Mac OS X Server as VPN End-point and File Server

Posted on by Michael

When I wrote about setting up a Mac Mini Server up for basic operation, I promised showing how to set it up as a VPN endpoint, but ended up forgetting to.  Also, I neglected to show how to add file shares. Let’s remedy that now.

VPN End-point

This is really easy.  As I only use Macs, I use the stronger L2TP VPN setup.  Aside from enabling it, I also modify the IP range supplied to clients (as I use the 10.0.0.0/24 subnet at home) to use 10.0.101.0/8.  I don’t need load balancing, and use the directory for passwords.  Finally, I change the server to use a shared secret (no, you can’t have it) rather than certificates.  All in all, this amounts to:

VPN L2TP Setup

For client information, we just supply the same DNS information we used for DHCP:

VPN Client Information Setup

Clicking on connections at the top allows you to monitor all active connections:

VPN Connection Monitor

Of course, here, the VPN connection makes no sense, as it is initiated from the local network.

File Sharing

OS X Server automatically adds 3 shares: Groups and Users (for access to group and user directories) and Public (allows everyone to download files).  Rather than having to administrate my web-server over a remote desktop, I’d prefer to be able to mount the document root of the web-server directly on my laptop and iMac.  For this, it is natural to add another share point.

Let’s first look at the file sharing preferences.  I am only concerned with AFP (Apple Filing Protocol), but SMB and NFS (for Windows and Unix, respectively) are quite similar (and the procedure for adding share-points identical).  Basically, I have set AFP up to disable the guest account and allowing the administrator to masquerade as any user:

AFP Access Setup

Next up is adding our new share point.  Go to Share Points and select to Browse Volumes.  Then navigate to the location you wish to share:

Adding a New Share

Click on the Share button to the top right; you can now select options to automatically mount the location on clients, allow clients to search the volume and to use the share as destination for backups.  Finally, you can set options for the various file sharing protocols (e.g., disable the share for SMB).

Sharing Options

At any point, you can get a List of all Share Points and modify both sharing options and permissions:

List of all Share Points

You can also monitor all active connections and even message clients or disconnect them:

AFP Connection Monitor

Finally, you can get neat-o usage graphs:

ThroughputAverage Connected Users

That sums up my presentation of OS X Server.  All in all it is pretty neat, and makes setting up a server quite easy.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.