Filter
Top Products
Chapter 14 Working with Network Services 243
To display the log path:
$ sudo serveradmin command vpn:command = getLogPaths
The computer will respond with the following output:
vpn:vpnLog = <vpn-log>
Site-to-Site VPN
Site-to-site VPN is implemented by the daemon vpnd, which is in turn a wrapper
around the racoon daemon and the setkey tool. The racoon daemon negotiates and
configures a set of parameters of IPsec. setkey manipulates Security Association
Database (SAD) entries as well as Security Policy Database (SPD) entries in the kernel.
See the
racoon and setkey man pages for more information. racoon also has a
webpage: www.kames.com/racoon. You might also find the ipsec man page helpful in
getting more information.
Apple provides an interactive s2svpnadmin tool, located in /usr/sbin/, that enables you
to configure and set up site-to-site VPN. The s2svpnadmin tool accesses configuration
information for the Client Server VPN application in Server Admin. Note that
s2svpnadmin does not start the VPN service. You have to start the VPN service
separately from Server Admin.
The s2svpnadmin tool can list currently configured site-to-site VPN servers, display their
configuration details, add a new configuration, and delete an existing configuration.
This tool can be used to configure only a local VPN server, not a remote one. To set up a
site-to-site server successfully, you need to configure the two VPN gateway servers at
the two sites independently.
s2svpnadmin must be run as root.
Configuring Site-to-Site VPN
To configure a site-to-site VPN, run s2svpnadmin as root and choose the “Configure a
new site-to-site server” option. You will need to provide the following information:
 A configuration name used to identify the server. This string should not have any
spaces in it.
 The external gateway address of the local site.
 The external gateway address of the remote site.
Value Description
<vpn-log> The location of the VPN service log.
Default =
/var/log/vpnd.log