TIP: Firmware and IP help for NetExtender VPN with Macs

Two readers sent in suggestions for getting OS X working with SonicWall’s NextExtender virtual private network system. Greg Johnson describes some IP addressing problems and how to fix them. Vern Gall sent us some suggestions regarding SonicWall firmware updates and port assignments. Here’s what Greg Johnson suggests regarding IP addressing:

Here are some things to try on the workstation end:

First, make sure the remote local area network does not use the same address range like 10.0.0.x or 192.168.x.x as the office network to which you want to connect. If it does, routing is confused. If you have the option, as with a home network, redefine the network in an address range that does not include any address in the office network’s range.

Check if the server pings or connects by IP address when at the office. If so does it ping or connect via NetExtender? If it does, a specific workaround is to connect via IP, and a general workaround is on the remote workstation to manually set the enterprise DNS server’s IP address as the primary DNS, and manually set as 2nd & 3rd the other DNS servers to use when not connected with NetExtender, typically public ones such as

Do other office servers or workstations ping or connect via NetExtender? If so, then the SonicWall or target server may have a rule prohibiting your connection. If not, then there is a general configuration problem, maybe a route problem. That’s a setting that can be made in SonicWall. On the workstation, one can try manually identifying the gateway for the target server with a route command.

Vern Gall sent us some other suggestions:

We have a Sonic Wall 3500 series and use NetExtender on Mac, Windows, and Linux systems — as far back as Windows XP 32-bit SP2 and Mac OS X 10.6.8 to as new as Windows 7 64-bit and Mac OS X 10.8.2 — and have no problems).

There have been a few firmware updates for Sonic Wall recently (November 2012) and if someone has changed settings in the firewall this user may not be able to do an AFP session (port 548 needs to be allowed access from the VPN zone to the DMZ or however they have named zones).

On Windows SonicWall has the NetExtender as well as a proprietary client called GlobalVPN (which is faster).

We’ve had no problems and there are lots of documentation on the net on how to configure SonicWall and OS X servers to play nice (even with Radius and OpenDirectory). Try Krypted.com and/or a Google search.

Leave a Reply

Your email address will not be published. Required fields are marked *