Very strange stuff - I'm starting to believe that this is on Apple's end since everything works great on PC side. I can even afp://serverhere to the macmini & see the shares but refuses to communicate w/ a timeout error each time. The problems mostly seem to be connectivity - we are connecting fine & can see other systems. I'm finding that Mavericks had a bit of VPN trouble out of the door w/ L2TP. I have verified the routing w/ our external Cisco provider & they can remote in & see everything fine (on a PC).
When we connect the macbookpro - it cannot see/ping the IP of the macmini or connect to the sync service (the very reason it exists is to keep the owners computers in sync - with the new macbook, he wants to be able to do this from home over VPN). I can connect any PC client & have zero problems.
We run ALL x86 PCs & he runs the newest macbook pro (Mavericks 10.9.1) + a mac mini (10.8.5). I work for a private company & the boss is a whole other breed of human. Would just like to add that we are experiencing the same thing you are. Explain to the boss that you can't strike a balance between usability and security using NAC, SSL gateway application access, VDI and other modern technologies.
If split tunneling is really a bad thing for your network, then your users need to never be allowed to have any client device leave the LAN, and internet access should be banned from the LAN. Most of the Crypto Locker infections I've seen have been from users on the LAN who are infected from the internet. Even Air Gaps can't protect a network from an idiot with a thumb drive, or who's laptop local admin rights, or touches coffee shop networks from time to time. Thinking that Worms/Trojans can only do damage WHILE connected to the internet and that somehow this impacts security is something that I've never understood. The best practice is to ONLY allow access to either the internet, or the VPN one at a time, but not concurrently!Īctually try explaining to the boss why your idea's about network security are 10+ years old, and don't take into account the fact that a client can become infected, and THEN VPN to your network and encrypt everything. Try explaining to the boss why the network shares are unacessable & encrypted, and that you can't unencrypt them!
They are connected through the VPN and the internet at the same time, and contract say the (Crypto Locker Malware). Think what would happen to your company network if the user has mapped drives to your company network. This posses a risk to your company network if the users system becomes infected while connected to your company network. You really should not allow (split tunneling) access to your VPN and the internet at the same time. Maybe something is hung after the ip change for the network. Odd - try rebooting the router (or cable-modem/router device) and then rebooting the Mac. I tried having them change the service order to have the VPN below the Wi-Fi connection, but that only works for a minute or so. However, now they can't access the internet when the VPN is connected. Some day I may just go through the pain of re-iping, but I am kind of hoping some new VPN technology will come out to get around the issue, or that Apple will do some tweaks (i know, not likely :( )Ĭhanging the IP of the home network worked. I have an ASA 5510 with cisco IPsec, but definitely sounds like same issue as me! luckily we have only like 30 macs, and like 90 PCs in the office and as we both said no issues on the PC side. For us it will be a huge PITA to change our work addresses, so I've been changing each home user's IP range that runs into issues. Verify that the remote system powered on correctly.I've been doing some digging into this lately, and pretty much everything I've read says either the work or home network needs it's IP address changed. On the status bar at the bottom, it reads Magic Packet Sent To 255.255.255.255. Input the MAC Address, Internet Address (local address in this case), Subnet Mask, Send Options: Local Subnet, Port Number 7 (default port), and then click the Wake Me Up button. The screenshot below shows the use of the Depicus* Wake On LAN GUI.
On a remote Windows Server 2008* system that is on the same subnet of the system to Wake Up, run a WOL utility. Make a note of the MAC address, IP address, and Subnet Mask of the Network Adapter for which WOL was enabled. Note that other WOL options are available in this section. Open the Device Manager, click Network adapters, right-click the Network Adapter to be WOL enabled, and click Properties.Ĭlick the Link Speed tab then verify installation of Intel® PROSet/Wireless Software and verify it is the latest version.Ĭlick the Power Management tab and mark the Wake on Magic Packet from power off state check box.