The network service most commonly used on a Lion Server is VPN. This can be seen by the fact that the VPN service can be managed through the Server application. Setting up the VPN service can be done in about two or three minutes, and as mentioned previously, if you have an Apple AirPort acting as the gateway for the environment, the VPN service automatically opens ports into the server.

VPN is short for Virtual Private Network. A VPN is a tunnel that allows interconnecting two insecure networks by establishing a discreet channel between them. There are site-to-site VPNs that connect two entire networks, but this is the type of feature typically best left for VPN appliances, such as those by Cisco or SonicWALL. For the VPN services in Lion Server, we will only be looking at L2TP, or the Layer 2 Tunneling Protocol.

The L2TP server is simple to configure. Simply open the Server application and then click on the VPN service in the SERVICES section of the Server sidebar. Here, you will see three fields, as seen in Figure 9-1. The Shared Secret is a second password used for client systems. You will also have two fields for “Assign addresses between,” which act as the first and last IP address dynamically handed out to clients who connect to the VPN. The Shared Secret will need to be provided to all VPN users and acts as a second factor in authenticating users (if the client doesn’t have the correct Shared Secret then the username and password will not be submitted ...