Slashdot Mirror

← Back to Stories (view on slashdot.org)

VPN Issues With New Airport Extreme 802.11n

Posted by kdawson on from the problem-with-drafts dept.

An anonymous reader writes "The new Airport Extremes are shipping and some users are reporting problems with certain types of VPN connectivity. There is a work-around posted in Apple's support forums, but the solution is less than ideal. These issues were not experienced in Apple's earlier Airport Extreme, and users are calling for Apple to fix the issue. Some have even taken their unit back to Apple until a fix is created."

6 of 87 comments (clear)

  1. Solution? Put 'er in the DMZ.... by karnal · · Score: 5, Insightful

    From the link; use the "default host" option:

    In Airport Utility, double-click on the AEBS. In the popup window, click on Internet. Then click on NAT. Check "Enable default host" and set the IP address to what the AEBS has given to your mac.

    The Nortel VPN client then works (at least for me anyway - It didn't work before I tried this).

    According to the help for the Airport Utility, "A default host is a computer on your network that is exposed to the Internet and receives all inbound traffic." This obviously doesn't sound like a permanent solution but it is definitely a workaround of sorts.

    So one recommendation/workaround is to put the device in the DMZ? That's a horrible workaround. Once your VPN connection is up, if it's smart it will disable any other traffic than destined for that VPN connection (and vice versa) but you're still exposed until you get the tunnel running. And that still doesn't eliminate any buffer/driver exploits...

    That's just... ick.

    --
    Karnal
  2. Re:well gee by Dunbal · · Score: 3, Insightful

    it's a basic law of selling stuff to test it with one of everything it could be doing up to a reasonable point BEFORE it ships.

          This is true of every industry EXCEPT software. Haven't you noticed?

    --
    Seven puppies were harmed during the making of this post.
  3. /. is better than reporting it to Apple by Lank · · Score: 3, Insightful

    I find it amusing that by this making the front page of slashdot, this will probably get sorted out much more quickly than had they gone through the proper channels over at Apple.

    --
    Gotta get me one of these!
  4. Why is this news? by erroneus · · Score: 5, Insightful

    People are already asking this. The answer is that the work-around is unacceptable. This is news when it is a Microsoft product. This is news when it's anyone's. Solutions that put users at even further risk is a bad solution.

    Here's what I hate, though. Apple sometimes decides not to fix things. It isn't likely to be the case here, but sometimes they just decide not to fix things.

  5. Re:How is this news? by karnal · · Score: 4, Insightful

    I don't believe the issue with the new Airport has anything at all to do with the 802.11n spec - it seems to be an internal routing functionality issue.

    --
    Karnal
  6. Re:Solution? Put 'er in the DMZ.... by wootest · · Score: 4, Insightful

    That doesn't change the fact that you shouldn't have to put it in the DMZ in the first place. It's a horrible workaround from a security point-of-view, and it's not even practical - if you have two computers inside that want to use a VPN, you're screwed because you can't have two "default hosts".

    Even if Mac OS X was twice as secure as it is - and yes, I'm one of them who thinks that outside of bugs and vulnerabilities that almost every piece of software has (unless it was developed by either NASA or djb), it's reasonably secure because it was designed to be more secure, not just because it enjoys less market share - that still wouldn't be a justification for an obvious bug in the base station's firmware. It's a lucky circumstance that may function as a workaround, but there's no way it actually qualifies as an acceptable solution to anything.