Ddns macos Server questions

[misanthrophy]

Hi,

I want to setup my Mac with the server.app. it works perfectly fine in my own wifi with syncing contacts and calendar entries. But I am not able to connect with it from the outside.

I know I need DDNS to get that working, but I have a couple of questions how to fix this the best way.

I am using a VPN connection with a static IP address. (Trying to use that ID address does not allow me to connect to the server)
--> Can I fix that with port forwarding?

I have a Synology Router which allows me to create a DDNS built in into the router.
--> Can I use that built in option to forward it to the server?

Do I need to configure a DDNS instead?
-->Is there still some work needed regarding my VPN?

 

[Mikael H]

Hi,

I want to setup my Mac with the server.app. it works perfectly fine in my own wifi with syncing contacts and calendar entries. But I am not able to connect with it from the outside.

I know I need DDNS to get that working, but I have a couple of questions how to fix this the best way.

I am using a VPN connection with a static IP address. (Trying to use that ID address does not allow me to connect to the server)
--> Can I fix that with port forwarding?

I have a Synology Router which allows me to create a DDNS built in into the router.
--> Can I use that built in option to forward it to the server?

Do I need to configure a DDNS instead?
-->Is there still some work needed regarding my VPN?

I have no idea how knowledgeable you are, so I'll start with the basics:
1. You're talking about a VPN service, so I'm guessing you don't have a publicly available IP address at home? If you do, that is probably preferable.
2. If you have to use a VPN service, and you're not the sole administrator of that service, and you're not a network specialist, please do yourself a favor and make sure the VPN endpoint on your side is very secure. This includes setting up a firewall to block everything incoming over the VPN, except connections initiated by yourself and the very few services you truly want to present to the Internet.
3. Is the IP address on the other side of the VPN one you have full control over, or do you share it with others? If it's yours, gaining access to the service shouldn't be much harder than to forward relevant ports to your server. If it's not, you'll likely want to make your server listen on a non-standard port, forward that port across the tunnel instead, and make your clients connect to that port whether at home or over the VPN.
4. However you do it, make sure to secure communications over this channel using TLS certificates. Otherwise you're opening up your authentication credentials for others to read. Certificates can be bought for a year or two at a time from commercial Certification Authorities (CAs) like DigiCert, or they can be had for free, for three months at a time, from Let's Encrypt. If you choose the latter, search for how to renew certificates automatically, or you'll likely forget to at some point..
[doublepost=1537192580][/doublepost]As for your other question:
Using your Synology router as a DDNS client: Yes, that is possible. Unless your Synology router is the endpoint for the VPN, it won't do you any good, though. As for using your home router as an endpoint for a public VPN service, see my previous reply, but in short: It's most likely not a very good idea.

 

[Altemose]

Hi,

I want to setup my Mac with the server.app. it works perfectly fine in my own wifi with syncing contacts and calendar entries. But I am not able to connect with it from the outside.

I know I need DDNS to get that working, but I have a couple of questions how to fix this the best way.

I am using a VPN connection with a static IP address. (Trying to use that ID address does not allow me to connect to the server)
--> Can I fix that with port forwarding?

I have a Synology Router which allows me to create a DDNS built in into the router.
--> Can I use that built in option to forward it to the server?

Do I need to configure a DDNS instead?
-->Is there still some work needed regarding my VPN?

Dynamic DNS is merely a way to put a never changing domain name to a otherwise public dynamic IP address. Many people use it to map a domain name like "smith.dns.com" to an IP address that is subject to change. If you already have a static public IP address (not a private address), then the need for a dynamic DNS service is mitigated.

Many routers will by default block the appropriate ports for VPN. Therefore, you may need to either port forward or adjust your firewall settings to permit VPN access on macOS Server. Using the Synology router to configure DDNS merely handles the automatic updating of your IP, and assigns your network with a domain name. It will not automatically allow VPN access.