Why would you configure public access to your network?

You may want to allow a select group of people to access your local network and its services from the public Internet. Connecting to a private network from a public network often requires a virtual private network (VPN). Businesses most often do this to allow remote employees access to company servers while traveling.

You may not want to allow access to the entire private network, but only to a single service (for example, a website or a chat service). You can make specific services accessible only to certain users.

This is an advanced tutorial.

Before you begin

For this tutorial, you need to know:

  • Who decides server names and manages the site’s domain name

    This person could be you, if you manage your network and server naming. If you’re a member of a large organization, there should be someone (in an IT department, for example) who keeps track of server names and keeps them unique.

  • Who controls the router, gateway, or firewall that connects your network to your ISP

    This person could be you, if you’re using an AirPort Extreme Base Station to connect to a DSL provider, for example. If you’re a member of a large organization, there’s someone (in an IT department, for example) who keeps track of inbound and outbound network traffic and can assist you if your server can’t be accessed from the Internet.

  • Who controls the computer IP address allocation on your network

    This person could be you, if you’re using an AirPort Extreme Base Station to connect to a DSL provider, for example. If you’re a member of a large organization, work with someone (in an IT department, for example) who keeps track of each computer’s IP address and decides how the addresses are assigned and distributed, in order to successfully configure the VPN.

  • How to acquire an SSL certificate and configure a service to use it

    See the Secure your server tutorial.

  • The host name of the Mac providing the services

    This tutorial uses “myserver.example.com” as the server’s host name.

You also need:

  • A Mac on a network outside your local network to test the configuration

  • A client Mac that’s not the server to test the configuration

  • A user already added to the Accounts section of the Server app

    You can use your administrator account, or make another account specifically to test the configuration.

Go to Lesson 1: Configure VPN service.