[box type="tick" style="rounded" border="full"]Download the Using Apple OS X Lion Server at Home eBook Now

If you’ve been enjoying our Using Apple OS X Lion Server as a Home Server series, then make sure you pick up a copy of the accompanying eBook. You’ll find additional chapters and information on using OS X Lion Server to power your digital home that won’t be available here on the site, and with all of our walkthroughs available in one convenient document (ePub or PDF), it’s far easier to install and configure your server without having to click backward and forwards to the website.

Buy Using OS X Lion Server at Home – £14.99

[/box]

[box type="info" style="rounded" border="full"]Articles in this series…

[/box]

So far, remote access to our Lion Server has been restricted to viewing the server webpage and checking out our Calendar remotely. That’s providing a little bit of value, but we need more! The good news is that we can remotely log in to the server from a remote location, and use it just as if we were sitting in front of it at home, using a VPN (Virtual Private Network) connection. I won’t bore you too much with the technology, but I should cover a couple of things before we get started.

Think of a VPN connection as a private, secure “tunnel” that you set up between your remote computer (PC, Mac, Linux all supported) and the server, through which data passes back and forth. It allows you to access files, folders, printers and other network resources directly, so is very handy for mobile working. Media streaming? No, it’s not really set up for that – you’re better off using alternative cloud services that provide a faster, more seamless connection.

There are two types of VPN connection, both of which are supported on OS X Lion Server, but one that Apple promotes heavily (as it’s more secure). That protocol is called L2TP (Layer Two Tunneling Protocol). The second protocol, PPTP (Point to Point Tunneling Protocol), is an older technology and considered to be less secure – a modern VPN client should work with either protocol, but Apple only allow you to activate PPTP on Lion Server via the command line. They really don’t want you to use it. So, all you need to remember is that your Lion Server VPN connection uses L2TP, if you’re asked. As we’ll see, connecting a Mac client to the Server via a VPN connection is reasonably automated, so if you forget, there won’t be a crisis.

Enabling VPN On OS X Lion Server

On your server, open up the Server app and select VPN in the left hand menu. There are not too many controls available in the VPN configuration panel, but there are a few points we need to cover in advance of switching on our VPN service.

vpn panel 300x285 Using Apple OS X Lion Server as a Home Server (VPN Configuration)

 

In the panel, you’ll notice something called a Shared Secret. A Shared Secret is a string of characters (a little like a password) that exists on both the server and client. Unlike a password, you don’t need to type it in each time you wish to make a VPN connection – it sits in a file on both computers. That means you can make it completely random and reasonably long (at least 8 characters). When you try to connect to the server over VPN, the server will check with your client computer whether it has the shared secret. If so, the connection continues. If not, it won’t. So an important part of enabling a VPN connection to the server is creating that shared key and downloading it to your clients.

The next thing to mention is IP Address Range. You thought we were through all of that IP address wrangling, didn’t you? Well, we have a little more to do on our IP address configuration here, but don’t worry – it’s straightforward stuff. When you set up a VPN connection, your client computer receives an additional, second IP address that is used exclusively for that VPN connection. The first, regular, IP address is used for the network connection (whether it’s a wireless connection or wired) and the second is for your VPN traffic. It’s very important that these two IP addresses are different, so we tell the server only to offer IP addresses in a specific range that we know isn’t used for those regular network connections. For example, if the router (or server, depending on your configuration) grants network addresses in the 192.168.1.2 – 192.168.1.100 range, we should configure the VPN address range to be something like 192.168.1.150 – 192.168.1.199.

Thirdly, Port Forwarding. I covered port forwarding in Chapter 5, so refer back if you need to. Before configuring VPN on the server, ensure your router is forwarding the following ports to your server’s IP address:

 

  • TCP 1723
  • UDP 500
  • UDP 1701
  • UDP 4500

 

This ensures that when VPN requests and other traffic is received by your router from the outside world, it will send it to your server (rather than your Xbox 360 by mistake).

To read the rest of this chapter, including VPN Server and client configuration on OSX, Windows and iOS check out the Using OS X Server at Home eBook.

[box type="tick" style="rounded" border="full"]Download the Using Apple OS X Lion Server at Home eBook Now

If you’ve been enjoying our Using Apple OS X Lion Server as a Home Server series, then make sure you pick up a copy of the accompanying eBook. You’ll find additional chapters and information on using OS X Lion Server to power your digital home that won’t be available here on the site, and with all of our walkthroughs available in one convenient document (ePub or PDF), it’s far easier to install and configure your server without having to click backward and forwards to the website.

Buy Using OS X Lion Server at Home – £14.99

[/box]