VPN Access to DirigoHost - Configuring a L2TP/IPsec VPN Connection on a Mac10/30/2015
This is the Mac equivant to the PC instructions .
On 10/28/2015 Dirigo installed a set of new security devices (e.g. firewall, intrusion detection, network security, server protection software, load balancers, etc.) that required a switch in how clients access the their DirigoHost servers. We will no longer be using the Cisco AnyConnect software that we've used for the past six years. Instead, we're moving to a more universal VPN Protocol called L2TP/IPsec. The setup looks daunting, but, it's really not that bad. Fortunately, L2TP/IPsec is built into the Mac OS. Here's how to get setup.
- From the Bottom menu click on System Preferences (the Gear icon) and then Network (the Globe icon).
- Use the + icon to setup a new connection.
- Select VPN as the Interface.
- We're going to be using L2TP over IPSec which should autofill into the VPN Type drop down.
- Name the service DirigoHost
- Then click Create.
- Return to the Network menu and fillin:
- Configuration: Default
- Server Address: gwi.dirigodev.com (if that does not work use 188.8.131.52 instead of gwi.dirigodev.com)
- Account Name: (provided by Dirigo)
- Click the Authentication Settings button.
- Fill in the shared secret which will be provided by Dirigo.
- It is a best practices to not autofill the Password. We would prefer users to type the password in each time.
- Click okay to get back to the Networking screen.
- Click Advanced and then Send all traffic over VPN connection. Then click okay.
- Apply the Changes.
- Enter your password.
- Your Mac will now connect to the VPN.
- You can disconnect or reconnect to the VPN via the Network screen.
When connected to the VPN all internet traffic is being routed through DirigoHost.
Dirigo's VPN Security Policy
This policy applies to the use of Dirigo’s Virtual Private Network (VPN) service, which is one mechanism Dirigo provides for authorized users to access corporate computing and network resources from remote locations.
All VPN users must actively use anti-virus software on each computer from which the VPN server is accessed. The anti-virus software must be updated regularly with new anti-virus definitions. Users are required to keep their computer updated with the latest operating system and software patches available from their respective vendors. Microsoft Windows-based PC’s should have the automatic updater configured. Mac OS users should have the software updater configured through the OS system preferences, and Linux users should have the RTM manager configured.
Users connecting to the VPN server using a wireless connection, must install and enable a software or hardware firewall. The software firewall built into Windows is acceptable, as is Zone Alarm.
While a computer is connected to the VPN server, it is logically connected to both the internal DirigoHost network and the Internet. For security reasons, each VPN user should disconnect from the VPN server when access to DirigoHost is no longer required. VPN users should be aware that if their VPN connection remains open and is not configured correctly, their Internet connection will be routed and logged through the VPN server and the Dirigo network. This will result in a slower Internet connection for the VPN user and brings about privacy issues/concerns. Don't use DirigoHost as the default gateway.
Consult with David Addison or Peter McCabe or the designated Dirigo Information Security Officer (ISO) if you have questions about any of the above policy.