Mac VPN Setup

Posted: April 19th, 2012 | Author: | Filed under: Mac, Networking | No Comments »

I have a Mac at home, used as a media server (it’s plugged into my TV and stereo) which is on 24/7, and recently became interested in the idea of setting it up as a VPN server. There are two main reasons for this; firstly, so that I can mount its drives from my MacBook Pro wherever I might be, and secondly so that when using free wifi connections I can route my traffic securely through my VPN at home (side-benefit – using the VPN with my iPhone means that I can bypass O2’s restrictions on age-restricted material, such as b3ta.)

Most of the information I needed came from this excellent article at, but there are various other aspects to the setup that I have subsequently discovered and are worth sharing.

Having followed the instructions in the linked article, I could connect to my VPN from both my MacBook Pro and iPhone, but the MBP couldn’t see the home Mac’s drives. There are a few steps I had to take to make this work.


IP addresses:

Most domestic routers assign IP addresses in the 192.168.0.x or 192.168.1.x ranges. I setup my router to use a different subnet, 192.168.200.x, so that there will be no crossover between what the local router is serving up for IP addresses and what the iVPN is serving. In iVPN’s address range field I then chose –

I have also set the router to assign the home Mac a reserved IP address, so that it’s always the same.

OS X setup:

My MacBook Pro is running Lion, but I think this is the same for earlier versions. After setting up your VPN connection in System Preferences, your connections need to be set in the right order. In the Network preference pane, click on the options button under your network interfaces to choose “Set Service Order”


Here, HomeBase is what I’ve called my VPN connection. Then in the following window, drag your VPN connection to the top.

And click OK.

Now when connected to my VPN, in the Finder I can use command-K to connect to server, and type in my home Mac’s IP address on the home network. This is always the same as I have told the router to reserve it. ¬†My home Mac is at, so in the Connect To Server box, I type in afp:// I am then prompted to log in as if I was at home.

One more thing:

I have found that the VPN service doesn’t play well with uPNP on the router. I have disabled uPNP, and set up manual port forwarding rules for all services on the network.



OS X Lion

Posted: July 26th, 2011 | Author: | Filed under: Apple, Mac | No Comments »

I was going to write a post about Lion, but @smithsocksimon’s already written what I was going to say much better than I would have. Some Lion impressions.

Life without Flash

Posted: June 23rd, 2011 | Author: | Filed under: Internet, Mac | No Comments »

Just read an interesting post by Shadoe Huard – 7 months Flashless – about, well, not using Flash for 7 months. I’ve been doing the same for some time, and it’s transformed my browsing experience.

As an iPhone addict, I’m used to having Flash content denied to me; however I’m also used to having alternatives provided to me. iPhone content developers are increasingly using HTML5 to provide iOS-accessible content, and this is coming to the desktop too.

I’ve not gone to the extreme of completely removing Flash, but I have employed workarounds. The greatest is ClickToFlash. This excellent Safari plugin disables Flash content, replacing it with a box notifying you that there is Flash content. You can then click on the box to enable the Flash content, should you wish. The benefits are tangible – pages load faster, and the fans on the MacBook don’t whir up to 10000000 rpm!.

There are a few sites out there that are still sadly heavily Flash reliant. I’m a Liverpool fan, so I visit every day. This site unfortunately uses a great deal of Flash navigation. The good thing is that ClickToFlash offers the option automatically to enable Flash content on a site-by-site basis. This means that the site displays as it is meant to without me having manually to enable the content on every visit.

YouTube is of course another Flash-based site. ClickToFlash however blocks the Flash video and serves up the HTML5 video that they provide anyway for iOS devices. The result is much lower processor overheads for watching web video. Not just YouTube – Vimeo is also served up as HTML5.

Probably the most insidious usage of Flash however is advertising. A combination of ClickToFlash and the methods outlined in my recent post about ad-blocking mean that you can view websites in peace. A problem with Flash is that hovering the mouse over a Flash ad normally doesn’t show where the link goes to, so it can be difficult to find the server to add to my block list. Techniques have also been developed to obfuscate the link in the source code, so just blocking the Flash full stop does the trick.

Simple common sense

Posted: June 22nd, 2011 | Author: | Filed under: Internet, Mac | No Comments »

A few weeks ago there was a great hullabaloo about the first large-ish scale trojan to hit Mac OS X. MAC Defender and its variants were heralded as the first in a wave of threats against the Mac platform, and proof that we Mac users were about to be knocked from our smug high horses.

Well, let’s get this into perspective. OS X is now nearly 10 years old, and this is the first instance of a piece of malware running wild. And the thing is, it’s entirely avoidable (as are many Windows infestations) by using simple common sense.

Here’s a picture of a MAC Defender window.

MAC Defender

MAC Defender, from (click for large version)

This scary looking window relies purely on social engineering to make you accept its warnings. It looks like an official window, but is it? Look closely.

Firstly, there’s its name – MAC Defender. Macs are Macs, not MACS. Why the capitalisation? Then read the text. It is littered with grammatical errors and non-sensical sentences – “The largest worldwide companies trust MAC Defender their nets and security”, for example. Does this look like the work of an official product, or a bunch of scammers?

Then consider the ultimate purpose of the application – to harvest credit card numbers by making you buy their product (amusingly the window pictured shows the words “credit card” capitalised, as the creators of this trojan promise to protect you from exactly what they’re up to).

Simple common sense dictates that you do not ever type your credit card information into something that has appeared on screen unbidden.

You can protect yourself more though. A glaring flaw in the Mac’s security has always been Apple’s decision to allow downloads to open automatically. This is what has allowed this malware to infect people – visit an infected page, or click an infected link, and not only does the malware download but is able to open. You can protect yourself by turning this option off in Safari.


Safari preference window

Safari preferences

Make sure that the last option “Open safe files after downloading” is unchecked. Now whatever is downloaded to your machine, by choice or by not, will remain in your downloads folder until you choose to open it. If in doubt about where something came from, don’t open it. Simple common sense.

Blocking adverts in Mac OS X

Posted: June 22nd, 2011 | Author: | Filed under: Internet, Mac | No Comments »

All banner adverts come from web servers. But a Mac running OS X is a perfectly capable web server in its own right. This article describes how to tell your Mac to look for  adverts on itself, rather than wasting time and bandwidth connecting to adverts.

Due to OS X’s web serving capability, it is perfectly possible to redirect your browser into looking for ad servers’ IP addresses locally.

Of course, looking for them locally means that it won’t find what it’s looking for, and will draw a blank.


This requires a bit of Terminal work, and an admin account.

The first thing to do is edit your ‘hosts’ file. This is the file that explains to your web server any custom URL resolution that you might require. The TCP/IP protocol reserves the address ‘’ for the machine that you’re on, so this is what we’ll exploit. We’ll use the pico editing program for this.

First, fire up

Then type in:

sudo pico /etc/hosts

You’ll be prompted for your password. Then the pico editor will open, displaying something like this:

# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
## localhost broadcasthost
::1 localhost

Using your cursor keys, get down to the bottom of this. Now we’re going to insert a list of most known ad servers. Highlight the below list, then copy and paste it below what’s above: AdSubstract adsubstract

Now, notice what they’ve all got in common? That’s right, they all start with This is telling your browser that instead of looking for these ad servers via the internet, it should look for them on your machine.
You’re going to have to quit pico now and save this, so hit ctrl-o to save, then ctrl-x to quit.

OK, this is all well and good, but what exactly is your browser going to look for on your machine? It doesn’t know, and nor does your Mac, yet. If you run this as it is, you’ll just get pages full of “Error, page not found” which are potentially just as annoying as the ads.
Solution? Make a blank page. Fire up your favourite text editor (BBEdit, TextEdit, or suchlike), make a new document, and TYPE NOTHING INTO IT.

Now save this as “missing.html” into your server directory. Make sure there’s no other extensions applied to that, like ‘.txt’, or ‘.rtf’. Your server directory is your_harddrive/Library/WebServer/Documents

Now, just one step left. We need to tell the Apache web server what to do when it comes across an advert but is instructed to look locally. We need to edit its configuration file so that it displays our newly created “missing.html”.

Back to Terminal.

Fire up Terminal, and type

sudo pico /etc/httpd/httpd.conf

Again, you’ll be asked for your admin password. So type it in.

We need to find the bit relating to how Apache will deal with local requests specified by the hosts file we just pasted loads of lines into. It’s a big file, so let’s do a search. Hit ctrl-W for “where is”, and type ‘local redirects’. Provided you haven’t got some weirdo super-customised httpd file, this should drop you straight to the line saying:

# 2) local redirects

Underneath this is what we have to change. Whatever it says after ‘ErrorDocument 404’, change it so that it looks like this:

ErrorDocument 404 /missing.html

Notice something missing? That’s right, make sure you take the # off the beginning of the line.

That’s us done here, so let’s save and exit. Remember? ctrl-o to save, then ctrl-x to exit.

OK, there’s one last step. We have to restart Apache to make it recognise the changes we’ve made.
So open System Preferences, choose Sharing, turn off Web Sharing, then turn it on again.

And that’s it. For future reference: It’s almost impossible to maintain an exhaustive list of ad servers; they change all the time. But if you find one that’s getting through, do let me know. I’ll add it to the list. ASAP.