Setup a Windows Server 2012 VPN

I will be showing us how to install and configure a Windows Server 2012 VPN connection. This post would focus on simple basic setup for a test environment with a single NIC on the Internal network behind a firewall.

Steps:

– Start the Server Manager

Windows DHCP Server

– Click Add Roles and Features from the Manage Menu

Windows DHCP Server

– On Add Roles and Features wizard begins and click Next

Windows DHCP Server

– Select the Role-based or feature-based installation option and click Next

Windows DHCP Server

– If you have more than one server managed via the server manager console, then select the desired server you’d like to install Routing and Remote Access on

Windows DHCP Server

– From the Roles lists select Remote Access, click Add Features on the popup window

Remote Access VPN

– Click Next

Remote Access VPN

– No additional features required at this point, click Next

Remote Access VPN

– Have a quick read on what DirectAccess & RRAS VPN is, then click Next

Remote Access VPN

– Select DirectAccess and VPN (RAS), click Next

Remote Access VPN

– Click Next after reading this if you care 🙂

Remote Access VPN

– Accept default selections and click Next

Remote Access VPN

– Review the confirmation page and click Install to begin

Remote Access VPN

– When installation is completed, click Close

Remote Access VPN

Go to Page2: Post deployment and configuration

In continuation of our VPN setup from page1, I will conclude the VPN setup in this post by running the post deployment task and configuring the settings.

Steps:

– From the Server Manager screen, click on the warning sign and click ‘Open the Getting Started Wizard’

Remote Access VPN

– On Configure Remote Access, click Deploy VPN Only. Note if you are deploying this on a domain based environment, then select either Deploy both DirectAccess and VPN or Deploy DirectAccess Only

Remote Access VPN

– From the Routing and Remote Access mmc, right-click on the server and click ‘Configure and Enable Routing and Remote Access’

Remote Access VPN

– Click Next on the wizard

Remote Access VPN

– Select Custom Configuration

Remote Access VPN

– Select VPN access

Remote Access VPN

– On completion, click Finish

Remote Access VPN

– Click Start service to start the RRAS service

Remote Access VPN

– Wait for the service to startup

Remote Access VPN

– After the service had started, you should have your Routing and Remote Access service configured

Remote Access VPN

Next Steps: We need to configure the following additional tasks

1. Add IPv4 IP address range that would be assigned to each client machines as they connect to the VPN

– From the Routing and Remote Access mmc, right-click on the server and click ‘Properties’

Remote Access VPN

– Under properties screen click IPv4 tab, select Static address pool, click Add and enter the desired IP address range on the windows popup

Remote Access VPN

– Click OK to close

Remote Access VPN

2. Enable Remote Access for users

– On a domain based network, open the properties of a domain user account via Active Directory Users and Computer mmc. Click on Dail-in, under Network Access Permission click Allow access (Note: on a workgroup server, you can enable this on local users account via Computer Management/Local Users and Groups/Users OU)

Remote Access VPN

3. Configure Windows Firewall

– To allow routing and Remote Access on local windows firewall, from Start screen, type ‘Firewall’, click Settings on the searched result, then click ‘Allow an App through Windows Firewall’.

Remote Access VPN

– Locate Routing and Remote Access and ensure Domain, Private and Public are checked

Remote Access VPN

4. Configure Perimeter Firewall

– Based on the type of firewall you have, ensure the following ports are allowed traffic to the RRAS server:

PPTP Connections:
TCP 1723

L2TP/IPSec Connections:
TCP 1701
UDP 500

SSTP Connections:
TCP 443

Please refer to this link for full details of the inbound and outbound configuration

Go to Page3: Setup client machine to connect to VPN server

This page will conclude the deployment and configuration of Routing and Remote Access VPN setup on Windows Server 2012 and we will look at configuring the client machines to connect to the RRAS server.

Steps:

– On your Windows 7 (which I am working on) or Windows 8 machine, go to Control Panel, select Network and Sharing Center

Remote Access VPN

– Click Setup a new connection or network

Remote Access VPN

– Click Connect to a workplace

Remote Access VPN

– Click Use my internet connection (VPN)

Remote Access VPN

– Click I’ll setup an Internet connection later

Remote Access VPN

– Enter either the local IP address of the RRAS server or the corresponding Public IP address for outside connection. Then check Allow other people to use this connection if you wish

Remote Access VPN

– Enter client user name, password and domain. Note this user account must have been granted Dial-in permission via user AD properties. Click Create

Remote Access VPN

– Click Close on completion

Remote Access VPN

– From the desktop, click on the network icon, right-click on newly created VPN icon and click Properties

Remote Access VPN

– Click on Security tab, select Optional encryption under Data encryption. Select Allow these protocol and check MS-CHAP v2. Click OK to accept changes

Remote Access VPN

– Click back on the network icon, right-click on VPN Connection and click Connect

Remote Access VPN

– On the popup dialog box, enter the username, password and ensure the specified domain is correct. Click Connect

Remote Access VPN

– Wait for the connection to establish

Remote Access VPN

– When connection is established, the connection screen would disappear. Click back on the network icon and your VPN Connection should now show Connected

Remote Access VPN

That is all folks 🙂 hope yours was successful

 
comments powered by Disqus