So, I decided to get Lion Server to run at home on my Mac Mini (used mostly as backup server and media server). I was looking at options for setting up a VPN through other means, and realized with the price of Lion Server, it was a better option to go rather than the headaches.
However, I still had an issue. As I saw with other people's posts, I could connect to the VPN successfully from within my network but not from outside. Linksys router was configured correctly for ports 4500, 500, and 1701 UDP port forwarding. After more banging my head against the wall and reading threads, I couldn't find out why it worked, bu many suggested there may be an issue with the Linksys firmware (of which I was on the latest). So, I decided to install DD-WRT instead (which I wish I had dont LONG LONG ago now that I see it in action).
The problem went away.... at first! I was able to VPN into my network from outside with no issues. But a little later, it stopped working. I'd seen people mention this before. Back to My Mac sets up a UPnP port forward for 4500 and 5353. But I had it disabled on all my Macs. With DD-WRT, I was at least able to get more information about the UPnP status. I confirmed that my Mac OS X Lion MacBook Pro was what was requesting port 4500 and 5353 udp via UPnP.
***??? Back to My Mac was disabled. I verified this. I turned of the "Find My Mac", just in case that was the issue. Still didn't help. Each time, I would manually remove the UPnP mappings from the router, and after a short time, they would come back. So, I ran netstat on the Mac laptop to see that it was indeed an open udp port on my laptop. I ran "lsof -Pi" to verify what process was actually associated to the port. Port 4500 is tied to racoon (same thing that the VPN server on the Mac Mini uses, but I'm guessing regular OS X uses it for other things). So, just to try and make sure...I manually killed (sudo kill PID) racoon. I reset the router and test again... a short while later, AGAIN, UPnP shows a port map for 4500 and 5353 to my mac laptop. ***?!?! Port 4500 isn't even open on my Mac (I verified).
So, my question, how the heck do I keep whatever it is on my Mac laptop from screwing with my VPN setup? I leave UPnP enabled because it's used for other things, and so I cannot disable that entirely. But I couldn't find anyone pointing out that disabling Back to My Mac didn't result in not causing UPnP to map the port.