OS X Server / VPN /The L2TP-VPN server did not respond...HELP!

Two things you didn't mention that I suggest you try:

1. at your firewall (router, modem, whatever), you need to open the ports used by the VPN protocol you are using. When the remote computer tries to connect to your server, your router has to pass the info from these port(s) on o your server so your server sees the incoming communication. Youll need to forward any incoming info on those particular ports on to your server's INTERNAL IP address (ex., 192.168.1.xx). Also, you'd want to set your server's internet prefs to have a static IP address inside your network. That way, it doesn't grab a randomly assigned IP address every time it boots up. If your server's internal IP address changes often, then your router can't forward traffic to it.

2. The address of your server will be <server>.dyndns.org, not <server>@dyndns.org. Note the dot, not the @.

Your particular error message suggests that packets aren't reaching your server. You'd get a different error message if the server refused the conneciton due to password mismatch.

Need more info:

What appliance do you have providing your internet to your home/office? The thing upstream of your airport base station. Can you describe your network topology, starting at the cable modem/DSL router?

I suspect that you haven't opened the VPN ports on your cable modem/DSL router. That is the device that needs to forward VPN packets from the outside world to your server. You'll need to go thru whatever configuration interface that device has.

When you are outside your home/office, you'd connect to your server by connecting to the 98.255.xxx.xxx address. Dyndns and no-ip make this part easy by generating a URL that always points to your home/office router, even if your ISP periodically re-assigns IP addresses.

10.0.1.1 is your "private" IP address inside your network. It is meaningless outside your network. The airport base station takes one signal in, and generates "private" IP addresses for all the devices inside your network. Traffic that leaves your network and goes out onto the public internet has this private address removed by the router, and replaced with your "public" IP address (provided by your ISP). This is how all the devices in your home/office can share a single IP connection provided by your ISP. It's called Network Address Translation (NAT). It's a little too technical, but this might help -> http://en.wikipedia.org/wiki/Network_address_translation

If both your Cable Modem/DSL Modem and your Airport Base Station are providing NAT, then that can lead to complications. It's best to turn one or the other off. On my network, I've got the DSL modem doing NAT, and beneath that an Airport Extreme that I've set to "Bridge mode" so it doesn't do "Double NAT". That also means only on device to configure as far as opening VPN ports. This explains Double NAT -> http://support.iprimus.com.au/index.php?Itemid=214&id=517&option=com_content&tas k=view

Couple of things.

On your 3rd screenshot, you have VPN turned on. That's good, but doesn't show me what port you are forwarding the VPN traffic to. Make sure that that item is forwarding VPN traffic to the INTERNAL IP address of your server (ex., 10.0.1.2).

On your 4th screenshot, you've listed your own computer as being the source of DNS info. You need to replace that with the IP address of a DNS server OUT THERE in the internet. I've attached a screenshot of what I use (Open DNS servers). Your computer will provide DNS to other computers (and itself) that are within your network, but to GET that info for itself, it must be looking to a DNS server outside your network to get it's info from.

On the second screenshot, remove the Comcast DNS entry (75.75.76.76), and just put your own server's DNS in twice (10.0.1.2). There's no precedence as to which of these servers one of your computers will try, so when they try the comcast DNS server, they won't see the features that are being advertised as available by your own server. By lacing your server in both blanks, all macs that join your network will be forced to use your server as the DNS server. Your server will then get it's own DNS info from the outside DNS server you manually enter in the server config.

The screenshots show your server's ACTUAL private IP address is 10.0.1.4. You have configured all your other settings as if your server's address is 10.0.1.2. They need to match.

I system prefs on your server, open the network settings, and change it from automatic to manual and manually specify it to have IP address 10.0.1.2.

So in your third screenshot above, on your client Mac. Instead of entering "server.whatever.private" in the Server Address box, you'll need to enter the public IP address of your network (98.255.whatever.whatever).

If you have a DynDns account pointing to your server, then you would use that in the address field instead of a hard-coded IP address number. That's optional at this point, but helpful in the future.

See the picture for where to enter your public IP address. This is a configuration you make on the laptop/portable, not on the server. You're telling the laptop the IP address (e.g., phone number) it needs to know to call the server.

You would enter the IP address that your ISP assigns your router here (98.255.something.something).

Now if you have registered your server with DynDNS, No-Ip, etc., you'd have a URL name you set up with them (ex., joeblowserver.dyndns.com). You could enter THAT URL in this box shown above instead. That way, if/when your ISP changes your public IP address (which they do occassionally), you could still access your server.

I forgot to mention that testing VPN requires that you take your laptop OUTSIDE of your own network, to see if it works. You'd have to go to a friend's house, coffee shop, etc. If you're trying to VPN to your server from inside your own network, it probably won't work.

Kind of right, kind of wrong.

Yes, you can use the VPN feature on your phone to tunnel all data traffic (encrypted) to your server at home via VPN. It would then go out from your server to the internet, in a standard format. That's good for doing stuff on your phone that your are worried about being eavesdropped on by someone sniffing wireless packets in a coffeeshop or some other non-protected wireless situation. The VPN feature on the iPhone works both over Wifi and cellular data (LTE, 3G, etc.). You need to configure the VPN on your phone one time (access via settings). After that, you'd just flip the on/off switch you see in the settings to turn it on/off.

Your server is your "home base" that your phone or laptop connect to via the encrypted VPN tunnel. The data would then go out onto the internet from your server to it's ultimate destination on the WWW. That part of the journey would not be encrypted by VPN. It would just be standard WWW data packages from that point on.