How to Create a VPN on Windows Server 2012 VPS

What is a VPN?

A virtual private network (VPN) is a technological method used to connect computers to isolated remote computer networks that is usually inaccessible, by using the Internet or another intermediate network. Since the traffic sent through the VPN connection stays isolated from other computers on the intermediate network, security of a VPN is provided. VPNs can connect not only individual users to a remote network but also multiple networks together. For example, users may use a VPN to access their work computer terminal from home. Users are also able to access resources on remote networks, such as files, printers, databases, or internal websites or be directly connected to the central network via a point-to-point link via VPNs. 

Requirements

For this VPN configuration you require the following.

Windows 2012 Standard

Minimum 2 IP addresses (must be in the same subnet)

Installation

  • Install the Remote Access Role Through Server Manager or PowerShell
  • Image:AddRole.png
  • Select Next

    • Select DirectAccess and VPN (RAS) under Role Services

    Image:RoleServices.png

    Select Next

    • Once the Role installation completes you can use the Getting Started Wizard to complete the VPN configuration.

    Image:RemoteConfig.png

    • Select Deploy VPN Only

    Image:VPNOnly.png

    This opens the MMC for Routing and Remote Access

    • Right click the server and select Configure and Enable Routing and Remote Access

    Image:ConfigureVPN.png

    This launches the Setup Wizard

    • Since their is only one network interface you will need to choose Custom Configuration

    Image:CustomConfig.png

    Select Next

    • Check VPN Access

    Image:SelectVPN.png

    Select Next

    • Select Finish

    Image:AllDone.png

    Firewall Settings

    Now that your VPN installation is complete you will need to modify your Windows Firewall to allow the VPN traffic You will need to open the following ports.

    • For PPTP: 1723 TCP and Protocol 47 GRE (also known as PPTP Pass-through
    • For L2TP over IPSEC: 1701 TCP and 500 UDP
    • For SSTP: 443 TCP

    Enabling Users on VPN

    You will need to enable users to Dial-in On a standalone server (default) this can be done in the Computer Management MMC, if you are in a domain environment you can do this in the User properties of Active Directory.

    Image:Dial-in.png

    Defining a Static Address 'pool'

    Since you don’t have a DHCP Server in our VPS Environment you have to add a static address pool.

    • Right click on the Remote Access server and select Properties

    Image:RemoteProp.png

    • Select the IPv4 tab and select Static address pool

    Image:IPv4.png

    • Add your IP range eg. 192.168.1.100 - 192.168.1.101 And define the number of addresses to 2
     

     

    Printer and File Sharing through VPN

    You may run into some issues with printer and file sharing you can do the following to resolve this issue.

     

    • You can use gpedit.msc to change the settings.
    • Computer Configuration->Windows Settings->Security Settings->Network List Manager Policies-> VPN Connection
    • Change the location type to Private

     

     

     

Add Feedback