We have a lot of customers who use their Mac mini as a VPN server. This works great when you need an IP address in the US, or a secure internet connection on the road, or a number of other reasons. When Apple released Lion, they changed the setup a bit so we wrote a tutorial. This continued in Mountain Lion and Mavericks, Yosemite, El Capitan, and remains the case in Sierra. By default, Sierra Server VPN will distribute IP addresses in the same range the Mac itself uses. This doesn’t work well in a facility like MacStadium where each Mac mini has a static WAN IP address.
VPN-X:Java/ Cross-platform P2P/SSL/TLS VPN solution.Now the VPN support windows 2000/XP/2003/Vista, linux ( x86,x8664b, loongson 2E/F-Mips),Mac OS. NordVPN is a compelling option for VPN service due to a well-rounded set of features and competitive pricing. The company is also branching out. Background information. Mac OS X 10.3 and higher ship with an L2TP/IPsec client.The Mac's IPsec implementation is a fork based on KAME which is known to interoperate with Openswan. I also received a report from Chris Andrews that Mac OS X's VPN client interoperates with a setup that consists of the native IPsec implementation of the Linux kernel 2.6, plus l2tpd and ipsec. Features for iOS and macOS. MacOS Server lets you assign Volume Purchase Program (VPP) apps to devices — instead of a user’s Apple ID. This allows for the installation of VPP apps on iOS devices and Mac computers without configuring an Apple ID or sending an invitation.
We asked Rusty Ross to help us put together a tutorial that will help MacStadium customers setup their Mac minis to serve as VPNs. He’s broken it down in a few parts so be sure to take the steps that are best for your situation:
PART I: VLAN and DNS
PART II: Internet Routing (OPTIONAL)
PART III: VPN
PART IV: Client Setup
If you are simply looking to enable VPN service on your macOS Server for secure connection(s) between your server and client(s), you can skip PART II. That’s right: you can jump straight from PART I to PART III. The procedures discussed in PART II are intended for those who are looking to route internet traffic from their VPN clients over the VPN and out to the internet via their server’s public internet connection at Macminicolo.
Also, it should be mentioned that server administration (particularly at the command line level) can be tricky. If you do proceed beyond this point, which shall be exclusively at your own risk, then please proceed carefully, and as always, don’t ever proceed without a backup of your server and other irreplaceable data.
Still here? Okay, let’s get started.
PART I: VLAN and DNS
First, let’s set up a VLAN.
In System Preferences, go to Network, and choose “Manage Virtual Interfaces…”
Then choose “New VLAN…”
Let’s just name our VLAN something like “LAN”, and all other defaults here should be fine:
After pressing “Create”, you’ll see this:
After pressing “Done”, you’ll be able to enter network info for your new VLAN. Make sure to choose “Manually” for “Configure IPv4”, and set the IP Address, Subnet Mask, and Router as shown below.
(Advanced: We’ll be using a 10.0.0.1 private IP for the server and 10.0.0.0/24 private network in this walkthrough, but note that the technique documented here will work with any private IP addressing scheme. To accomplish that, you’d substitute that alternate network info here, as well as a few other places further along in this walkthrough.)
After pressing “Apply”, you should see an something like this, indicating that your newly-created VLAN is active:
Nice work. Now, let’s get basic DNS up and running. Launch Server.app, and click on the “DNS” section of the sidebar, under “Advanced”:
All DNS defaults in Server.app should be fine, so let’s switch DNS service on:
Great. Now, once again, if you are NOT interested in routing public internet traffic from your VPN client(s) over the VPN and out to the internet via your server’s public internet connection at Macminicolo, you should SKIP from here to PART III.
PART II: Internet Routing (OPTIONAL)
So far, so good. Now things get a little trickier, as we need to dive into the command line a bit to get NAT and routing set up. First, we’ll need to edit two privileged text files, so we are going use a command line text editor called nano. Breathe easy, we've got each other's backs here, and we will take this step by step.
As we proceed, it is important to remember that in the command line, typos aren't the least bit welcome, and also, uppercase/lowercase needs to match exactly, so it is extremely important to enter text into Terminal.app exactly as it is described here.
One additional (but important!) point: The quotation marks used here in terminal commands are 'straight' quotes. Some web browsers and text editors may automatically convert these marks to smart (curly) quotes, particularly when copying and pasting. It's important to use straight quotes when entering the commands from this tutorial in Terminal.app.
Okay? Let's forge ahead.
Launch Terminal.app:
Inside the terminal window that appears, enter the following command (as a single line), and press return:
sudo nano /etc/pf.anchors/com.apple
You’ll be prompted for your password, and if you’ve not used sudo on this Mac in the past, you may see a warning about using sudo, which is fine. Enter your password (you wont see the cursor move while you type your password) and press return:
Upon doing this, you should expect to see the following text file open inside of nano, our friendly command line text editor:
Okay, we are now going to add three custom lines to this document. Red arrows in the picture below indicate where these lines should go. To move the cursor into the correct place to add these lines, simply use the arrow keys on your keyboard.
The three lines you’ll be adding are:
nat-anchor '100.customNATRules/*'
rdr-anchor '100.customNATRules/*'
load anchor '100.customNATRules' from
'/etc/pf.anchors/customNATRules'
Great. Now we need to tell nano to save the changes you made to this text file. This will be a three step process, and we'll take it one step at a time.
First you'll press the “control” key and the “X” key simultaneously (that's right, “control-X”) to tell nano you are done editing. Upon doing so, you will see this:
Now press the “Y” key to let nano know that, yes indeed, you do want to save changes:
And finally, nano is already suggesting the proper location to save the file you edited, so simply press return to accept its suggestion:
![Free vpn for mac os Free vpn for mac os](/uploads/1/1/8/3/118304574/174698039.png)
Well done! You are back where you started, having edited a text file in nano.
Since you are now a nano expert, let's use it once more, this time to create an entirely new text file. Start nano up again as follows:
sudo nano /etc/pf.anchors/customNATRules
Upon entering the command above and pressing return, you will be reunited with your friend nano, now editing a new text file which, thus far, contains no text:
We are simply going to add two lines of text here:
nat on en0 from 10.0.0.0/24 to any -> (en0)
pass from {lo0, 10.0.0.0/24} to any keep state
(Advanced: If you are using private IP addressing other than 10.0.0.0/24, you should customize these two lines to match your chosen network.)
And now that these two lines have been added, well, you know the drill, the old three-step save: “control-X”, then “Y”, and then press return.
Again, that's “control-X”:
Then “Y”:
![Vpn Vpn](/uploads/1/1/8/3/118304574/437885837.jpg)
And then press return:
Excellent. Though nano has served us well, we won't need to use it again during this tutorial.
Now, just a couple more commands in Terminal.app, and we’ll be done with the command line altogether.
Enter this command (as a single line) into your Terminal.app window and press return:
sudo pfctl -f /etc/pf.conf
You'll get some feedback on this one from the Terminal, all of which you can safely ignore.
Next, enter this command (as a single line) into your Terminal.app window and press return:
echo 'net.inet.ip.forwarding=1' | sudo tee -a
/etc/sysctl.conf
The Terminal should respond with “net.inet.ip.forwarding=1”, which is what we want.
And finally, enter these five commands (each one as a single line, pressing return after each one) into your Terminal.app window:
sudo cp
/System/Library/LaunchDaemons/com.apple.pfctl.plist
/Library/LaunchDaemons/net.macminicolo.pfctl.plist
sudo sed -i ' 's/com.apple.pfctl/net.macminicolo.pfctl/'
/Library/LaunchDaemons/net.macminicolo.pfctl.plist
sudo sed -i ' 's/>-f</>-e</'
/Library/LaunchDaemons/net.macminicolo.pfctl.plist
sudo sed -i ' '/pf.conf/d'
/Library/LaunchDaemons/net.macminicolo.pfctl.plist
sudo launchctl load -w
/Library/LaunchDaemons/net.macminicolo.pfctl.plist
Well done. You can now close your Terminal.app window entirely.
Okay, you have now set up NAT and routing for your private network. The last piece of the puzzle on the server will be to configure and enable VPN service.
Before you proceed, though: RESTART your server now. (We’ll wait…)
Now that you have restarted your server, let’s continue.
PART III: VPN
Whether or not you have just completed Part II or skipped to this point straight from Part I, rest assured that everyone is welcome here in Part III.
First, open Server.app and click on the “VPN” section of the sidebar:
Several default settings here are already in place as we’d want them, so we’ll just edit a few.Enter your Shared Secret as desired:
Now press “Edit…” next to DNS Settings. You will likely see the Macminicolo DNS IP addresses here, which is NOT what we want in this particular place:
Instead, change this to 10.0.0.1 as follows:
(Advanced: If you are using an alternate private network, customize the above appropriately.)
Press “OK” and we’re back here:
Now press “Edit…” next to Client Addresses, and enter settings as pictured below:
(Advanced: If you are using an alternate private network, or have different needs in terms of address pool size, customize appropriately.)Press “OK” and once again, we are back here:
...and should be all set to go. Switch the VPN service on:
Brilliant. Wait about 30 seconds for the VPN service to become fully active, and your Mac mini server should now be ready to serve VPN clients and (optionally, if you completed Part II) route their public internet traffic over its connection.
PART IV: Client Setup
Now that your server’s VPN is configured, enabled, and (optionally) ready to route public internet traffic for its clients, you may want a little guidance on how best to configure a client.
Let’s set up a Sierra client as an example.
In System Preferences, go to Network, and press the “+” in the lower-lefthand corner:
Choose “VPN”, make sure you are using “L2TP over IPSec”, and give your service a name:
Press “Create”, and then make sure your new VPN is selected in the sidebar on the left, so you can edit its details on the right:
As shown above, enter the IP address or DNS name for your server in the “Server Address” field. In the “Account Name” field, enter the username for the account on the server that you want to use to log in from the client.
Press “Authentication Settings…” and you’ll see this:
Enter the Password for the account you just specified, and the Shared Secret exactly as you set it up on the server.
Press “OK”, and you are back to:
Now press “Advanced…” and you should see this panel:
If you chose to complete optional “Part II: Internet Routing” section earlier:
Then you should check the option to “Send all traffic over VPN connection” so that your client will, um, send all its traffic (including public internet-bound traffic) over the VPN when the VPN connection is active.
Otherwise, if you skipped the optional “Part II: Internet Routing” section, make sure to un-check “Send all traffic over VPN connection” (unlike the picture above).
Press “OK”, and you are back to:
Press “Apply” to save changes.
And now your client should be ready to connect to your server’s VPN.
Just press “Connect” when you want make this happen.
Well done.
As I mentioned, this tutorial came from Rusty Ross (@ConsultantRR), a great hands-on consultant that works with a bunch of happy MacStadium customers on a wide range of topics, including setup, migration, troubleshooting, maintenance, networking, strategic planning, and creative thinking. He’s available for a quick-fix, a specific project, or a longer-term relationship.
Until next year...
OS X Server has long had a VPN service that can be run. The server is capable of running the two most commonly used VPN protocols: PPTP and L2TP. The L2TP protocol is always in use, but the server can run both concurrently. You should use L2TP when at all possible. Sure, “All the great themes have been used up and turned into theme parks.” But security is a theme that it never hurts to keep in the forefront of your mind. If you were thinking of exposing the other services in Mavericks Server to the Internet without having users connect to a VPN service then you should think again, because the VPN service is simple to setup and even simpler to manage. Setting Up The VPN Service In Mavericks Server (Server 3) To setup the VPN service, open the Server app and click on VPN in the Server app sidebar. The VPN Settings screen has two options available in the “Configure VPN for” field, which has two options: - L2TP: Enables only the L2TP protocol
- L2TP and PPTP: Enables both the L2TP protocol and the PPTP protocol
- Client Addresses: The dynamic pool of addresses provided when clients connect to the VPN
- DNS Settings: The name servers used once a VPN client has connected to the server. As well as the Search Domains configuration.
- Routes: Select which interface (VPN or default interface of the client system) that a client connects to each IP address and subnet mask over.
- Save Configuration Profile: Use this button to export configuration profiles to a file, which can then be distributed to client systems (OS X using the profiles command, iOS using Apple Configurator or both using Profile Manager).
sudo serveradmin start vpn
Mac Os X Server Vpn Authentication Failed
And to stop the service:Mac Os L2tp Vpn
sudo serveradmin stop vpn
And to list the available options: sudo serveradmin settings vpn
The output of which shows all of the VPN settings available via serveradmin (which is many more than what you see in the Server app: vpn:vpnHost = 'mavserver.pretendco.lan' vpn:Servers:com.apple.ppp.pptp:Server:Logfile = '/var/log/ppp/vpnd.log' vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1 vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128 vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains = _empty_array vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses = _empty_array vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = '1' vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = '1.1.1.1' vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = '2' vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = '2.2.2.2' vpn:Servers:com.apple.ppp.pptp:enabled = yes vpn:Servers:com.apple.ppp.pptp:Interface:SubType = 'PPTP' vpn:Servers:com.apple.ppp.pptp:Interface:Type = 'PPP' vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5 vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1 vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = 'EAP-RSA' vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = 'DSACL' vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1 vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0 vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1 vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1 vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60 vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1 vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = 'MSCHAP2' vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0 vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = 'DSAuth' vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = '/var/log/ppp/vpnd.log' vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1 vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200 vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = 'MPPE' vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = 'Manual' vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = '192.168.210.240' vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = '192.168.210.254' vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = '1.2.3.4' vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128 vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0 vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = '/var/log/ppp/vpnd.log' vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1 vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains = _empty_array vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses = _empty_array vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = '1' vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = '1.1.1.1' vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = '2' vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = '2.2.2.2' vpn:Servers:com.apple.ppp.l2tp:enabled = yes vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = 'L2TP' vpn:Servers:com.apple.ppp.l2tp:Interface:Type = 'PPP' vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5 vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1 vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = 'EAP-KRB' vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = 'DSACL' vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1 vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0 vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1 vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60 vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1 vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = 'MSCHAP2' vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = 'DSAuth' vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = '/var/log/ppp/vpnd.log' vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200 vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = 'Keychain' vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ' vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = 'com.apple.ppp.l2tp' vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = 'SharedSecret' vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ' vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = 'None' vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <> vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = 'Manual' vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = '192.168.210.224' vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = '192.168.210.239' vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = 'IPSec' vpn:Servers:com.apple.ppp.l2tp:L2TP:IPSecSharedSecretValue = 'yaright'
Best Vpn For Mac Os
To disable L2TP, set vpn:Servers:com.apple.ppp.l2tp:enabled to no:sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:enabled = no
To configure how long a client can be idle prior to being disconnected: sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 10
By default, each protocol has a maximum of 128 sessions, configureable using vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions: sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 200
Vpn Mac Os X Server
To see the state of the service, the pid, the time the service was configured, the path to the log files, the number of clients and other information, use the fullstatus option:sudo serveradmin fullstatus vpn
Which returns output similar to the following: vpn:servicePortsAreRestricted = 'NO' vpn:readWriteSettingsVersion = 1 vpn:servers:com.apple.ppp.pptp:AuthenticationProtocol = 'MSCHAP2' vpn:servers:com.apple.ppp.pptp:CurrentConnections = 0 vpn:servers:com.apple.ppp.pptp:enabled = yes vpn:servers:com.apple.ppp.pptp:MPPEKeySize = 'MPPEKeySize128' vpn:servers:com.apple.ppp.pptp:Type = 'PPP' vpn:servers:com.apple.ppp.pptp:SubType = 'PPTP' vpn:servers:com.apple.ppp.pptp:AuthenticatorPlugins = 'DSAuth' vpn:servers:com.apple.ppp.l2tp:AuthenticationProtocol = 'MSCHAP2' vpn:servers:com.apple.ppp.l2tp:Type = 'PPP' vpn:servers:com.apple.ppp.l2tp:enabled = yes vpn:servers:com.apple.ppp.l2tp:CurrentConnections = 0 vpn:servers:com.apple.ppp.l2tp:SubType = 'L2TP' vpn:servers:com.apple.ppp.l2tp:AuthenticatorPlugins = 'DSAuth' vpn:servicePortsRestrictionInfo = _empty_array vpn:health = _empty_dictionary vpn:logPaths:vpnLog = '/var/log/ppp/vpnd.log' vpn:configured = yes vpn:state = 'STOPPED' vpn:setStateVersion = 1
Security folk will be stoked to see that the shared secret is shown in the clear using: vpn:Servers:com.apple.ppp.l2tp:L2TP:IPSecSharedSecretValue = 'a dirty thought in a nice clean mind'
Configuring Users For VPN Access Each account that accesses the VPN server needs a valid account to do so. To configure existing users to use the service, click on Users in the Server app sidebar. At the list of users, click on a user and then click on the cog wheel icon, selecting Edit Access to Services. At the Service Access screen will be a list of services that could be hosted on the server; verify the checkbox for VPN is highlighted for the user. Setting Up Client Computers As you can see, configuring the VPN service in Mavericks Server (OS X Server 2.2) is a simple and straight-forward process – much easier than eating your cereal with a fork and doing your homework in the dark.. Configuring clients is as simple as importing the profile generated by the service. However, you can also configure clients manually. To do so in OS X, open the Network System Preference pane. From here, click on the plus sign (“+”) to add a new network service. At the prompt, select VPN in the Interface field and then either PPTP or L2TP over IPSec in the VPN Type. Then provide a name for the connection in the Service Name field and click on Create. At the list of network interfaces in the Network System Preference pane, provide the hostname or address of the server in the Server Address field and the username that will be connecting to the VPN service in the Account Name field. If using L2TP, click on Authentication Settings. At the prompt, provide the password entered into the Shared Secret field earlier in this article in the Machine Authentication Shared Secret field and the user’s password in the User Authentication Password field. When you’re done, click OK and then provided you’re outside the network and routeable to the server, click on Connect to test the connection. Conclusion Setting Up the VPN service in OS X Mavericks Server is as simple as clicking the ON button. But much more information about using a VPN can be required. The natd binary is still built into Mavericks at /usr/sbin/natd and can be managed in a number of ways. But it’s likely that the days of using an OS X Server as a gateway device are over, if they ever started. Sure “feeling screwed up at a screwed up time in a screwed up place does not necessarily make you screwed up” but using an OS X Server for NAT when it isn’t even supported any more probably does. So rather than try to use the server as both, use a 3rd party firewall like most everyone else and then use the server as a VPN appliance. Hopefully it can do much more than just that to help justify the cost. And if you’re using an Apple AirPort as a router (hopefully in a very small environment) then the whole process of setting this thing up should be super-simple.