Connecting to a VPN

 < Day Day Up > 

Configuring Network Connections

The Network preferences pane is the GUI brain center of the OS X interface to TCP/IP. This pane, in actuality, just provides a series of hints to the underlying Unix TCP/IP control software, but it does so in a much prettier and often more convenient fashion than twiddling configuration parameters at the command line. The primary control with which you should familiarize yourself is the Configuration menu. In previous versions of Mac OS, various portions of the networking software were configured by separate control panels, and each panel was controlled by its own independent saved configuration setting. Mac OS X has instead placed all network configurations under a single parent control pane, with an umbrella configuration setting that covers TCP/IP, modem control, AppleTalk, and location settings.

The two main options in this pane are the Location and Show options. Location can be set to Automatic, New Location, Edit Locations, and any locations that you've already created. What appears by default under the Show menu varies with your system's hardware. Options include Network Status, Internal Modem (dial-up connection, if you have a modem), IrDA modem (infrared port, if you have this interface), Built-in Ethernet, AirPort (if your machine has an AirPort), and Network Port Configurations. The collection of these that are visible to you may also be modified by enabling and disabling each connection type on a per-location basis.

Available to each subpane are Assist Me and Apply Now options as well as the Help Viewer. The Assist Me option takes you directly to the Network Assistant. Note that this System Preference requires administrative access to change.

Viewing Network Connection Status

To view your network connection status, select Network Status in the Show option of the Network preferences pane. This subpane shows you the status of your network ports. For an active network port, you can see such information as your machine's current IP address. Additionally, you can select a network port here, and configure it or connect using it. Figure 7.2 shows the Network Status subpane for a PowerBook. The appearance of this subpane varies with your hardware and what hardware you have disabled and whether you have any virtual private networks (VPNs) configured.

Figure 7.2. The Network Status subpane of the Network preferences pane.

Network Port Configurations

Most of the available selections in the Show menu switch between subpane groups specifying configurations for particular network interfaces. The Network Port Configurations subpane doesn't provide network configuration but allows you to enable and disable already existing configurations for the interfaces and create new configuration sets. Figure 7.3 shows the Network Port Configurations subpane of the Network control pane. To make network configuration as easy as possible, Mac OS X attempts to automatically detect and select the correct network configuration for any given situation. This convenience comes at a slight cost in startup time, so unless you actually intend to use all the available configurations, we don't recommend leaving all the configurations enabled as shown in Figure 7.3.

Figure 7.3. The Network Port Configurations subpane of the Network preferences pane.

If you've already experimented enough to find the location settings and mastered the ability to switch between them, the capability to save multiple configurations for a single interface assigned to the same "location" might seem redundant. It becomes useful, however, in situations in which you have multiple IP addresses at the same conceptual location on a single network interface. Without requiring you to iterate through different location settings, setting up several different configurations would allow the system to automatically search through each until it found a working set of parameters. This might occur if you have multiple in-building networks with different IP ranges on each, but with each connected to share resources. Another possible use is if you have a number of different dial-up service providers and want your machine to try each until it finds an open one.

Setting Up Network Interfaces

The available network interfaces you may configure varies with your hardware and whether you have configured any VPNs. We will briefly look at setting up the built-in ethernet, built-in FireWire, internal modem, Bluetooth modem and AirPort interfaces. The available subpanes under each interface vary, but the interfaces tend to use some subset of the same subpanes. Table 7.1 details which subpanes and interfaces go together by sorting on the subpane. Because the table is based on the G4 PowerBook, you might not necessarily see an interface that is on your system listed in the table. The TCP/IP Network subpane is listed twice at the end of Table 7.2 to show that the options are the same for different groups of network interfaces. Table 7.2 details the same information by sorting on the network interface. Table 7.2 reflects the experience you have as you use the Network preferences pane. This section details the information by Network subpane in the expectation that as you are configuring your interfaces, it will be easier to look for each subpane, rather than to look for an interface whose description might contain one or more comments to see another section.

Table 7.1. Summary of Network Preferences Subpanes and Network Interfaces

Network Subpane

Network Interface




AirPort, Built-in Ethernet

Bluetooth Modem



Built-in Ethernet


Internal Modem


Internal Modem, Bluetooth


AirPort, Built-in Ethernet


AirPort, Built-in Ethernet, Built-in FireWire, Bluetooth, Internal Modem


AirPort, Built-in Ethernet, Built-in FireWire


Bluetooth, Internal Modem

Table 7.2. Summary of Network Interfaces and Network Preferences Subpanes

Network Interface

Network Subpanes


AirPort, TCP/IP, PPPoE, AppleTalk, Proxies


PPP, TCP/IP, Proxies, Bluetooth Modem

Built-in Ethernet

TCP/IP, PPPoE, AppleTalk, Proxies, Ethernet

Built-in FireWire

TCP/IP, Proxies

Internal Modem

PPP, TCP/IP, Proxies, Modem


The AirPort subpane, available only for the AirPort interface, is shown in Figure 7.4. In this subpane, you can choose your default AirPort network either automatically or by specifying one, and enter your network password if one is required. Note that when there is a preferred list of networks, the subpane says that the AirPort will connect to the first wireless network in the list. This subpane also displays your AirPort ID.

Figure 7.4. The AirPort subpane of the AirPort interface in the Network preferences pane.

The Options section contains a variety of options you can configure. If the AirPort finds no preferred network, you can specify whether it should ask before joining an open network, automatically join an open network, or whether it should keep looking for recent networks. Here you can also set whether an administrative password should be required to change wireless networks and to create computer-to-computer networks. Additionally, you can set the AirPort to automatically add new networks to the preferred network list, disconnect from the wireless network when you log out, and enable interference robustness.

You can also choose to show AirPort status in the menu. This is a recommended convenience, particularly because it allows you to see at a glance what your AirPort signal is like and which network you are connected to. From the menu, you can also turn the AirPort on or off, create networks, use interference robustness or open the Internet Connect application.


AppleTalk is a communications protocol pioneered by Apple in the era of the Macintosh Plus. This protocol was designed for networking small collections of computers on relatively small networks. Because it was designed to facilitate network-building by people with no interest in being network designers or administrators, AppleTalk is a rather chatty and inefficient protocol. Because of its ease of use, it has survived the transition to a mostly ethernet-based world and prospered in environments where its inefficiencies do not impair other network services.

Because of its intimate association with Apple's printing and file-sharing software, AppleTalk is sometimes thought of as actually being disk services and print services. In reality, it's a communications protocol, over which disk, print, and other services can be delivered. Because of this, like TCP/IP, AppleTalk connectivity is configured from the Network control pane, and services that need to use AppleTalk are configured elsewhere. AppleTalk is enabled and configured from the AppleTalk subpanes of the Built-in Ethernet and AirPort configuration sets.


Remember that these subpanes, although they contain identical options, are configurations for two different interfaces. You can configure different parameters for each, to be used with each of the interfaces as appropriate.

Information entered in one interface configuration set does not automatically become the default information for any other interface. Therefore, you might need to enter such things as proxies, for example, in more than one place, depending on how your network is set up.

Figure 7.5 shows the AppleTalk subpane for the Built-in Ethernet configuration (the AirPort version looks identical). The AppleTalk settings configured here are specific for the interface configuration set that you're editing. You can choose to configure AppleTalk automatically or manually. Unless otherwise directed, automatic is probably sufficient.

Figure 7.5. The AppleTalk subpane of the Network pane.

In the AppleTalk subpane, the following options can be configured:

  • Make AppleTalk Active Activate AppleTalk for this interface. AppleTalk must be activated for an interface if you need to share your files via AppleShare on that interface.

  • Computer Name This is your AppleTalk Computer Name, which is also your Hostname, but is different from your Bonjour Computer Name. This parameter is configured from the Sharing preferences pane.

  • AppleTalk Zone If your AppleTalk network has multiple zones, you can select the zone you want your computer to join from this menu. If you're on a network with multiple zones, your network administrator should be able to tell you what the proper setting is for your computer.

  • Configure Gives you the option of manually configuring your AppleTalk network parameters or automatically determining the information. The AppleTalk Network ID and Node ID are similar to a TCP/IP subnet and IP address. The difference is AppleTalk is designed so that the computers in a network can cooperatively and automatically work out this information for themselves, without needing it to be specified by the users or administrators. There are very few instances in which you should need to set up the system for manual configuration.

  • Node ID If your network administrator tells you that you need to configure your machine for fixed rather than automatically determined AppleTalk network information, the node ID goes here. This option is available only in the manual configuration.

  • Network ID If your network administrator tells you that you need to configure your machine for fixed AppleTalk network information, the Network ID goes here.

    If your network administrator gives you the network ID as ###.###, instead of a number between 1 and 65534, multiply the first by 256 and add the second to it. If you are given the number as ##.##.##, multiply the first by 256, the second by 16, and then add the those two results with the third number. This option is only available in the manual configuration.

Bluetooth Modem

The Bluetooth Modem subpane, shown in Figure 7.6, is available only for the Bluetooth network interface. In this subpane, you configure which modem you have. You can also specify whether to enable error correction and compression in the modem and whether to wait for the dial tone before dialing. Finally, you can specify whether to show Bluetooth status in the menu bar and whether to show modem status in the menu bar.

Figure 7.6. The Bluetooth Modem subpane of the Bluetooth interface in the Network preferences pane.


Shown in Figure 7.7 is the Ethernet subpane, available only for the Built-in Ethernet interface. It displays your machine's ethernet ID and allows you to configure the hardware either automatically or manually. Unless told otherwise by your network administrator, always choose automatically. Choosing the wrong settings manually can cause a lot of unnecessary headaches for you.

Figure 7.7. The Ethernet subpane of the Built-in Ethernet interface in the Network preferences pane.


The Modem subpane, shown in Figure 7.8, allows you to select your modem, configure the dialing type, determine whether you want to hear your connections as they progress, and indicate whether you want to be notified of incoming calls while you are connected to the Internet. Additionally, here you can choose to display modem status in the menu bar.

Figure 7.8. The Modem subpane of the Internal Modem interface in the Network preferences pane.


The PPP (Point-to-Point Protocol, carried over a dial-up connection) subpane is available for the Bluetooth and Internal Modem interfaces. Figure 7.9 shows the PPP subpane for the Internal Modem interface; however, the Bluetooth interface uses and identical PPP subpane. Under this subpane, you can configure how to connect to your ISP. Almost all ISPs use PPP to provide TCP/IP over dial-up connections. If yours does not, you will need to follow its instructions, which will probably include installation of some custom software.

Figure 7.9. The PPP subpane of the Internal Modem and Bluetooth configurations allows you to specify your dial-up account information.

The PPP subpane has the following fields:

  • Service Provider An optional field where you can specify a name for the service provider. This option is useful if you have multiple providers that your machine needs to dial, and you need a better way to keep track of them than just by phone number.

  • Account Name The username or account name that you have with this ISP.

  • Password The password for this account and ISP.

  • Telephone Number The telephone number to dial.

  • Alternate Number An alternative number to dial for the same service provider. If your ISP doesn't have alternative dial-in numbers, leave this field blank.

  • Save Password If your machine is going to be used by multiple users and you don't want them to be able to connect to the Internet using your account information and password, don't check this box.

The PPP subpane also has a PPP Options button and corresponding sheet that enables you to configure several other options with respect to the dial-up connection, as shown in Figure 7.10. This figure is shown for the Internal Modem interface, but an identical Options sheet appears for the Bluetooth interface.

Figure 7.10. The Session and Advanced options drop-down pane for dial-up connections.

The sheet enables you to configure the following:

  • Whether to automatically dial and make a connection when an application starts that needs TCP/IP services.

  • Whether, and how frequently, to prompt you to stay connected if there hasn't been any recent network activity.

  • How long to wait before disconnecting when there's no network activity.

  • Whether to disconnect when there's no user logged in on the console.

  • Whether to disconnect when switching users at the console.

  • Whether to, how many times to, and how rapidly to redial the phone if the ISP is busy.

  • Whether to send PPP echo packets. Some ISPs periodically send little "are you really there?" messages to connected computers to make sure that everything is working properly this option controls whether to respond. Unless you have been told by your ISP to do otherwise, leave this option checked.

  • Whether to compress TCP header information. TCP/IP information is carried in packets, with a significant amount of meta-information about the contents of the packet. Compressing this information can speed your network connection but requires processor power. On a fast machine, you'll probably get a network speedup from compressing headers, unless your ISP is using some ancient hardware that takes more time to perform the compression/decompression than the savings in transmission time.

  • Whether to use a manual terminal window for connection. If your ISP doesn't use a standard PPP server, you might need to carry on some textual dialog with the server during connection. Selecting this option opens a terminal for you to interact with the host during connection.

  • Whether to prompt for a password after dialing.

  • The verbose logging option increases the amount of information regarding dial-up connections stored in the system logs.


As mentioned earlier, TCP/IP is just one of a number of communications protocols. It's actually possible to run multiple communications protocols over the same piece of wire at the same time. In a clever use of this capability, it's possible to establish a PPP connection via ethernet wiring rather than a phone line; hence the name PPP over ethernet or simply PPPoE. If your service provider gives you this option, you can configure it with the subpane shown in Figure 7.11. This subpane is available for the Built-in Ethernet and AirPort interfaces. The options available in this subpane are exactly analogous to the options under the dial-in PPP configuration. Here you can also choose to show the PPPoE status in the menu bar.

Figure 7.11. The PPPoE subpane of the Built-in Ethernet configuration set.

In this subpane, you have the following fields to fill in:

  • Service Provider An informational field similar to the service provider field for a dial-in connection.

  • Account Name The user or account name for your PPPoE ISP.

  • Password The password for your account.

  • PPPoE Service Name Another informational field.

  • Save Password If you want this account to function automatically without requiring you to specify a password at each network connection, select this option.

The PPPoE subpane has a number of advanced options that can be configured from a sheet that appears when the PPPoE Options button is clicked. Shown in Figure 7.12, these options allow you to configure the behavior of your PPPoE connection.

Figure 7.12. The PPPoE Session and Advanced options sheet for the PPPoE subpane.

The pane enables you to configure the following:

  • Whether to automatically connect when an application starts that needs TCP/IP services.

  • Whether, and how frequently, to prompt you to stay connected if there hasn't been any recent network activity.

  • How long to wait before disconnecting when there's no network activity.

  • Whether to disconnect when there's no user logged in on the console.

  • Whether to disconnect when switching users on the console.

  • Whether to send PPP echo packets. Some ISPs periodically send little "are you really there?" messages to connected computers to make sure that everything is working properly this option controls whether to respond. Unless you have been told by your ISP to do otherwise, leave this option checked.

  • The verbose logging option increases the amount of information regarding dial-up connections stored in the system logs.


If you're on a network segment where you must connect to proxy servers instead of directly to outside services such as FTP and web servers, the Proxies subpane is the place to tell the system about the proxies. Shown in Figure 7.13, the Proxies subpane, available for all the network interfaces, allows you to select what is needed and how to contact the proxy types.

Figure 7.13. The Proxies subpane of the Built-in Ethernet configuration option.

Under the Proxies submenu, you can choose to configure your proxies using a PAC (Proxy Auto Configuration) file, and point the system to it, or you can configure your proxies manually. The Proxies submenu proxy types are

  • FTP Proxy If you need to contact a proxy to use FTP, enter its IP address and the proxy port here.

  • Web Proxy (HTTP) Configure this if you need to go through a proxy to access the web. There are occasions when you might want to use a web proxy even if you don't have to. For example, if you want to make your server connections anonymous by going through one of the web's anonymous proxy servers.

  • Secure Web Proxy (HTTPS) If you need to go through a secure proxy to access the web, configure this option.

  • Streaming Proxy (RTSP [real time streaming protocol]) Most types of proxy setups are designed to prevent a remote host from having any chance of connecting back to your machine. This makes it difficult for streaming services that need to send a lot of data as quickly as possible; hence, a specific proxy type for streaming data. If you're behind a firewall, you probably need to configure this if your network services allow streaming data through at all.

  • SOCKS Proxy The SOCKS (SOCKet Secure) firewall system can be used to proxy for a number of different network services. If your network uses a SOCKS-type firewall, enter its information here.

  • Gopher Proxy Gopher was an early browser based way of serving data around the Internet, and has been all but completely supplanted by Web servers. If you've found one of the world's few remaining Gopher servers and need to access it through a proxy, this is where you tell the system about it.

  • Automatic Proxy Configuration If you have a proxy configuration file with all of your needed proxy information and you didn't notice the option to choose configurations using a PAC file, choose this option and point the system to the file.

Here you can also set whether to exclude simple hostnames. Additionally, you can configure your machine to use PASV (passive) FTP mode for transferring data, an option that will probably be required if you are behind a firewall or on a NAT (network address translation) private local network.

Finally, you can configure hosts and domains in which the proxy settings should be ignored. If you contact servers both inside and outside your local firewall, you might want to provide your local network information for this option. Therefore, your machine doesn't need to contact the proxy and then reconnect inside your local network for interior connections.


If you are connected to your network via an ethernet connection (a physical chunk of wire, typically twisted pair, which looks like a bulky phone cable), you need to configure your connection under the Ethernet configuration option. Because switching from one physical transport to another requires changing only a little bit in a few protocol layers, it's similar to dial-up configurations you've already seen.

Under the TCP/IP subpane, by default, you have the option to configure IPv4 and/or IPv6. Generally, you have the option of providing manual configuration settings or of getting your configuration parameters from a server. For IPv4, which you will most likely be using, you can configure your Ethernet port manually, using DHCP with a manual address, using DHCP, or using BOOTP, or you can turn it off. For IPv6, you can configure automatically or manually, or you can turn it off.

Under the TCP/IP subpane, shown in Figure 7.14, you can configure how your TCP/IP stack gets its control and configuration information. The manual configuration settings for IPv4, shown in the figure, allow you to configure individual options by hand.

Figure 7.14. The TCP/IP subpane, showing available options for the Built-in Ethernet configuration set.

If you need to provide manual configuration information for IPv4, you need to know and fill in the following information you should be able to get this information from your network administrator:

  • IP Address Your computer's IP address. This should be four sets of digits, separated by periods, such as

  • Subnet Mask This should be four sets of numbers separated by periods, as well. Most likely it will be or

  • Router The machine that your machine must contact to reach the outside network world. This will frequently (but not always) be similar to your IP address, but with the final number replaced by a 1. Your network administrator might also call this machine a gateway.

  • DNS Servers The IP addresses of machines that translate between IP addresses and fully qualified domain names (FQDNs), such as

  • Search Domains Partial domain names to append to machine names, if you give less than an FQDN. For example, you might frequently work with machines on the domains and If you want your machine to try to connect to or whenever you ask it to connect to info, you can enter the domains here. Your machine will try them both when it discovers that you've asked for a name that does not resolve as an FQDN.

This section automatically displays an IPv6 address for your machine, but you can choose to automatically or manually configure it. If you need to provide manual information for IPv6, you need to be able to manually fill in the IP address, the router, and the prefix. Get this information from your network administrator and write it down carefully.


To bind another IP address to your network card, you can just duplicate your interface in the Network Preferences pane and assign another IP address to the duplicate entry. You will see uses for this in Chapters 22 and 23.

For modem TCP/IP configuration, you have essentially the same options available as you do for ethernet. Figure 7.15 shows the options available for TCP/IP setup under a modem connection. Most dial-up Internet service providers use PPP to service connections, so you'll probably be selecting the Using PPP option. Under this pane, you have partial manual configuration of the network parameters, but it would be unusual if an ISP did not provide the information for these settings automatically, by using PPP.

Figure 7.15. The TCP/IP options for the modem configuration sets are essentially identical to those for the Built-in Ethernet configuration.

Using the Location Manager

With Mac OS X, Apple has made location management considerably easier than it was with previous versions of the Macintosh operating system (although somewhat less powerful). Instead of managing configurations for each protocol in its own pane and then switching between different collections of the configurations with the Location Manager tool, interface configurations in Mac OS X are accessed directly under the location setting. Figure 7.16 shows the entirety of the location management interface in Mac OS X. Selecting a location from this menu switches between location-specific settings in the subpanes below it. From this menu, locations can be chosen, duplicated, and edited.

Figure 7.16. The location management menu in the Network preferences pane.

Each location in the Locations menu carries with it settings for the Configure menu and the subpanes that it switches through. That is, when you are entering information into the specific interface configuration panes, it is assigned to the currently displayed location. If you switch to a new location, you get new information and configurations in the interface configuration panes.

If you set the location setting to Automatic, the system attempts to guess the correct location information and switches between locations, based on what it can determine regarding its network environment.


Using the Location submenu from the Apple menu, you can switch between locations that you've configured through the Network preferences pane.

     < Day Day Up > 

    Mac OS X Tiger Unleashed
    Mac OS X Tiger Unleashed
    ISBN: 0672327465
    EAN: 2147483647
    Year: 2005
    Pages: 251 © 2008-2017.
    If you may any questions please contact us: