After being inspired by Dan Moren1 a long time ago, I finally went to the trouble of configuring a personal VPN, with macOS Server and my always-on iMac.
The first part was to configure a domain name with dynamic DNS, to point at my home network. I used ChangeiP to create a free domain name for this purpose. To transmit my current IP address to ChangeiP (and to OpenDNS), I purchased IP Monitor from the Mac App Store.
The second part was configuring the VPN service in macOS Server. I’m listing the steps here, but I wouldn’t have figured this all out without Todd Olthoff’s YouTube series on El Capitan Server. Here we go:
- In the server Overview panel, I edited the Host Name to match the DDNS domain name I configured with ChangeiP. This involved switching from a .local name to an ‘Internet’ name (the domain name), so the server is accessable from the broader internet.
- Then in the VPN panel, I set the ‘VPN Host Name’ to match the domain name.
- I generated a ‘Shared Secret’ using 1Password.
- I configured the client address range for IP addresses beyond our router’s dynamic set, and beyond the few static IPs I’ve set up.
- I pointed the DNS Settings to point to our Time Capsule (which is where all machines on the network go for DNS).
- I turned the service on.
I had initially let Server configure DNS for me, but disabling it hasn’t negatively impacted anything, so I’m leaving it off for now.
The only thing left to do was to set up the client devices. On the Mac:
- Open Network Preferences, and hit the ‘+’ button to add a new service.
- Select VPN from the drop down, and set the VPN Type to ‘L2TP over IPSec’.
- Set the server address to the domain name.
- Set the account name to your account (as configured in the ‘Users’ panel of the Server app).
- Open Authentication Settings and enter your account password, as well as the Shared Secret.
- In Advanced…, I selected ‘Send all traffic over VPN connection’.
The process is very similar on iOS; you can access it from Settings -> General -> VPN.
-
Dan pointed to some Macminicolo instructions that I found very intimidating - I think most of the steps they outline are really only necessary if you’re hosting your server in a datacenter like theirs. ↩