System information
146 Chapter 9 Customizing Services
Both server and client computers must have the shared secret. A computer with
Mac OS X v10.6 Snow Leopard can automatically get the shared secret and be set
up to make connections to the server’s VPN service. See “Setting Up Users’ Macs
Automatically” on page 105.
Other Mac and Windows computers can be congured in dierent ways to connect to
the VPN service. See “Setting Up a Mac User’s VPN Connection” on page 11 5 and “Setting
Up a User’s VPN Connection Manually” on page 117 .
VPN service and your server’s rewall can both allow access to services from outside
your local network. The dierence is that VPN service requires authentication for access,
but allowing access through the rewall doesn’t require authentication. If VPN service
is on, you may not need some services exposed to the Internet through your rewall.
For example, you might set the rewall to expose only your web services to the
Internet so that the public can view your wikis and custom websites (subject to
authentication and access restrictions you impose). Your server’s users can access other
services—le sharing, Address Book, iCal, iChat, and mail—through a VPN connection.
If you want to allow access to VPN service on the Internet and you have a cable router,
DSL router, or other network router:
Your router must have port forwarding (port mapping) congured for VPN service. Â
For more information, see “Protecting a Small Network” on page 35.
Your router and VPN users’ routers must be congured so that they don’t assign Â
conicting IP addresses. For more information, see “Providing VPN Service Through
an Internet Router” on page 150.