How to Install VPN on Windows Server 2008 R2 Thomas Maurer

7/23/2019 How to Install VPN on Windows Server 2008 R2 Thomas Maurer

1/16

072010

87

byThomas Maurer

2008 2 , , , , ,

2008 2,

submit

Tweet 8

This HowTo should show you how to install a VPN Server on

Windows Server 2008 R2. This is a HowTo for a small

environment or a stand-alone hosted Server.

Install the Role Network Policy and Access Services with

the Server Manager

1.

My Name is Thomas

Maurer. Microsoft MVP

for Hyper-V. Work as aCloud Architect for

itnetx gmbh, a

consulting and

engineering company

located in

Bern/Switzerland. I am

focused on Microsoft

Technologies, especially

Microsoft Cloud

Solutions basedMicrosoft System Center,

Microsoft Virtualization

and Windows Azure.

Follow @ThomasMaurer

ShareShare

47LikeLike

to Install VPN on Windows Server 2008 R2 | Thomas Maurer http://www.thomasmaurer.ch/2010/10/how-to-install-vpn-on-wind

6 10/3/2015


2/16

Select the Role Services Routing and Remote Access

Services

2.

Configure and Enable Routing and Remote Access in the

Server Manager.

3.


6 10/3/2015


3/16

Choose Custom Configuration if you just have one

Network Interface in the Server

4.

Choose VPN access5.

Finish and click next6.


6 10/3/2015


4/16

Allow access for users Network Access Permission. You

can set that in de Dial-In Tab under the User Premission.

7.

Open Ports in your Firewall

For PPTP: 1723 TCP 47 GRE

For L2TP over IPSEC: 1701 TCP 500 UDP

For SSTP: 443 TCP

8.

Optional: If you dont have a DHCP Server in your local network

you have to add a static address pool. This could be if you have a

stand-alone Server by your provider.

Right click on Routing and Remote Access and open

Properties

1.

2012

2012 2

2012 1

7 8

8

2008 2

2012

2012 2


6 10/3/2015


5/16

Click on the IPv4 Tab and check Static address pool2.

Add a static address pool of private IP addresses3.

Add secondary IP Address to the Server network interface

which is in the same subnet as this pool.

4.

: 2


6 10/3/2015


6/16

2008 2

87 2008 2

: 9, 2012 3:41

Thanks Thomas you rock!

: 15, 2012 2:13

Thanks! Could you explain how do i make authentication? so that people

that connect to my server via wireless antenna, since this will be a

hotspot server need to make an account.. need sql for that? can it be

done directly? thanks!

:

29, 2012 7:42

thank you and please tell me what other procedures i do for connect my

lap to our server through vpn

: 1, 2012 12:07


6 10/3/2015


7/16

You have to create a New VPN Connection in the Network and Sharing

Center

: 10, 2012 2:17

Thanks for the excellent guide Thomas. I got this working for

administrators now.

I also need to give normal users access to this; but if I do that Im

getting the following message: RAS 800 or RAS 812.

Can you please help me out?

Thanks Thierry

: 2, 2012 1:59

Fantastic, easy to follow guide!

Ive got it all setup but cant seem to access the internet through my

VPN. Any suggestions?

: 3, 2012 6:28

Thanks sir. .!

Its so easy to understand..

: 4, 2012 8:26


6 10/3/2015


8/16

no problem

: 30, 2012 6:25

Cool Website!

Like This Yoo

: 5, 2012 11:18

Your instructions work for a standalone PPTP and L2TP VPN server buton a standalone server I cant add a certificate for the SSL Certificate

Binding property under the Security tab. Im resigned to the idea that

Microsoft wont accomodate a stand alone SSTP VPN server under its

Network Policy and Remote Access Service. Do you know if this is true?

Also if I try to set up a VPN server on an Amazon EC2 Windows 2008 R2

instance, Im limited to a single NIC and am not allowed to add a

secondary IP address to it. Any ideas as to whether a stand alone

Windows VPN server in this scenario is do able or not is appreciated.

: 22, 2012 5:00

Im in a migration process. I hope this will help to setup the VPN.

. : 29, 2012 9:57

Thank You Sir, this could really help to me..

:


6 10/3/2015


9/16

5, 2012 9:51

for the ports can u specify if i need to put same as inbound and private

port??

2012 29, 2012 5:37

[] For a VPN server on Windows Server 2008 R2 check this post: How to Install VPN on Windows Server

2008 R2 []

: 3, 2012 6:23

Hi Thomas.i just to know how many client server connection will be

allowed if win 2008 server act as a vpn server.

: 7, 2012 3:06

We have a DSL modem in our office, a wireless ASUS router and a file

server. I need to provide 5 people access through VPN to a share on the

file server (2008 r2). The router supports VPN server. So, i have set it up

to allow up to 10 clients and has an ip pool assigned to VPN clients. Do i

also need to setup VPN access per your article on the server? If yes, then

do the logins for the VPN server on the router (username and password)

need to be the same as the computer account logins?

:

22, 2013 7:02

hi thanks

error 812???????

radious port set ????

my network workgroup


6 10/3/2015


10/16

: 11, 2013 4:39

Very nice,. ., Easy to understand.,, ., .:)

: 15, 2013 4:43

Thanks Thomas !

: 23, 2013 5:24

Tried it but server crashed. Meaning nobody could have access to shared

drives .

: 3, 2013 9:44

Did you place the server in the DMZ or did you open the listed ports

towards your internal server.

If you placed the server in the DMZ, did you do it with one network

connection (only DMZ) or with 2 connections (one DMZ one Internal

Network)?

With best regards

Markus

: 23, 2013 9:57


16 10/3/2015


11/16

Hi. I have made a simular installation. But with a dynamic DHCP cause I

have a DHCP on the same server. My problem is that I wish to use other

IP adresses then whats on my Server Vlan. I have 4 other Vlans for

ekonomy, produktion, IT, Guest. I wish to assign ip adress after what

group the user that loggs on to the VPN is assignd too. is that possible?

the only solustion I have found yet is. set up 4 diffrent VPN connections

and assign diffret access in a Network access policy. With that a static

pool of addresses but I am afraid the result will be addess will be

blocked in ether switch or router cause it comes from the wrong vlan.

another problem is that it will conflict with the addresses in the DHCP

and might cause an ip conflict. Is it possible to make it access a spessific

DHCP POOL on the server? to avoid that problem?

: 23, 2013 8:37

Hi Thomas,

May you explain more about this point

4 Add secondary IP Address to the Server network interface which is

in the same subnet as this pool.

: 4, 2013 8:15

Well on the network interface you may have a public IP address from your

hoster. You also have to added a secondary private IP address to the

interface


16 10/3/2015


12/16

: 7, 2013 4:18

Hi Thomas,

Is there any possible to configure VPN to allow only with SSTP ? ( Clients

must have certificate to access the VPN)

2012 2 11, 2014 5:06

[] How to Install VPN on Windows Server 2008 R2 []

: 24, 2014 8:08

Hi thomas,

As per your screen shots, i have done everything & one IP has been

given as the secondary Ip in the interface also.

Now Can I know that My server has the VPN?

: 5, 2014 9:34

Step 7 is important even if you have set an inclusive (Domain users

permitted) remote access policy in the RRAS mmc. The policy seems to

be ignored or overridden on a 2003 DC. Giving the user explicit

permission in ADU&C works.

: 1, 2014 8:49

you forgot to mention to port 3389 TCP (RDP port) to get it working but

thats ok cuase after 5 hours figuring GRE is not a port but a protocol (ne


16 10/3/2015


13/16

need to configure port for that) i stumbled on a youtube video showing

the RDP port and guess what BINGO!!!

: 3, 2014 1:46

Hi Thomas,

Great tutorial, very helpful indeed! Would you be able to help me with

configuring my VPS to start with? I use Windows Server 2008 R2 and

have a private, static IP.

Thanks a lot!

: 15, 2014 3:03

Hi, thanks for tutorial, nice!

Im trying to configure in the server, a printer installed in a client of VPN.

My server is in 192.168.0.0 network

In the VPN client computer, network have the same pool, 192.168.0.0

Which is the correct configuration for this case?

I was testing different configurations, but if I configure a DHCP server on

win2k8, with same pool (192.168.0.110/190), I can see from the server

the printer of client, but the client loose connection with your network. If

the client computer have a network printer, this one will be offline when

the VPN is connected!

:

3, 2014 9:43

I have a server 2008 r2 .how could i connect this server for using cloud

server.what should i do as a administrator and what necessary device i

needed.please give the total solution.


16 10/3/2015


14/16

: 26, 2014 7:48

Hi Thomas

Can you please explain me what configurations are required on a DSL

router to connect an internal RAS server with private IP address. The RAS

server is running with 2k8 R2. The users are at remote locations they

want to connect using the Public IP of DSl router.

Thank You

. : 9, 2014 6:04

Hello,

I have to configure VPN server on windows server 2008 R2. I am having

static IP. But the static ip connection terminates at my router. From the

router we are accessing the Internet. I have few questions.

1)To configure VPN Server, do we need seperate Static ip connection

which terminates at Public interface card? Should I connect the Public

Internet cable directly to the Public interface card or Can I assign the

Public IP(which terminates at router) on Public interface card?

Please suggest me, I dont have much idea about networking. I was givena task to configure VPN server. I am new to widows server. Week ago I

have established VPN server by using the forums in google but now I am

unable to access my private network. Earlier I have accessed my private

network through VPN server. I have given the Public IP(which was

terminated at router) on public interface card and enabled port

forwarding to the private IP which I have configured on Windows server

Private interface.

2)Is it mandatory that we need to configure 2 IPs(Public and private) for

VPN server setup. Please help me out.

: 21, 2015 2:10

we have one server, it has been intalled 2008 r2 and Remote access , join

in a domain , the server has 2 netcard, one connected the


16 10/3/2015


15/16

Your email address will not be published. Required fields are marked *

*

*

intranet(10.8.1.200, 255.255.255.0, GW 10.8.1.1), the other is connected

the internet(203.208.211.172, 255.255.255.248, gw 203.208.211.169),

reference this guide, deployed VPN only, the client is dailed vpn success,

however, client ping 203.208.211.172 is ok, ping 10.8.1.x is ok , ping

10.8.2..x is not ok, we checked the intalltion process, The installation

process did not find an error, check the port (1723,47,1701,500,443) are

open, Now the reason can not find the problem, please help speculate

about the possible direction of the problem, thanks a million!

: 15, 2015 7:37

47 is not a port for GRE. 47 is the protocol ID for GRE. You only need to

open TCP port 1723.

: 7, 2015 8:17

thanks bussy.:)


16 10/3/2015


16/16

.

.

Copyright 2008-2015 Thomas Maurer Home About Twitter Contact Subscribe


How to Install VPN on Windows Server 2008 R2 Thomas Maurer

Documents

Transcript of How to Install VPN on Windows Server 2008 R2 Thomas Maurer