Here are the basics to configure Server 2012 VPN connections to the local network. This is preferred by Farmhouse Networking over a third party vendor software or router based solution because of its native functionality and integration with domain credentials – think Single Sign On (SSO) or one password to access it all.
Install the Routing & Remote Access Service (RRAS) Role
1. Start the Server Manager
2. Click Add Roles and Features from the Manage Menu
3. On Add Roles and Features wizard begins and click Next
4. Select the Role-based or feature-based installation option and click Next
5. If you have more than one server managed via the server manager console, then select the desired server you’d like to install Routing and Remote Access on
6. From the Roles lists select Remote Access, click Add Features on the popup window
7. Click Next
8. Click Next as no additional features are needed
9. Select DirectAccess and VPN (RAS), click Next
10. Click Next
11. Accept default selections and click Next
12. Click Install
13. When installation is completed, click Close
Initial Server 2012 VPN Configuration
1. From the Server Manager screen, click on the warning sign and click ‘Open the Getting Started Wizard’
2. On Configure Remote Access, click Deploy VPN Only.
3. From the Routing and Remote Access MMC, right-click on the server and click ‘Configure and Enable Routing and Remote Access’
4. Click Next on the wizard
5. Select Custom Configuration
6. Select VPN access
7. On completion, click Finish
8. Click Start service to start the RRAS, then wait for the service to startup.
Add IPv4 IP Address Range
1. From the Routing and Remote Access MMC, right-click on the server and click ‘Properties’
2. Under properties screen click IPv4 tab, select Static address pool, click Add and enter the desired IP address range on the windows popup
3. Click OK to close
Open Ports on Network Firewall
For compatibility, here are the ports to open for both Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) on the network firewall:
500, 1701, 1723 & 4500
Need to open IP Protocol 47 also on the router to allow PPTP Passthrough.
(Note: On SonicWall routers, you will need to create address objects for internal / external IP addresses, service group containing all the above ports, NAT rule for PPTP traffic and firewall rule allowing the service group from the external to the internal IP address.)
Enable Remote Access for users
Open the properties of a domain user account via Active Directory Users and Computer MMC. Click on Dail-in, under Network Access Permission click Allow access
If your company is in need of a robust and simple to use Windows Server 2012 VPN connection to your LAN resources, then contact us for assistance.