I don't know a good source to recommend, but here is the overall strategy that I use:
1. Get a static IP address for your Internet service.
2. Configure port forwarding on your router using Apple's VPN info at http://support.apple.com/kb/TS1629 (the ports & protocols used depend on the which VPN protocol is being used).
3. Configure your server with a private static IP (this is standard practice on servers).
4. Configure Open Directory on your server. Local Accounts may or may not work with the PPTP protocol. I normally only use Local Network Accounts for most of my VPN setups.
5. Configure the VPN service (turn it on and configure client VPN IP ranges that don't overlap with your DHCP range).
6. Make sure the user accounts on the server are enabled for the VPN service.
7. Configure a client and test. This can be done first on the local network to test the service. Then it can be done from outside the local network to verify the router is configured properly.
8. Optional--Define an A record to your public IP address. This allows for easy client setup.
- Configure your local DHCP service to provide an uncommon IP range so that clients are not using the same range. For example, don't use 192.168.1.x as the IP range on your server's network. Any VPN client that uses this same range will have problems using the VPN. Instead use 192.168.15.x.
- It is preferable to use L2TP over IPSec as your VPN protocol due to stronger encryption.
- It is possible to have both L2TP over IPSec and PPTP protocols active at the same time. This is useful for older clients that don't work well with L2TP (mostly Windows) and can be useful when L2TP is unstable (this has happened in the past with OS X Server bugs).
Apple Consultants Network