How to Guides, Mac OS X Server

Using Apple OS X Lion Server as a Home Server (VPN Configuration)

vpn-panel

[box type=”tick” style=”rounded” border=”full”]Download the Using Apple OS X Lion Server at Home eBook Now

If you’ve been enjoying our Using Apple OS X Lion Server as a Home Server series, then make sure you pick up a copy of the accompanying eBook. You’ll find additional chapters and information on using OS X Lion Server to power your digital home that won’t be available here on the site, and with all of our walkthroughs available in one convenient document (ePub or PDF), it’s far easier to install and configure your server without having to click backward and forwards to the website.

Buy Using OS X Lion Server at Home – £14.99

[/box]

[box type=”info” style=”rounded” border=”full”]Articles in this series…

[/box]

So far, remote access to our Lion Server has been restricted to viewing the server webpage and checking out our Calendar remotely. That’s providing a little bit of value, but we need more! The good news is that we can remotely log in to the server from a remote location, and use it just as if we were sitting in front of it at home, using a VPN (Virtual Private Network) connection. I won’t bore you too much with the technology, but I should cover a couple of things before we get started.

Think of a VPN connection as a private, secure “tunnel” that you set up between your remote computer (PC, Mac, Linux all supported) and the server, through which data passes back and forth. It allows you to access files, folders, printers and other network resources directly, so is very handy for mobile working. Media streaming? No, it’s not really set up for that – you’re better off using alternative cloud services that provide a faster, more seamless connection.

There are two types of VPN connection, both of which are supported on OS X Lion Server, but one that Apple promotes heavily (as it’s more secure). That protocol is called L2TP (Layer Two Tunneling Protocol). The second protocol, PPTP (Point to Point Tunneling Protocol), is an older technology and considered to be less secure – a modern VPN client should work with either protocol, but Apple only allow you to activate PPTP on Lion Server via the command line. They really don’t want you to use it. So, all you need to remember is that your Lion Server VPN connection uses L2TP, if you’re asked. As we’ll see, connecting a Mac client to the Server via a VPN connection is reasonably automated, so if you forget, there won’t be a crisis.

Enabling VPN On OS X Lion Server

On your server, open up the Server app and select VPN in the left hand menu. There are not too many controls available in the VPN configuration panel, but there are a few points we need to cover in advance of switching on our VPN service.

 

In the panel, you’ll notice something called a Shared Secret. A Shared Secret is a string of characters (a little like a password) that exists on both the server and client. Unlike a password, you don’t need to type it in each time you wish to make a VPN connection – it sits in a file on both computers. That means you can make it completely random and reasonably long (at least 8 characters). When you try to connect to the server over VPN, the server will check with your client computer whether it has the shared secret. If so, the connection continues. If not, it won’t. So an important part of enabling a VPN connection to the server is creating that shared key and downloading it to your clients.

The next thing to mention is IP Address Range. You thought we were through all of that IP address wrangling, didn’t you? Well, we have a little more to do on our IP address configuration here, but don’t worry – it’s straightforward stuff. When you set up a VPN connection, your client computer receives an additional, second IP address that is used exclusively for that VPN connection. The first, regular, IP address is used for the network connection (whether it’s a wireless connection or wired) and the second is for your VPN traffic. It’s very important that these two IP addresses are different, so we tell the server only to offer IP addresses in a specific range that we know isn’t used for those regular network connections. For example, if the router (or server, depending on your configuration) grants network addresses in the 192.168.1.2 – 192.168.1.100 range, we should configure the VPN address range to be something like 192.168.1.150 – 192.168.1.199.

Thirdly, Port Forwarding. I covered port forwarding in Chapter 5, so refer back if you need to. Before configuring VPN on the server, ensure your router is forwarding the following ports to your server’s IP address:

 

  • TCP 1723
  • UDP 500
  • UDP 1701
  • UDP 4500

 

This ensures that when VPN requests and other traffic is received by your router from the outside world, it will send it to your server (rather than your Xbox 360 by mistake).

To read the rest of this chapter, including VPN Server and client configuration on OSX, Windows and iOS check out the Using OS X Server at Home eBook.

[box type=”tick” style=”rounded” border=”full”]Download the Using Apple OS X Lion Server at Home eBook Now

If you’ve been enjoying our Using Apple OS X Lion Server as a Home Server series, then make sure you pick up a copy of the accompanying eBook. You’ll find additional chapters and information on using OS X Lion Server to power your digital home that won’t be available here on the site, and with all of our walkthroughs available in one convenient document (ePub or PDF), it’s far easier to install and configure your server without having to click backward and forwards to the website.

Buy Using OS X Lion Server at Home – £14.99

[/box]

Previous ArticleNext Article
Terry Walsh is the founder of We Got Served. He started the community in February 2007 with a mission to help families, tech enthusiasts everywhere figure out the technology needed to run the modern home and small business. He's the author of a number of guides to Windows, Windows Server and OS X Server and runs his own successful publishing business. Born and raised in Liverpool, England, Terry has been awarded Microsoft's prestigious Most Valuable Professional Award each year since 2008 for his work on We Got Served.
  • Jmenzer

    I have purchased the book a few months back, but I can not figure out where do I download the updated book with the VPN chapter?

    • Hi!

      I’ve resent your download links to you which include the new chapter.

      Enjoy the read!
      Terry

      • Jmenzer

        Thanks so much!  I really appreciate it

  • Perhaps a bit of a long shot, but would the e-book version cover Mountain Lion server as well? I’m a bit stuck on some of the setup process. Thanks!

  • Colin Telfer

    Hi Terry,

    I purchased your book a while back but need the new chapter on Mail server. Do I have to buy the book again or just the updates?

    Regards,

    Colin

    • Hi Colin

      The mail chapter is in our Mountain Lion book which would be a new purchase, yes.

      Terry

Like it? Share it.

Share this post with your friends and followers.
Subscribe to We Got Served

Get the latest news and reviews from We Got Served in your inbox. Simply add your name and email address below. You can unsubscribe at any time.

x

Send this to friend