Setup a Windows Server 2012 VPN
I will be showing us how to install and configure a Windows Server 2012 VPN connection. This post would focus on simple basic setup for a test environment with a single NIC on the Internal network behind a firewall.
Steps:
- Start the Server Manager
- Click Add Roles and Features from the Manage Menu
- On Add Roles and Features wizard begins and click Next
- Select the Role-based or feature-based installation option and click Next
- If you have more than one server managed via the server manager console, then select the desired server you’d like to install Routing and Remote Access on
- From the Roles lists select Remote Access, click Add Features on the popup window
- Click Next
- No additional features required at this point, click Next
- Have a quick read on what DirectAccess & RRAS VPN is, then click Next
- Select DirectAccess and VPN (RAS), click Next
- Click Next after reading this if you care
- Accept default selections and click Next
- Review the confirmation page and click Install to begin
- When installation is completed, click Close
Go to Page2: Post deployment and configuration
In continuation of our VPN setup from page1, I will conclude the VPN setup in this post by running the post deployment task and configuring the settings.
Steps:
- From the Server Manager screen, click on the warning sign and click ‘Open the Getting Started Wizard’
- On Configure Remote Access, click Deploy VPN Only. Note if you are deploying this on a domain based environment, then select either Deploy both DirectAccess and VPN or Deploy DirectAccess Only
- From the Routing and Remote Access mmc, right-click on the server and click ‘Configure and Enable Routing and Remote Access’
- Click Next on the wizard
- Select Custom Configuration
- Select VPN access
- On completion, click Finish
- Click Start service to start the RRAS service
- Wait for the service to startup
- After the service had started, you should have your Routing and Remote Access service configured
Next Steps: We need to configure the following additional tasks
1. Add IPv4 IP address range that would be assigned to each client machines as they connect to the VPN
- From the Routing and Remote Access mmc, right-click on the server and click ‘Properties’
- Under properties screen click IPv4 tab, select Static address pool, click Add and enter the desired IP address range on the windows popup
- Click OK to close
2. Enable Remote Access for users
- On a domain based network, open the properties of a domain user account via Active Directory Users and Computer mmc. Click on Dail-in, under Network Access Permission click Allow access (Note: on a workgroup server, you can enable this on local users account via Computer Management/Local Users and Groups/Users OU)
3. Configure Windows Firewall
- To allow routing and Remote Access on local windows firewall, from Start screen, type ‘Firewall’, click Settings on the searched result, then click ‘Allow an App through Windows Firewall’.
- Locate Routing and Remote Access and ensure Domain, Private and Public are checked
4. Configure Perimeter Firewall
- Based on the type of firewall you have, ensure the following ports are allowed traffic to the RRAS server:
PPTP Connections:
TCP 1723
TCP 1723
L2TP/IPSec Connections:
TCP 1701
UDP 500
TCP 1701
UDP 500
SSTP Connections:
TCP 443
TCP 443