Virtual Private Network (VPN) is used to securely tunnel your connection from one point to another point. It is good to allow other user from different location to access to our internal network for communication. Since my company got 5 branches which is located all around the world, I need to setup VPN server to allow them access securely to our network and connect to a web application inside this office.
Luckily, we have a Windows 2008 R2 server just ready for application framework development. So I will use this server to be VPN server as well. Inside this server I will create several account and assigning them internal IP address. Variables I used are:
Server OS: Windows 2008 R2 Standard 64bit
Server main IP: 192.168.1.2
Internal IP: 192.168.100.2
Internal web server IP: 192.168.100.3
VPN account: user1
VPN password: user1pass!@#
1. In order to make VPN working correctly in 2 different network, we need to assign this server with 2 interfaces. In this case, I will use main interface (External) as receiving connection, and another interface (Internal) for IP connectivity to range 192.168.100.0/24.
C:\>ipconfig Windows IP Configuration Ethernet adapter Internal: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::219f:e472:ada8:d8ad%14 IPv4 Address. . . . . . . . . . . : 192.168.100.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter External: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::a18e:73fa:f718:e8c5%11 IPv4 Address. . . . . . . . . . . : 192.168.1.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1
2. Then we need to install Network Policy and Access Services roles. Go to Server Manager > right-click ‘Roles’ > Next > tick ‘Network Policy and Access Services’ > Next > select ‘Remote Access Service’ and ‘Routing’ > Next > Install :
3. Once finish, lets configure the Routing and Remote Access. Go to Server Manager > expand ‘Network Policy and Access Services’ > right click ‘Routing and Remote Access’ > click ‘Configure and Enable Routing and Remote Access’.
4. On the setup wizard, click Next > Custom Configuration > VPN access > Next > Finish > Start the Service.
5. Now we need to configure the Remote Access service. Right click ‘Routing and Remote Access’ > Properties > IPv4 > Ipv4 address assignment > Static address pool > enter Start IP address and End IP address information as below:
6. Now we need to configure the policy to allow users to connect to the VPN service. Right click ‘Remote Access Logging & Policies’ > Launch NPS > Network Policies > under Policy Name, right click on ‘Connections to Microsoft Routing and Remote Access server’ > Properties > under Access Permission, select ‘Grant access. Grant access if the connection request matches this policy’ > OK :
7. Now lets create the VPN user to access. Go to ‘Server Manager’ > expand Configuration > expand Local Users and Groups > Users > right click and select New User. Enter user details as below:
8. VPN access ready. Now we need client to access to the server. If client is connecting using Windows 7, go to ‘Network and Sharing Center’ > Setup a new connection or network > Connect to a Workplace > Use my Internet Connection (VPN) > enter the 192.168.1.2 as internet address > enter username and password for user that we just created > Connect.
Now the user should get connected and another IP address will be available for them. You can verify this by using ipconfig command or ‘Network and Sharing Center’. Make sure they are getting the 192.168.100.0/24 IP range assigned for the VPN connection interface.