Your server needs an IP address that the public Internet can count on as the location of your web server. A static IP address is assigned to you from your ISP.

• If you’re part of a large organization, consult with the person who controls the addressing, the router, gateway, or firewall that connects your network to your ISP.

  The IP address is used by the domain name system to establish a link between the human-readable domain name and the machine-readable IP address.

Here’s some important Internet naming terminology you need to know:

• The Domain Name System (DNS) is the way the Internet links machine-readable static IP addresses to human-readable domain names.

  Dynamic DNS is a way to use human-readable naming with IP addresses that change regularly and are periodically reassigned. If you didn’t get a public, static IP address, you’ll have to use Dynamic DNS rather than normal DNS.

• The host name is the name your server is known by on your local network. For example, you could name your server “myserver” or whatever else would uniquely identify it on your network.

• The domain name is the name that designates a large organization rather than an individual member. For example, Apple’s domain name is “apple.com.” Documentation about Internet services sometimes uses “example.com” as a domain name. Domain names are leased from a Domain Name Registrar (a company that keeps track of domain names and makes sure they’re unique).

• A fully-qualified domain name includes the host name and the complete domain name.

• A DNS provider keeps a record of the domain name and the fully-qualified domain name, and the static IP address they’re associated with.

• If you’re on your own for this lesson, you need a domain name and a host name. You can pick out your own host name, but you need to lease a domain name.

  If you’re part of an existing organization, there’s a good chance you already have a domain name (like example.com) and some system for picking host names. Your organization should also have a DNS host to link your static IP address and domain name to each other.

  For this lesson, you’ll see the following placeholder names:

  Setting	Placeholder name
  Domain name	example.com
  Hostname	www
  Fully-qualified domain name	www.example.com

  WARNING: Don’t use the placeholder settings in this tutorial. The name “example.com” is reserved for use in documents like this, and won’t work in real software configurations. Use your own settings.

• Open the Server app to see the list of services available in OS X Server. Select VPN.

  Use the following settings:

  Setting	Value	Why?
  Configure VPN for	L2TP	L2TP is natively supported by Mac computers.
  VPN Host Name	myserver.example.com	The fully-qualified domain name linked with the public, static IP address.
  Shared Secret	Leave as is	An automatically generated string that acts as the “password” to the VPN service.
  Client addresses, Routes	Leave as is	Changes aren’t needed for this lesson.
  DNS settings	Leave as is	You only need to change this if your ISP or organization has specific settings for you.

  WARNING: To prevent network conflicts, the addresses provided by the VPN service should not be the same as the addresses provided by the network administrator via DHCP. Work with your network administrator, or make sure your own router isn’t trying to distribute the same addresses as the VPN service.

  

• Port forwarding can be done automatically if you’re using an AirPort Base Station that’s configured using Server app. Click “Allow” when Server offers Internet access for VPN.

  

  If you’re part of an organization, there’s probably a firewall that needs to be adjusted to let VPN connections through. Similarly, if you’re setting this up using an Internet router or Wi-Fi access point, you’ll need to set port forwarding.

  Firewalls and NAT routers (gateways) block unwanted external connection attempts, and need to be explicitly told to allow unsolicited external connections. These connections (called “ports”) are numbered. Think of these ports as tunnels or holes in a wall that connect the outside to a specific place inside, handled by the service.

  In your router’s configuration software, open or forward the following ports for VPN:

  Port	Type	For use with
  500	UDP	ISAKMP/IKE
  1701	UDP	L2TP
  4500	UDP	IPsec NAT Traversal

• After checking all the settings, turn on VPN service.

  

  Click Save Configuration Profile, then save the document (remember where you save it—you’ll use it to test the settings later).

  The profile file looks like this:

  

• Copy the configuration profile to the external Mac, then double-click it to install it. During installation, provide the login name of the test user.

  

• Using the test Mac on an external network, choose Apple menu > System Preferences, then click Network. Select VPN, then click Connect.

  When the connection is successful, it’s reflected in the preference pane, and you’ll see an IP address from the range of addresses for VPN connections.