31.2. Using Mac OS X Server's VPN Services
VPNs have shown up in numerous spots in this book. Because they let a user encrypt all the network traffic traveling between a local computer and a remote computer or network, they provide excellent security (even in inherently insecure situations such as using open Wi-Fi hotspots). They also give the user access to resources that would otherwise be available only on the local network, making them ideal for employees who need to reach servers behind a corporate firewall when working from home or traveling.
For more on VPNs, see Chapter 7 (sharing files and other resources with other users), Chapter 11 (accessing other computers securely, even with unencrypted protocols such as FTP), Chapter 12 (VPNs from the client's viewpoint), and Chapter 16 (using wireless networks securely).
Of course, configuring a client computer for VPN access is only half the equation. You also need a VPN server to connect to on the other end — one that's already connected to the network you need access to (and, usually, also to the public Internet). You can sign up for commercial VPN services or buy stand-alone VPN appliances that do nothing but provide VPN services to your users. However, if you have Mac OS X Server, you already have everything you need to provide VPN access to your users. Mac OS X Server's VPN services let you turn on L2TP over IPsec, PPTP, or both and exercise complete control over who can connect to the VPN from the outside.