Took me quite some time but, finally I managed to get it up-and-running: My personal VPN, connecting my iPhone and my home network. This post outlines the most important things.

Your Mac OS X has all the capabilities built-in to setup a secure VPN:

• racoon (ipsec)
• vpnd (l2tp/pptp tunnelling)
• pppd (connection)

The only difference to Mac OS X Server is that there’s no GUI for a simple configuration.

VPN Server Set-up

There’s where iVPN comes handy.
It’s straight forward to use and self-explaining. iVPN maintains a valid configuration file for vpnd (/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist) and takes care of your chap.secrets and user.plist (both in /etc/ppp).
Versions above 2.4 cost something — but you can use the old 2.4 release (Download here)
because you only need it for the initial set-up.

The only thing to do after you created your config with iVPN 2.4 is to chmod 600 /etc/ppp/* to protect the plain text passwords.

To start your vpn, you can use either iVPN or simply call vpnd from your terminal.

Client Set-up

Now configure your iPhone to use L2TP/IPsec and run a local test on your wireless LAN. Use the same values like before… Works? Good, then proceed.

Netopia Router/Firewall/NAT Config

Put your netopia to ‘expert mode’. Goto configuration->NAT/Games.

The Netopia box needs to have the following ports forwarded to your VPN server:

Netopia Port Forwards

“L2TP” is a manual UDP Port 4500 forward
“L2TP Traffic” is a manual UDP Port 1701 forward

Now configure your iPhone to use your public IP address and try to connect.

On your VPN server you should see all activity in the log file /var/log/ppp/vpnd.log

I’ve chosen to use L2TP/IPsec because it is more secure.
PPTP is basically supported as well, but I did not get it to run and I didn’t want to spend more time on this.