Mac OS X 10.4.x Network Configuration

This document describes how to configure the network portion of Mac OS X 10.4.x for use with the Princeton University campus network. Specifically, it covers configuration for use with OIT Ethernet Service, OIT Wireless Service, OIT Remote Access, and OIT PPTP VPN Services.

This document does not cover Mac OS X 10.5.x; for that version, see Mac OS X 10.5.x Network Configuration.

Contents

1. Software Versions and Update Recommendations
2. The Network Pane in System Preferences
3. About Network Locations
4. Creating Locations
5. Configuring Locations
6. Selecting a Location
7. Internet Connect Application
8. PPTP VPN Client
   1. PPTP VPN: Configuration
   2. PPTP VPN: Connecting
9. AirPort Status Menu
10. Modem Status Menu
11. VPN Status Menu
12. Network Configuration in the Classic Environment
13. Notes and Caveats
14. Support History at Princeton

Versions of Mac OS X 10.4.x considered "current" at Princeton at this time are:

• Mac OS X 10.4.11

All older versions are no longer considered "current" at Princeton, and should be updated. This documentation assumes you are using a current version of Mac OS X.

If you are not sure what version of Mac OS X your Mac is running, use the About this Mac command under the Mac's Apple menu. If you are running a version that we no longer consider current, we recommend you upgrade to a current version; our documentation assumes you are running a current version.

Upgrading:

• To upgrade from version 10.0.x through 10.3.x to version 10.4.11, purchase Apple's Mac OS X 10.4 product; this is a commercial upgrade. After installing version 10.4, use Software Update pane in System Preferences to update to version 10.4.11.

• To upgrade from version 10.4 - 10.4.10 to version 10.4.11 use the Software Update pane in System Preferences.

Use the System Preferences application to perform network configuration. You will find this application in Mac OS X's Applications folder, as well as in the Apple menu. It may also be in the Dock.

Launching the System Preferences application displays the main System Preferences window. Within this window, click the Network icon; the Network pane of System Preferences is displayed. All network configuration steps will be performed within this pane, sometimes called the "Network preferences pane" or simply "Network preferences."

If the lock icon in the window's lower-left corner is locked, click the icon to unlock the Mac's System Preferences; you will need to provide an administrator's password to do so.

When you have finished making changes (described below), click the Apply Now button in the window's lower right corner (if you have made changes you wish to keep). If earlier you unlocked your System Preferences, and wish to relock them, click the lock icon in the lower-left corner of the window.

You may then select Quit System Preferences from the System Preferences menu.

In Mac OS X, a network location (or simply a location) is a group of saved configurations for one or more network ports.

Commonly-used kinds of network ports (also called interfaces) include an Ethernet port, a Wireless port (e.g. an Apple AirPort card), and a Modem port. Less commonly-used ports include a VPN (PPTP) port (used for some Virtual Private Networks), a FireWire port, and IrDa Modem.

Throughout this documentation, we use the terms network location or location as Mac OS X does (rather than in the conventional sense to mean a physical location).

In its simplest form, you may use a location to correspond to a single way of connecting your Mac to the network; e.g. "Ethernet in my office", "Modem at home", "Wireless using OIT Wireless Service". Each time you connect your Mac to the network in a different way, you would select a different location.

Because a single location can include configurations for multiple network ports, sometimes a single location can be used when connecting your Mac to the network in more than one way (e.g. "Ethernet in my office" and "Modem at home"). Making a single location perform double duty may be convenient, saving you the trouble of selecting a different location each time you connect your Mac in a different way.

At the top of the Network pane of System Preferences is a Location pop-up menu. This is where you may select the current network location, create new locations, and delete uneeded locations. Initially this menu contains one location named Automatic. The pop-up menu may list additional locations, if you have created any previously.

The Location pop-up menu also contains commands to create a new location name and to edit existing locations names. These commands only are used to create, rename, and edit location names. Once a location name exists, to view or edit its configuration, you select the location name in the Location pop-up menu; the remainder of the Network pane will display that location's configuration.

A single Automatic location may meet your needs, or you may need to create additional locations:

• If your Mac has a single network port (e.g. Ethernet), always uses this single port to connect to the network, and is always connected to the network in the same way, there's no need for you to create other locations. The Automatic location should work fine for you.

• If your Mac has both a Wireless port and another port (e.g. Ethernet), and you don't want the Mac to silently switch from one port to another (e.g. from OIT Ethernet wiring to an untrusted third party's private Wireless Access Point), you may decide it is prudent to create a unique location for each connection method.

• If your Mac has multiple network ports which might find themselves simultaneously attached to live networks, and each of those networks is a different campus IP subnet, some traffic sent by your Mac will be discarded by the campus network.

  This would happen, for example, if your Ethernet port is attached to the campus network, but your Wireless port also happens to be within range of an OIT Wireless Access Point, so both are simultaneously attached to live (but different) IP networks. (For the curious, a technical explanation for why the traffic is discarded is at Mac OS X Network Configuration: OIT Notes and Caveats.)

  You can avoid this problem by creating a unique location for each network port, designating that only one port be active in each location.

• If your Mac has multiple network ports which might find themselves simultaneously attached to live networks, and two (or more) of those network interfaces are attached to the same IP subnet, the Mac's network software may operate in a way that is not acceptable on the campus network. It may mistakenly use the IP address of one interface for the other interface.

  This is a variation of the previous problem, but is particularly bad when both interfaces are attached to the same IP subnet. Few operating systems support having two network interfaces simultaneously attached to the same IP subnet.

  This would happen, for example, if your Ethernet port is attached to the campus network, and your Wireless port also happens to be within range of a private Wireless Access Point attached to the same IP subnet and operating as a bridge. (It doesn't happen with OIT Wireless Service, as OIT's Wireless Access Points are attached to an IP subnet that provides no customer Ethernet connections.)

  As the resulting network activity is not acceptable on the campus network, you must avoid this problem, typically by ensuring that only one of your network interfaces is active at a time; the simplest way to do this is by creating a unique location for each network port, designating that only one port be active in each location.

• If you connect your Mac to the network using the same kind of network port in more than one way at different times, and each way you connect requires a different configuration for that network port, you will need to create a location to hold each of the different configurations. One example would be using the Modem port with different phones numbers (e.g. local and long-distance). Another example would be using the Wireless port with different Wireless Network Names (a.k.a. SSIDs), such as OIT Wireless Service puwireless and a private wireless network. Or you might use the Ethernet port with DHCP service in some locations, but Manual service in others.

• If you sometimes operate your Mac with no network connection, and don't want it to waste time trying to establish a network connection, you may want to create a location with no active network ports.

If based on the previous section, you believe the single Automatic location should meet your needs, you are welcome to use it; you may skip this section, and proceed to the Configuring Locations section below.

On the Network pane in System Preferences, use the Location pop-up menu to create a new location name as follows:

1. In the Location pop-up menu, select New Location....

2. A sheet will appear asking you to name your new location. Enter a name, e.g. Ethernet, Wireless, Modem, Offline, etc.

   You may use different names than these; throughout our documentation, we often assume you are using these names. For example, if you use your modem from two different locations that require you to specify the phone number differently (sometimes preceeded by 1-area code, and sometimes not), you might choose to create a location for each, perhaps named Modem - Long Distance and Modem - Local. Or if you use OIT Wireless Service on-campus, but a private wireless network at home, you might choose to create locations named Wireless - OIT and Wireless - Home.

3. Click the OK button to save the new location name and dismiss this sheet.

4. The new location you named has been created with some default settings. Its name appears in the Location pop-up menu, and is the currently-selected location.

   A new location's initial settings are the same as the Automatic location that originally comes with Mac OS X.

5. Click the Apply Now button in the Network pane.

If you need to create additional locations, repeat the steps above.

You need not immediately create all the locations you might eventually need; you may choose to create just the location(s) you need initially, then return to this procedure in the future when you need to create other locations.

If there are any locations you will not be using (for example, perhaps you have decided not to use the Automatic location), delete them to avoid confusion. You may do so by selecting the Edit Locations... command from the Location pop-up menu. A sheet will appear, listing all location names. For each location you wish to delete, select the location name, then click the Delete button. When you are done deleting locations, click the Done done button to dismiss the sheet listing all location names. Finally, click Apply Now in the Network pane to save your changes.

At this point you have one or more locations created, but have not yet configured them properly for use with the campus network. (When you create a new location, its initial configuration has settings that are usually inappropriate for use with the campus network. For each location, you will need to configure it appropriately, as described in the next section.

Any location you create, as well as the Automatic location, begins initially with a default configuration. The initial configuration is usually not appropriate for use with the campus network. You should reconfigure the location (even the Automatic location) appropriately for use with the campus network.

For each location, configure it as follows:

1. Select the location name in the Location pop-up menu.

2. In the Show pop-up menu, select Network Port Configurations.

   This will display a list of network ports that are part of this location. It will also indicate (via a checkmark) which of the ports are "on".

   Common names of network ports include Built-in Ethernet (for an Ethernet interface built into the Mac's motherboard), AirPort (for an Apple AirPort Wireless interface), Built-in FireWire (for a FireWire interface built into the Mac's motherboard), and Internal Modem (for an Apple Modem installed inside the Mac). (If the Internet Connect program has been allowed to "set up" this network location for use with the PPTP VPN client, a port named similar to VPN (PPTP) will also appear. Less common network ports include: IrDa Modem (for an infrared port).

   If your Mac has a third-party network port, the name may be less apparent; e.g. a third-party PCMCIA card might be named something like Ethernet adapter (en1) regardless of whether it's an Ethernet or a Wireless port. If the name of the port is confusing, you can rename it by double-clicking its name in this list, then typing a new name. When you rename a port this way, the new port name appears only within the current location; if you have multiple locations, you may want to rename the port in the same way within each location to avoid confusion.

   When you create a new location, the Mac assumes it should have all possible network ports "on" simultaneously; you will change this next.

3. In the list of network ports displayed by Network Port Configurations, uncheck (turn off) all of the network ports listed except the port(s) that should be "on" in this location.

   Since most often you create a new location to be used with a single network port, you will usually want only that one network port "on." For example, if this location will be used when you are attached via the Built-in Ethernet port, uncheck all ports except the Built-in Ethernet port.

   If the location has already been set up to be used used with the PPTP VPN client, and you wish to continue to use this location with the PPTP VPN client, then the VPN (PPTP) port must remain "on", along with the physical port used to attach the computer to the network (e.g. the Ethernet or AirPort port).

4. In this list of network ports, , you should not need to use the New..., Duplicate, or Delete... buttons.

5. In this list of network ports, you may choose to drag the network ports into a different order.

   When only one port is "on", it does not matter in which order the ports are listed.

   If more than one port remains checked, the order matters, but not in the way one might expect. We have not found definitive documentation explaining how this works.

   (In Mac OS X 10.2, the Mac tried to connect to the network simultaneously using all ports that are turned "on"; their order in the list matters in determining the Mac's default IP route. We have not found accurate detailed information describing the behavior in newer OS releases. The relevant "Help" information for this topic provided in later releases indicates that the OS tries the network ports in the order they appear in the list, but this appears to be incomplete or inaccurate. It appears instead that the OS will make simultaneous use of the enabled ports, at least for some kinds of ports. The effect of the ordering is unclear.)

   Having multiple ports simultaneously "on" could lead to unexpected behavior, as mentioned above in About Network Locations. You could avoid these issues by ensuring that each location has only a single network port turned on. (If you do choose to have multiple ports turned on, you should be prepared to decide the order in which they should be listed, taking into consideration which port you want associated with the Mac's default IP route. Or perhaps the location you are configuring may use the PPTP VPN client, so you must leave the PPTP port turned on, in addition to your regular network port.)

6. In the Show pop-up menu, select the name of a network port.

   If you specified that this location should have only one network port turned on (using the list of network ports displayed by Network Port Configurations), then only one network port name will appear in the Show pop-up menu.

   Otherwise more than one port name will appear; select one of them for now; you will need to come back this step later for each additional port appearing in this pop-up menu.

7. If possible, arrange for your Mac to be physically attached to the campus network using the network port you are currently configuring.

   For example, if you are configuring an Ethernet port, ensure the Ethernet cable is attached. If you are configuring a Wireless port, ensure you are within range of a Wireless Access Point. If you are configuring a Modem port, ensure the phone cord is attached to your modem.

   If this is not possible at this time, you can still perform most of the configuration steps below.

   If you are configuring a VPN (PPTP) port, you need not arrange for your Mac to be physically attached to any network at the time you configure this port.

8. The Network pane now displays a series of tabs to allow you to configure the behavior of this single network port within the current location. Each tab causes a different pane to be displayed within the Network pane. In the steps below, you will click each tab, and configure its associated preferences pane.

9. If the Ethernet tab appears, click it. (This tab appears only for Ethernet ports.)

   In the Configure pop-up menu, select Automatically.

10. If the PPPoE tab appears, click it. (This tab appears only for Ethernet ports.)

    As we do not use PPPoE ("PPP over Ethernet") to connect to the campus network, verify that the Connect using PPPoE and the Show PPPoE status in menu bar checkboxes are not checked.

11. If the AirPort tab appears, click it. (This tab only appears for Wireless ports using Apple's AirPort card. If you have a third-party wireless card, a tab with a different name may appear, and you will need to consult your vendor's documentation to learn how to configure your wireless card.)

    Configure the Apple AirPort interface as follows (for use with OIT Wireless Service):

    1. Check the Show AirPort status in menu bar box. This creates a menu that displays the Wireless Access Point's signal strength, and lets you quickly turn on and off your AirPort card.
    2. Locate the AirPort menu in the menu bar. If it says that AirPort is presently off, select the Turn AirPort On command from this menu.
    3. In the By default, join section, select Preferred networks.
    4. If any network names appear in the table of wireless network names, remove them. Do this by selecting each name then clicking the - (minus) button below the table.
    5. Click the the + (plus) button below the empty table of wireless network names. A sheet will be displayed, allowing you to specify a wireless network name and its security settings.
    6. In the Network name pop-up menu/field, select puwireless If this name does not appear in the pop-up menu/field, your Mac may be outside the range of OIT Wireless Networking Service. You may instead type the name puwireless into this field; be sure to use all lower-case. (This wireless network name is sometimes referred to as the SSID (Service Set Identity).
    7. The Wireless Security pop-up menu should be set to None. No password is used, as OIT Wireless Networking Service does not use Wired Equivalent Privacy (WEP) or Wireless Protected Access (WPA).
    8. Click OK to dismiss this sheet and return. The table of preferred networks should now contain just a single entry, with a network name of puwireless and a security setting of None.
    9. Click the Options... button to display the AirPort options sheet.
    10. In the If no preferred networks are found pop-up menu, select Keep looking for recent networks (to force the Mac to silently keep looking for the specified wireless network).
    11. Turn off the Automatically add new networks to the preferred networks list checkbox.
    12. Click the OK button to dismiss the sheet.

    You should be aware that Apple's AirPort software (up through at least Mac OS 10.4.3) exhibits a number of frequent problems when in the presence of multiple wireless networks, in switching from one wireless network configuration to another, and in connecting to password-protected wireless networks. More information appears at Mac OS X Network Configuration: OIT Notes and Caveats

12. If the Modem tab appears, click it. (This tab appears only for Modem ports.)

    Configure the modem as follows:

    1. In the Modem pop-up menu, select the name of your modem. (If you don't see an appropriate name, you will need to obtain a CCL file from your modem's vendor, then copy the file to your Mac's /Library/Modem Scripts/ directory.)
    2. Check the Enable error correction and compression in modem box.
    3. Leave the Wait for dial tone before dialing box checked unless your phone has a non-standard dialtone, or lacks a dialtone.
    4. Use the Sound On or Off buttons to select whether the modem's speaker should be on while the modem is dialing and negotiating. It's usually a good idea to leave this set to On as some errors will be apparent when you hear the modem dial and negotiate.
    5. Use the Dialing Tone or Pulse buttons to select whether the modem should use Tone or Pulse dialing to dial the phone.
    6. The Country Setting field should already be correct; if it isn't, you might need to adjust other System Preference panels.
    7. Leave the Show modem status in menu bar box checked. This creates a menu that displays the modem's status and time connected, and lets you quickly connect (dial) and disconnect (hang up).

13. If the PPP tab appears, click it. (This tab appears only for Modem ports.)

    Configure PPP as follows (for use with OIT Remote Access Service).

    NOTE WELL: As announced January 24 2007 by OIT through a variety of media, OIT Remote Access Service this service will be discontinued on July 1 2007. A copy of the text of the announcement is available in the OIT KnowledgeBase.

    1. In the Service Provider field, optionally enter a name for this PPP configuration; for example Princeton University.
    2. In the Account Name field, enter your OIT netid, e.g. jxdoe.
    3. We recommend that you leave the Password field blank. This will cause your Mac to prompt for your password each time you connect. (If you prefer not to be prompted, you may enter your OIT LDAP Directory password in this field, and check the Save password box. This saves your password on your Mac; note that this allows anyone with access to your Mac to make use of this password to connect, and it allows anyone with access to the files on your Mac to steal the password. Although the password appears as bullets, it is not stored securely.)
    4. In the Telephone Number field, enter the phone number for the Remote Access server. (The phone number for charged service is (609) 806-1000; the phone number for non-charged service is (609) 258-0430. Depending on where you are and what kind of phone service you have, you may need to enter the phone number differently. E.g. for a local call, enter 806-1000; for long-distance, you might enter 1,609-806-1000.)
    5. Leave the Alternate Number field blank.
    6. As mentioned earlier, it's best to not save your password on disk, so leave the Save password box unchecked unless you choose to take this risk.
    7. Click the PPP Options button. The Session Options and Advanced Options sheet will appear.
    8. Check the box named Connect automatically when needed. (In the event your Mac attempts to connect at times you would prefer it not do so, you may choose to uncheck this box. If you do so, you will need to manually instruct your Mac each time you want it to connect. You may do so using the Modem Status menu, or using the Internet Connect application.)
    9. You may wish to check the Prompt every ... minutes to maintain connection box. This will cause the Mac to remind you while you are connected, and to automatically disconnect in the event you do not respond to the reminder.
    10. You may wish to adjust the Disconnect if idle for...minutes setting, or to uncheck this box.
    11. If you wish to remain connected even if you logout from Mac OS X, uncheck the Disconnect when user logs out box.
    12. If you wish to remain connected even when switching user accounts, uncheck the Disconnect when switching user accounts box.
    13. We suggest you uncheck the Redial if busy box; you can check it to cause the Mac to redial in the event the phone number is busy.
    14. The Terminal Script pop-up menu should be set to None.
    15. Check the Send PPP Echo Packets box to allow your Mac to detect unexpected disconnections more rapidly than it would otherwise.
    16. Check the Use TCP header compression box.
    17. Uncheck the Connect using a terminal window (command line) box.
    18. Unheck the Prompt for password after dialing box. It's better for the Mac to prompt for a password (if none has been supplied) before dialing, so it is ready to send the password to the server without delay.
    19. Check the Use verbose logging box. This causes more detailed messages to be stored in the Connection Log, which can help in diagnosing problems.
    20. Click the OK button to dismiss the Session Options sheet.

    If you need more information about the Campus Remote Access Server, (e.g. billing, usage policies, modem speeds), see OIT Remote Access Services.

14. If the AppleTalk tab appears, click it. (This tab appears only for Ethernet and Wireless ports.)

    Uncheck the Make AppleTalk Active box. (AppleTalk was retired on August 4 2005 throughout OIT Ethernet Service and OIT Wireless Service.)

15. Click the TCP/IP tab.

    In nearly all circumstances, configure TCP/IP as follows (for use with OIT Ethernet Service, OIT Wireless Service, or OIT Remote Access Service):

    1. In the Configure IPv4 pop-up menu, select Using DHCP if this location's port is Ethernet or Wireless. Select Using PPP if this location's port is a Modem or is PPTP.
    2. If the DHCP Client ID field appears, make sure it is empty.
    3. Make sure the field named DNS Servers is empty.
    4. If this location's port is Ethernet:
       1. Determine your default DNS domain name. This is your Mac's Internet hostname, with the first word (up through the first period) removed. For example, if your Mac's hostname is foo.princeton.edu, the default DNS domain name is princeton.edu. If your Mac's hostname is foo.student.princeton.edu, the default DNS domain name is student.princeton.edu.
       2. If the default DNS domain name is princeton.edu, you may leave the Search Domains field blank. (Or you may enter princeton.edu in this field; it will have the same effect.)
       3. Otherwise, if the Mac's default DNS domain name is not princeton.edu, enter the default DNS domain name on the first line of the Search Domains field. Enter princeton.edu on the next line of this field (assuming your Mac hostname ends with princeton.edu).
       4. If there are multiple DNS subdomains between your Mac's default DNS domain name and princeton.edu, instead enter each name in the field. (For example, if your Mac's hostname is foo.bar.baz.princeton.edu, enter the names bar.baz.princeton.edu, baz.princeton.edu, and princeton.edu, in that order.) Enter all the names on a single line, separated by commas.
    5. If this location's port is Wireless, the Search Domains and DNS Servers fields should be empty.
    6. If this location's port is a Modem or is PPTP, enter princeton.edu into the Search Domains field, and leave empty the field named DNS Servers.
    7. Click the Configure IPv6 button to display the IPv6 sheet.
    8. In the IPv6 sheet's Configure IPv6 pop-up menu, select Off.
    9. Click the OK button to dismiss the IPv6 sheet.

    The instructions above for configuring TCP/IP are appropriate for nearly all circumstances. However, if this location's port is Ethernet, and you choose to use BootP or manual configuration (neither is normally recommended) instead of using DHCP, you will need to configure TCP/IP differently than described above. In that event, follow these more general instructions instead.

16. If the Proxies tab appears, click it.
    1. Ensure the Use Passive FTP Mode (PASV) checkbox is checked; using passive FTP mode can address some FTP difficulties in the presence of firewalls or NATs.
    2. As no proxy servers are needed to connect to the campus network, no other checkboxes on this pane should be checked.

17. Click the Apply Now button in the Network pane to save the configuration for this network port.

18. If there is any other network port listed in the Show pop-up menu that you have not yet configured, return to step 6 to select that port and configure it.

    Repeat this process until you have configured all network ports in the Show pop-up menu for this location. (These correspond exactly to the set of network ports turned "on" in the Network Port Configurations list.)

If you created multiple locations, repeat the steps above (go back to step 1) for each each location.

You may also wish to create an additional location in which no network ports are active (e.g. name it "Offline"), for use when your Mac will have no network connection, and you don't want it to attempt to establish a network connection. Simply uncheck all the network ports in the Network Port Configurations list.

After you are done configuration all your locations, click the Apply Now button in the Network pane (it will be dimmed if you have made no changes since last clicking it). Then select Quit System Preferences from the System Preferences menu.

After you have created any necessary locations, and configured all your locations, all that remains is to select your current location. You may do so in either of the following ways:

• You may use the Location hierarchical menu, located in the Mac's Apple menu. It lists the name of each of the locations currently defined; select one to change to that location. (You may do so even if the Mac's System Preferences are locked.)

• You may open the System Preferences application, either from within Mac OS X's Applications folder, or from the Apple menu. (It may also be in the Dock.) Select the appropriate location from the Location pop-up menu, then click the Apply Now button. (You may do so even if the Mac's System Preferences are locked.) You may then quit the System Preferences application.

If you have several locations defined, and need to switch among them (e.g. when you change the way your Mac is connected to the network), you may use either method above to select a different location. The first method is usually more convenient, as it involves just a single step.

When you select a different location, any connections that were present at the time you switch location may be disconnected. Any network applications that was running before you switched locations may stop working; you may need to quit and restart those applications. (Some applications may be better than others in automatically handling this situation without needing to be restarted.)

Under most circumstances, you do not need to restart your computer (nor logout and login) simply because you select a different location; you might need to do so if your computer runs any network-based servers.

The Internet Connect application performs a number of barely-related functions.

It includes configuration functions that duplicate some items that appear of the Network pane in System Preferences (and are better performed in System Preferences). It also includes some configuration functions missing from System Preferences. It also includes monitoring or connect/disconnect capabilities duplicated in the optional AirPort, Modem, and VPN status menus. And finally, it includes some monitoring and connect/disconnect capabilities unique to the Internet Connect application.

The program may be found in Mac OS X's Applications folder. A command to launch the application may also present in the AirPort Status menu, Modem Status menu, and VPN Status menu if the current network location includes an AirPort, Modem, or VPN port, respectively.

When you open the Internet Connect application, a Connection window may open. If one does not open, you can open one using the New Connection Window command in the File menu.

When you open the Internet Connect application, a Connection Log window may also appear; for certain kinds of connections (e.g. Modem and VPN connections) you may also open this window using the Connection Log command in the Window menu. This window contains information useful for troubleshooting modem and VPN connections. You can close this window if you do not need the troubleshooting information it provides.

The connection window serves a number of barely-related purposes. It may be used to display the status, partially configure, and connect/disconnect AirPort, Modem, VPN, 802.1X, and IrDa, connections. The toolbar at the top of the window contains icons from which you may select; their names may be similar to AirPort, Modem, VPN (PPTP), 802.1X, and IrDA. You select one of these icons to cause the connection window to become an AirPort Connection window, a Modem Connection window, a VPN Connection window, or an 802.1X Connection window.

The AirPort Connection window contains information and settings that duplicate some of the items present in the AirPort Status menu or the Network pane in System Preferences. As a result, there's rarely any need to use the Internet Connect application to use an AirPort interface. One item present in this window not available elsewhere is the Wireless hardware address ("Base Station ID") of the Wireless Access Point to which your AirPort interface is currently associated (if any).

The Modem Connection window contains information and settings that duplicate some of the items present in the Modem Status menu or the Network pane in System Preferences As a result, there's often no need to use the Internet Connect application to use a Modem interface. One item present in this window not available elsewhere is a pair of indicators (visible when you have an active PPP connection) showing send and receive activity between your Mac and the modem.

The VPN Connection window is used to perform most of the configuration necessary to use a PPTP VPN connection. Once configured, it may also be used to actually connect and disconnect the VPN connection. More information appears in the PPTP VPN Client section.

Mac OS X includes VPN client software supporting the Microsoft Point-to-Point Tunneling Protocol (PPTP). You may use this client to connect to OIT PPTP VPN Service.

Configuration of the PPTP VPN client is performed mostly within the Internet Connect application. Some configuration must be performed in the Network pane in System Preferences.

If you have not previously "set up" the current network location for use with the PPTP VPN client, do so as follows:

1. Ensure your Mac already has a properly configured, functioning network connection. The VPN client communicates with a VPN server over an already-working network connection.

   As the next few steps will modify the settings for the currently-selected Network "Location", before proceeding, be sure you have selected the location you intended to use in the Network pane in System Preferences.

2. Open the Internet Connect application. (The application is located in the Applications folder.

3. Ignore any Connection Log window displayed by the Internet Connect application.

4. A connection window may already be displayed by the Internet Connect application; it might be entitled VPN, AirPort, Modem, 802.1X, or something similar.

   If no connection window is display, click the New Connection Window command in the File menu.

   If a connection window is displayed, but the window's title doesn't indicate that it it is a "VPN (PPTP)" connection window, click the VPN (or "VPN (PPTP)") button in the window's toolbar to change the window to a VPN (PPTP) Connection window.

5. An alert with the following message may appear: "Your computer needs to be set up to make VPN connections. To continue with setup, choose which kind of VPN you'd like to configure, then click Continue. Check with your network administrator if you are unsure which to choose."

   From the radio buttons which appear in the alert, select PPTP, then click Continue. If you are prompted for an administrator password, enter it.

6. The Internet Connect application silently modifies the current network location, adding a VPN (PPTP) port.

7. The connection window is replaced with a "VPN (PPTP)" connection window. This window contains controls that allow you to create and edit PPTP configurations, and to connect to a PPTP VPN server.

   Each "configuration" you create here represents a different PPTP VPN server, or PPTP VPN server account. If you use different VPN servers (or accounts) at different times, you may choose to create multiple configurations.

   Note that the PPTP VPN configurations you create here are associated only with the current network location. If you create multiple network locations (in the Network pane in System Preferences, each will have its own set of PPTP VPN configurations.

8. In the Configuration pop-up menu, select Edit Configurations....

9. A sheet will appear, allowing you to edit VPN PPTP configurations.

10. If this is your first VPN PPTP configuration for the current network location, the application will automatically create a new VPN PPTP configuration with a description of VPN (PPTP) Configuration. and select it for editing.

    If you've previously created any VPN PPTP configuration for the current network location, the application will instead select one of your existing configurations, suggesting that you edit it. If you don't want to edit that configuration, select one of the others you wish to edit; if instead of editing any of the existing configurations you wish to create a new configuration, click the + button to create a new configuration. (Confusingly, this will copy the currently-selected configuration, suggest a new description (e.g. Foo Copy), and select it.)

11. In the Description, enter a more suitable name for this configuration, such as "Princeton VPN" or perhaps "OIT PPTP VPN".

12. In the Server Address field, enter vpn.princeton.edu.

13. In the Account Name field, enter PRINCETON\netid, where netid is your OIT Windows netid.

14. In the User Authentication area, select the Password radio button. (In Mac OS 10.3.x, the area is called Authentication, and the radio button is labelled Password.)

15. In the field to the right of the Password button, you may enter your OIT Windows password. Because storing your OIT Windows password on disk is not a good idea, we suggest you leave the field blank, to force the Internet Connect application to prompt you for the password each time you connect to the VPN server.

16. In the Encryption pop-up menu, select Maximum (128-bit only).

17. Leave the Enable VPN on demand checkbox unchecked.

18. If you use other accounts or PPTP VPN servers from the current network location, you may wish to create additional PPTP VPN configurations. You may do so without leaving the configurations sheet; use the + button to create a new configuration that is a copy of the currently-selected configuration.

19. Once you are done creating PPTP VPN configurations, click the OK button to dismiss the Configurations sheet.

20. You are returned to Internet Connect's VPN (PPTP) Connection window.

    The configuration you just created is selected as the current VPN (PPTP) configuration in the Configuration pop-up menu. The values you entered earlier for server address, account name, and password are filled into the corresponding fields int the VPN (PPTP) Connection window.

21. Leave the Show VPN status in menu bar box checked. This creates a menu that displays the status of your VPN connection, and lets you quickly connect and disconnect from a VPN server.

22. Optionally, enable verbose logging for VPN (PPTP) connections. This may help support staff diagnose problems.

    If you choose to enable verbose logging, select Options... from the Connect menu. This displays the Session Options sheet. Turn on the Use verbose logging checkbox. Click the OK button to dismiss the Session Options sheet.

23. Do not attempt to connect to the VPN server at this time; there is some additional configuration to perform before using the VPN client.

24. Select Quit from the Internet Connect menu.

25. The current network location is now "set up" to use PPTP VPN; i.e. a VPN (PPTP) port has been added to the network location, and the VPN (PPTP) confiugration(s) you created have been added to the definition of the current network location. But the network location still needs a little more configuration; you'll do that next.

Once a network location is "set up" so it can use the PPTP VPN client (it has a PPTP or VPN (PPTP) port added to the network location), the network location needs to be configured slightly for use with OIT PPTP VPN Service. Do so as follows:

1. Open the System Preferences application. (It is located in the Applications folder. Shortcuts to it appear in the Apple menu, and possibly in the Dock.)

2. Click on the Network icon to display the Network pane in System Preferences.

3. If the lock icon in the window's lower-left corner is locked, click the icon to unlock the Mac's System Preferences; you will need to provide an administrator's password to do so.

4. The current network location is already selected in the Location pop-up menu.

5. In the Show menu, select VPN (PPTP).

6. The Network pane now displays a series of tabs to allow you to configure the behavior of the PPTP port within the current location. Each tab causes a different pane to be displayed within the Network pane. In the steps below, you will click each tab, and configure its associated preferences pane.

7. Select the TCP/IP tab.
   1. The Configure IPv4 menu should already be set to Using PPP.
   2. The DNS Servers field should be empty.
   3. Enter princeton.edu in the Search Domains field.
   4. Click the Configure IPv6 button to display the IPv6 sheet.
   5. In the IPv6 sheet's Configure IPv6 pop-up menu, select Off.
   6. Click the OK button to dismiss the IPv6 sheet.

8. Select the Proxies tab.
   1. Ensure the Use Passive FTP Mode (PASV) checkbox is checked; using passive FTP mode can address some FTP difficulties in the presence of firewalls or NATs.
   2. All other checkboxes on this pane should be unchecked.

9. Click the Apply Now button in the Network pane.

10. If earlier you unlocked your System Preferences, and wish to relock them, click the lock icon in the lower-left corner of the Network pane.

11. Select Quit from the System Preferences menu.

12. The current network location is now configured so it may use the PPTP VPN client.

The steps above need be performed only once to "set up" and configure a network location so it may use the PPTP VPN client. (If you have multiple network locations, and wish to use the PPTP VPN client from each of them, you will need to repeat the steps above for each network location.)

If you ever wish to remove the PPTP VPN "setup" from an existing network location, select that network location in the Network pane in System Preferences, use the Show menu to select Network Port Configurations, select the port named PPTP and click the Delete... button, click the Apply Now button, then quit from System Preferences.

Once a network location is "set up" and configured so it may use the PPTP VPN client, you may use the client to connect to OIT PPTP VPN Service as follows:

1. Ensure your Mac already has a properly configured, functioning network connection. The VPN client communicates with a VPN server over an already-working network connection.

2. Open the Internet Connect application. (The application is located in the Application folder. A shortcut to open the application is also available in the VPN Status menu, if this menu is displayed.)

3. Ignore any Connection Log window displayed by the Internet Connect application.

4. A connection window may already be displayed by the Internet Connect application; it might be entitled VPN, AirPort, Modem, 802.1X, or something similar.

   If no connection window is display, click the New Connection Window command in the File menu.

   If a connection window is displayed, but isn't a VPN Connection window, click the VPN (PPTP) button in the window's toolbar to change the window to a VPN Connection window.

5. The connection window will display the settings for one of the VPN configurations that have already been created (assuming you've completed the earlier steps to create a VPN configuration).

   If multiple VPN configurations have been created, you may need to select the one you want to use from the Configuration pop-up menu.

6. If the Password field is empty, you may enter your OIT Windows password in the field. We suggest you leave the field blank, to force the Internet Connect application to prompt you for the password.

7. Click the Connect button.

8. If you did not enter a password in the Password field earlier, Internet Connect will display an alert prompting you for your VPN password.

9. Your Mac will try to establish a VPN connection to the VPN server. The Status section of the VPN Connection window shows progress as the connection is attempted. The VPN Status menu (if displayed) will also show the progress of the connection.

10. If all has gone well, the Status field in the VPN Connection window shows you are Connected. If the connection failed, examining the Connection Log (available from the Window menu in Internet Connect) may help you diagnose the problem.

11. While your PPTP VPN connection is active, you need not keep the Internet Connect application open.

12. To disconnect from the VPN server, click the Disconnect button in the VPN Connection window. (If you quit the Internet Connect application, you'll need to launch it again.)

If you have chosen to display the VPN Status menu, you can also connect and disconnect from the VPN server using commands in this menu. If you have created multiple VPN configurations (in Internet Connect) for the current networl location, the VPN Status menu will also allow you to select from among these configurations.

If any of your network locations include an AirPort port, and you've checked the Show AirPort status in menu bar box (as we recommend), an AirPort Status menu appears in the menu bar.

This menu indicates whether the Mac's AirPort interface is currently turned on. If the AirPort interface is currently turned on, it also indicates the wireless signal strength and the name of the wireless network to which the Mac is associated (if any). It contains a command to turn off (or on) the AirPort interface, and another to open the Internet Connect application.

On some platforms, this menu contains a command to Use Interference Robustness. We currently make no recommendation regarding this setting, as what it actually does is not documented by Apple.

If any of your network locations include a Modem port, and you've checked the Show Modem status in menu bar box (as we recommend), a Modem Status menu appears in the menu bar.

This menu indicates the state of modem port (e.g. idle, connected, dialing, etc). If the current network location has the modem port turned "on", the menu includes a command to Connect or Disconnect using the modem. If you've unckecked the Connect automatically when needed checkbox in the Network pane in System Preferences, you'll probably find the Connect command particularly helpful.

If any of your network locations include a VPN port, and you've checked the Show VPN status in menu bar box (as we recommend), an VPN Status menu appears in the menu bar.

This menu indicates the state of VPN connection (e.g. connected, disconnected, authenticating, etc). If the current network location has a VPN port configured, the menu includes a command to Connect or Disconnect from the VPN server. If there are multiple VPN configurations defined for this network location, the menu also lists each configuration by name, so you may select from among them.

If you use Mac OS X's "Classic" environment, you may notice that it includes Control Panels for AppleTalk, Modem, Remote Access, and TCP/IP.

You may not use any of these control panel in the Classic environment; that environment inherits its network configuration from Mac OS X.

See Mac OS X 10.4.x Network Configuration: OIT Notes and Caveats for additional notes and caveats about using Mac OS X 10.4.x networking at Princeton.

For a chronology of OIT Network System's support history of Mac OS X networking, see Mac OS X Networking: Support History at Princeton.