Access server away from home

At its simplest, a virtual private network connection from your client to your firewall (preferred) or (more problematic) into your server.

Get yourself a VPN-capable firewall, and preferably with DynDNS support (assuming you don't have public static IP, DynDNS gets you an easier way to get your firewall IP address), and configure a VPN client network connection from your client to the VPN server in your firewall.

Yes, you can also use a NAT-capable box such as an AirPort Extreme or a Time Capsule as your "firewall" here, so long as you set port-forwarding the necessary ports through to the VPN server in your Mac OS X Server box, though there have been issues with that and you might find PPTP necessary and L2TP problematic.

As for the not-simple part, and as for the IP ports you'll be working with here, UDP ports 500, 1701 and 4500 and the IP-ESP protocol (IP protocol 50, ESP) for L2TP, or you'll want TCP port 1723 and the IP-GRE protocol (IP protocol 47, not port) for PPTP, this at the firewall for any passthrough. UDP 4500 is for NAT traversal, so you only need that if you're doing pass-through. And try both L2TP and PPTP, while you're testing. And yes, the latter is less secure than the former.

DynDNS is irrelevant to getting the connection through to the server, the port forwarding, and the rest of the "fun" here. DynDNS gets from a memorable nickname to an IP address; it gets your IP router's public address for you.

Getting a network connection from your remote client box will use that public IP address, routing packets to and through your FiOS router, through your Airport, and along to your server. Exactly how that works is dependent on how your FiOS router is configured, and how your Airport is configured, and how your server is configured.

[Here is some basic documentation on the client end|https://www.publicvpn.com/support/MacOSX105.php] of a VPN. At its simplest, a virtual private network connection from your client to your firewall (preferred) or (more problematic) into your server.

As for the not-simple part, and as for the IP ports you'll be working with here, UDP ports 500, 1701 and 4500 and the IP-ESP protocol (IP protocol 50, ESP) for L2TP, or you'll want TCP port 1723 and the IP-GRE protocol (IP protocol 47, not port) for PPTP, this at the firewall for any passthrough. UDP 4500 is for NAT traversal, so you only need that if you're doing pass-through. And try both L2TP and PPTP, while you're testing. And yes, the latter is less secure than the former.

Yes, this probably looks like gibberish. Welcome to IP networking.

If you get a VPN-capable firewall and get at least the Airport out of the connection, things are generally easier. Getting the connection into your network will involve sorting out exactly what networking gear you have (it's all different) and what it can do.

As for some additional sources of information, see [here|http://forums.verizon.com/t5/FiOS-Internet/Setting-up-VPN-with-Actiontec- Router/m-p/34487]; there seem to be a number of discussions of setting up VPNs with the Verizon FiOS pieces, though it is dependent on which router you have. And again, I'd likely see if I could get a VPN-capable gateway connected to the ActionTec or Westell or whatever router is in use, and not try to further forward this via WiFi and Airport. That's adding more pieces to a complex configuration.

Ok so would you suggest completely bypassing the apple router for the xserve, because i can do that if it makes it easier. As far as the fios goes, i think i can call up and have them (if im using the term correctly) "open a socket" in the router specifically for the xserve. then from there i can use dyndns.

(Just repaired an Xserve box, too. Bad video mezzanine card. But I digress.)

If your ISP is blocking ports at your demarcation router, then yes, they'll need to alter that. To get where you want with VPN pass-through, your ISP will either have to "open the ports", or establish "port forwarding" or (and this is the best, if they'll do it, and if you have an external firewall) reconfigure this device or replace this device with a device that supports "bridge mode" or "bridging".

For VPN pass-through, I usually end up opening and forwarding the VPN ports from Apple's [TS1629 well-known IP ports list|http://support.apple.com/kb/ts1629] manually.

PPTP expects GRE (protocol 47) and TCP port 1723.
IPSec expects UDP port 500 and ESP (protocol 50) for site to site non-NAT.
L2TP expects UDP port 500, UDP port 1701 and UDP port 4500 when behind NAT.

GRE and ESP are IP protocols, and not IP ports.

I'd tend to open both L2TP and PPTP ports for forwarding here, just to give you some options.

A bridge is effectively transparent, and cedes all control of and all management of your internet-facing activities to your own external firewall gateway box. You'll definitely want a firewall gateway, if you choose this path. Preferably one with VPN server capabilities, which is a step above the VPN pass-through capabilities that the cheapest boxes offer. Running Xserve as a firewall is tricky, and Mac boxes don't make good firewalls in my experience.

I'd generally prefer a bridge in these configurations, as that means I'm running (my own) gateway firewall box, and not calling the ISP for changes to the gateway router. And that I can VPN to my own gateway, and the gateway (because it has a VPN server) allows me connection to any hosts on the target LAN and not just to one host.

DynDNS is irrelevant to this part of the connection. It's little more than an electronic phone book that can get your remote client callers from a nice name to something your remote clients can actually dial; from a domain name to an address. DynDNS has nothing to do with port forwarding, routing, or any of the gnarly stuff here.