I just got a Mac Mini Server 2011 to set up as a home server. One of the main features I want to use is a VPN so I can access my files on my local network when I'm away from home. I live in Japan and I have a Japanese optical connection to the internet that runs through two boxes before I can use it in any form: some sort of modem, and a "gateway" which I literally just found out is also acting as a router and serving DHCP addresses. In addition, I have a 2TB Time Capsule that, until just recently, I had been using in the "Share a Public IP" mode because I didn't realize the gateway was also issuing DHCP addresses. I cannot simply plug my TC into the modem in place of the gateway - both are required to access the internet. Until today I had both routers using DHCP on the local networks they each created. Under that environment, I had finally configured Lion Server to file share (easy), manage network accounts (moderate), and serve Profile Manager (difficult). But despite my best efforts at mapping the ports on the Time Capsule, I just couldn't get the ports open using tools like canyouseeme.org, so the VPN was a no-go. That's when I realized the gateway could be a router too, so with some creative google searches, and extensive use of google translate, I was able to figure out how to open ports on the gateway. It does it pretty differently from the Time Capsule and other routers I've seen. It asks you define the host on the LAN (what i assume to be the target IP), the protocol (TCP vs. UDP), and then a range of ports for it to open. I plugged in the IP of the Time Capsule, opened all the UDP ports (since it was an option to just open all, and I figured 1) the TC would still protect my network and 2) it would just be a test), but I still couldn't see the ports as being open. So then I got desperate, and I switched the TC back to Bridge Mode, reconfigured the Server and my MBP (my client Mac) to the new IP addresses being served by the Japanese gateway, and tried again. I think I reconfigured the DNS settings in Server Admin properly to account for the change in IP, and then updated the services in Server.app, but now I can't even get to my server homepage (the apple placeholder page) using either its IP or its .private domain, and to make matters worse, I STILL can't seem to get the ports open (yes, I changed the port mapping to send it directly to the server IP as the target after the change). To add insult to injury, the wired ethernet connection I had been running from my TC to the MM Server is now reporting a cable unplugged (it's not), even when I plug it directly into the gateway, though I am able to connect wirelessly. Does anyone have any idea what's going on? Why can't I get these ports open? (By the way, I called my ISP and they said they aren't blocking any of the ones I'd want to use for VPN.) What is the *better* set up - using the TC as a second LAN, serving its own DHCP addresses, or using it in Bridge mode? Why did these changes sever my wired connection? I was getting even more problems (like loss of internet connectivity on all devices) using the TC in bridge mode, so I decided to go back to the dual network setup.