System information

Chapter 8 Customizing Services 125

A secure shared secret is generated automatically when you set up your server. The

shared secret isn’t used to authenticate client computer users for a VPN connection.

Instead it allows the server to trust client computers that have the shared secret, and it

allows client computers to trust the server that has the secret.

Both server and client computers must have the shared secret. A computer with

Mac OS X version 10.5 Leopard can automatically get the shared secret and be set up

to make connections to the server’s VPN service. See “Setting Up Leopard Users’ Macs

Automatically” on page 79.

Other Mac and Windows computers can be configured in different ways to connect to

the VPN service. See “Setting Up a Mac User’s VPN Connection” on page 87 and

“Setting Up a User’s VPN Connection Manually” on page 89.

Changing the VPN Shared Secret

You can use Server Preferences to change the shared secret that the server and a client

computer use for authentication when making a VPN connection. Periodically

changing the shared secret improves VPN security, but is inconvenient because users

must also change the shared secret on computers they use for VPN connections.

To change the VPN shared secret:

1 In the VPN pane of Server Preferences, click Edit.

2 Select “Show shared secret” so you can read the secret, enter a new secret, and

click OK.

The shared secret should be at least 8, but preferably 12 or more characters including

letters, digits, and symbols, but without spaces. Initially the shared secret is 32 random

characters.