, configure the client on the macbooks.

http://openvpn.net/index.php/open-source/documentation/howto.html


http://openvpn.se/
http://code.google.com/p/tunnelblick/

The top link is a windows GUI program to configure OpenVPN. The bottom link is a Mac OS program to configure and control OpenVPN. I have not used these programs, I found the links from the openVPN community (the open-source free edition) page. They may help you in your quest.

Just read a review for this software in the current mac magazine.

 

[runnin17]

Thanks for the links to the guide. Looks like I know what I will be doing this weekend. I'll update the thread with my progress.

 

[runnin17]

So I need to install the 'Access Server' on the fileserver? This is the software that needs to be ran through a virtual hard drive correct?

Does the access server have to be installed or can I install the OpenVPN software and use a server based config file to get access to the server?

 

[dashpuppy]

So I need to install the 'Access Server' on the fileserver? This is the software that needs to be ran through a virtual hard drive correct?

Does the access server have to be installed or can I install the OpenVPN software and use a server based config file to get access to the server?

YOur going to run all this equipment with out a firewall ?

Crazy!

 

[runnin17]

Considering I don't have an extra dedicated PC to act as a firewall I won't be using untangle right now. However, I do plan on using a firewall of some sort. Just haven't figured out what firewall method I want to use right now.

 

[dashpuppy]

Considering I don't have an extra dedicated PC to act as a firewall I won't be using untangle right now. However, I do plan on using a firewall of some sort. Just haven't figured out what firewall method I want to use right now.

Still going to need a dedicated unit of some sort, weather you build a firewall OR buy a firewall.

 

[runnin17]

That still doesn't answer my question about running the 'access server' or installing the OpenVPN software and using a server config file.

Would appreciate some help.

 

[dashpuppy]

That still doesn't answer my question about running the 'access server' or installing the OpenVPN software and using a server config file.

Would appreciate some help.

YOU WONT NEED IT IF YOU HAVE A PROPER FIREWALL having your server directly conencted to the internet is a waste of time and our efforts helping you, because you will be right back here asking for help how to RESCUE IT or fix it.

Take our advice first!

Building a firewall / having one you can vpn to it then get inside to your computer on the network * Securely*

 

[runnin17]

I am not following you at all. I am sure plenty of people don't have a dedicated firewall when they are setting up openvpn.

I don't have my server connected directly to the internet. I have a no-ip.org account. Just trying to figure out how to configure OpenVPN.

 

[runnin17]

I did a little more reading and I think I am going to try and set OpenVPN up on my WRT54G router.
I'll be doing some reading about it in the meantime. If I can't figure out how to get a good firewall up then I will just build a cheap system to act as a firewall.