This article will explain the procedure for setting up a VPN server in Windows Server 2008. The VPN protocol used will be PPTP (Point to Point Tunneling Protocol). The method outlined here uses an environment consisting of an active directory server, a DHCP server, few workstation PCs and a VPN server. Configuration of the VPN server alone is explained in the following steps
- Configure IP addresses on the VPN server
- Join the VPN server to the domain
- Install Network Policy and Access Server Role
- Configure Routing and Remote Access
- Allow users to login via VPN
- Setup a VPN connection on the remote client PC
The network topology used in this setup is shown below
Configure IP addresses on the VPN Server
The VPN server will have two interfaces, private and public with the following IP configuration
private
IP address – 10.0.0.1
Subnet Mask – 255.0.0.0
Preferred DNS – 10.0.0.2 (Assuming DNS runs on the Active Directory Server)
public
Obtain the public IP information from your ISP (Internet Service Provider)
Join the VPN server to the domain
Right Click computer -> Properties -> Change Settings -> Change -> Select Domain and enter your domain name you’ll be asked for credentials enter them also and reboot.
Install Network Policy and Access Server Role
Login to the VPN server as the administrator, go to Start -> Administrative Tools -> Server Manager. Click Add Roles and Check “Network Policy and Access Server”
In the role services section check “Routing and Remote Access”
Confirm your selections and install.
Configure Routing and Remote Access
After installation Go to Start -> Run and type rrasmgmt.msc. In the console that opens right click your server name and click “Configure and Enable Routing and Remote Access”
In the Wizard that appears click Next and Select Custom Configuration
Select the Check Box VPN access
Click Next -> Finish. In the message box that appears click “Start Service”. If you have a DHCP server configured in the network in the same subnet you can go ahead with the final step.
Networks which have a DHCP server in a different subnet, should have the DHCP relay agent configured. Expand IPv4 -> right click DHCP relay agent and go to properties
In the window that appears enter the IP address of the DHCP server. The appropriate DHCP scope should be configured in the DHCP server.
If your network doesn’t have a DHCP server the VPN server itself can assign IP addresses to VPN clients. Right click your Server name -> properties -> IPv4 tab -> select “static address pool” -> click Add. Enter the start and end IP ranges.
Allow users to login via VPN
On the Active Directory Server go to Start -> Administrative Tools -> Active Directory Users and Computers -> Right Click the properties of an user -> Dial-In tab and click “Allow access”
Setup a VPN connection on the remote client PC
On the VPN client PC go to start -> Run and type ncpa.cpl, open “New Connection Wizard”, in the wizard that appears click next and select “Connect to the network at my workplace”
In the next step select Virtual Private Network Connection.
Enter a company name which is used to name the connection and in the final step enter the IP address of the PUBLIC IP address of the VPN server. After the connection is created enter the username and password of a user in the active directory database and click connect.
Nice instructions for setting up VPN on Windows Server. Been sometime since I set this up.
thanks for ..my help
Hi, I have read both your articles (this and the Debian PPTP) and they are very helpful. I have to mix them somehow together. I am trying to build a VLAN inside a LAN with VPN Server
vmware Windows 7 => MyDesktop => Debian => Virtual Windows Server/VPN Server. Go to the link for a diagramm http://www.administrator.de/images/content/82c2a7ece0292a749ad7a591ee3f44a7.jpg
VMWare Windows Client and WMware Windows Server have to have the same Subnet like 172.16.16.0 … I did the
I setup my VPN like your windows tutorial on my windows server. After that I added the ip tables from the debian tutorial, so that the requests be redirected to the virtual machine, but it does not work. Any ideas why? Is there a better way to make this setup, or it is ok that the VPN is installed on a virtuall server. Thank you for your help in advance.
Hi,
I tried to accomplish this setup and it worked perfectly when I use windows connection, but when I use a hardware to hook it is not established.
Checking the log of hardware, check that it is closed when the equipment asks for dns3 and this is rejected by the server.
How could I set up dns3?
34 Aug 6 00:20:15 PPP ERROR LCP down
33 Aug 6 00:20:15 PPP INFO rcvd [LCP TermReq]
32 Aug 6 00:20:15 PPP INFO rcvd PPTP-Set-Link-Info
31 Aug 6 00:20:15 PPP INFO sent [IPCP Req addr=0.0.0.0 dns1=0.0.0.0]
30 Aug 6 00:20:15 PPP INFO rcvd [IPCP Rej dns3=0.0.0.0]
29 Aug 6 00:20:15 PPP INFO sent [IPCP Ack addr=192.168.1.150]
28 Aug 6 00:20:15 PPP INFO rcvd [IPCP Req addr=192.168.1.150]
27 Aug 6 00:20:15 PPP INFO sent [LCP ProtRej]
26 Aug 6 00:20:15 PPP INFO rcvd [CCP ConfReq mppe +H -M +S -L -D +C]
25 Aug 6 00:20:15 PPP INFO sent [IPCP Req addr=0.0.0.0 dns1=0.0.0.0 dns3=0.0.0.0]
Best Regards
Fabio
Very useful blog..Can you post the client side procedures that has to be done to connect with this vpn server…
How can we setup vpn on server running only sql server, no ad or domain?
Thanks