Apple's Back to My Mac (BTMM) provides a self configuring virtual private network (VPN) of your Apple computers if you subscribe to MobileMe. The concept is a good one. Manually configuring IPsec tunnels and VPNs is not an easy task. Apple's BTMM has a noble goal to auto-magically interconnect you back to your mac at your home or office without any knowledge of VPNs or tunnels or routing.
There are a lot of systems that have to work for BTMM to work. Today, these systems are not all reliable and therefore BTMM does not work predictably or reliably. This page discusses the system but does not have the solutions to make BTMM reliable or predictable. Check back and search for BTMM to see if any issues are resolved.
To begin to understand BTMM, it is important to establish a consitent name for the Macs and their locations. This discussion uses the following definitions. The fixed Mac location is the one at the home or office that you want to get "back to". The roaming location is the Mac that is not at the fixed location. This is the computer that is trying to get "back to" the fixed location.
Sharing on the local LAN when both Macs are inside your house or office is not BTMM.
There are four main parts to the BTMM system.
- MobileMe authentication
- Service Discovery Domain Name System
- Automated router port mapping.
- IPSsec tunnel creation
- IPv6 VPN.
A MobileMe account is required to provide the authentication to establish Service Discovery Domain Name System entries and ISsec tunnel creation.
The Service Discovery Domain Name System is operated by Apple to provide a directory of IPv4, IPv6, service, pointer and text records used by BTMM to keep track of where your fixed Mac is and the addresses and ports required to access it.
NAT-PMP or UPnP is used at the fixed location to automatically configure the local NAT router with a port mapping to permit the IPsec traffic to enter from the internet and be mapped to the fixed Mac. Almost every home router is a Network Address Translation (NAT) router. Not all home routers can do Port Mapping Protocol (PMP) or Universal Plug and Play (UPnP).
IPsec tunnel creation is initiated when a roaming Mac clicks on the fixed Mac's share in the Finder or attempts any other connection. The IPsec tunnel first performs an authentication exchange using credentials based on the MobileMe account.
Finally IPv6 routing is established on the Macs and IPv6 traffic is routed through the IPsec tunnels to create a VPN interconnecting the Macs.
The fixed Mac must be behind a NAT-PMP or UPnP enabled router. The roaming Mac does not have router requirements other than open outbound access to the Internet.
References
No comments:
Post a Comment