How to setup a VPN Server in Windows Server 2008
This article will explain the procedure for setting up a VPN server in Windows Server 2008. The VPN protocol used will be PPTP (Point to Point Tunneling Protocol). The method outlined here uses an environment consisting of an active directory server, a DHCP server, few workstation PCs and a VPN server. Configuration of the VPN server alone is explained in the following steps
- Configure IP addresses on the VPN server
- Join the VPN server to the domain
- Install Network Policy and Access Server Role
- Configure Routing and Remote Access
- Allow users to login via VPN
- Setup a VPN connection on the remote client PC
The network topology used in this setup is shown below
Configure IP addresses on the VPN Server
The VPN server will have two interfaces, private and public with the following IP configuration
private
IP address – 10.0.0.1
Subnet Mask – 255.0.0.0
Preferred DNS – 10.0.0.2 (Assuming DNS runs on the Active Directory Server)
public
Obtain the public IP information from your ISP (Internet Service Provider)
Join the VPN server to the domain
Right Click computer -> Properties -> Change Settings -> Change -> Select Domain and enter your domain name you’ll be asked for credentials enter them also and reboot.
Install Network Policy and Access Server Role
Login to the VPN server as the administrator, go to Start -> Administrative Tools -> Server Manager. Click Add Roles and Check “Network Policy and Access Server”
In the role services section check “Routing and Remote Access”
Confirm your selections and install.
Configure Routing and Remote Access
After installation Go to Start -> Run and type rrasmgmt.msc. In the console that opens right click your server name and click “Configure and Enable Routing and Remote Access”
In the Wizard that appears click Next and Select Custom Configuration
Select the Check Box VPN access
Click Next -> Finish. In the message box that appears click “Start Service”. If you have a DHCP server configured in the network in the same subnet you can go ahead with the final step.
Networks which have a DHCP server in a different subnet, should have the DHCP relay agent configured. Expand IPv4 -> right click DHCP relay agent and go to properties
In the window that appears enter the IP address of the DHCP server. The appropriate DHCP scope should be configured in the DHCP server.
If your network doesn’t have a DHCP server the VPN server itself can assign IP addresses to VPN clients. Right click your Server name -> properties -> IPv4 tab -> select “static address pool” -> click Add. Enter the start and end IP ranges.
Allow users to login via VPN
On the Active Directory Server go to Start -> Administrative Tools -> Active Directory Users and Computers -> Right Click the properties of an user -> Dial-In tab and click “Allow access”
Setup a VPN connection on the remote client PC
On the VPN client PC go to start -> Run and type ncpa.cpl, open “New Connection Wizard”, in the wizard that appears click next and select “Connect to the network at my workplace”
In the next step select Virtual Private Network Connection.
Enter a company name which is used to name the connection and in the final step enter the IP address of the PUBLIC IP address of the VPN server. After the connection is created enter the username and password of a user in the active directory database and click connect.
