How to set up a Windows Server 2012 VPN

4

Hello Everyone,

Today we will seeing how to setup a Windows Server 2012 as a VPN server. Not many must be aware that Windows has this feature built in in both its Server ans Desktop Operating Systems. For setting up a VPN server a windows 7 machine, go check it here.

Well the prerequisite is here that you need a Windows Server 2012 R2 installed to follow along this article. Note that the steps are different for a Windows Server 2008 machine.

Install the Remote Access Server Role

We will be doing this through a GUI. Open Server Manger and click on Manage and select Add Roles and Features.

How to set up a Windows Server 2012 VPN

A wizard comes up, select Next and click on Roles based or feature based installation and click on Next.

On the next page select the destination server, which is the local machine.

How to set up a Windows Server 2012 VPN

Select the Remote Access Role on the next page and click on Next.

How to set up a Windows Server 2012 VPN

It will by default install the required features like .NET framework, click on Next. The next page will give you a brief introduction about the Remote Access role, go through it and click on Next.

On the next page, select Direct Access and VPN Role services because this is what we are interested in. It will prompt to install the required features, click on Add Features and Next.

How to set up a Windows Server 2012 VPN

How to set up a Windows Server 2012 VPN

It also requires Web Server to be installed, you are fine by just selecting the defaults and clicking on Next.

How to set up a Windows Server 2012 VPN

Click on Install and wait for the installation to complete.

Configure the Remote Access Server Role

Now that we are done with installing the Server Role, we need to go enable it and provide a few details to start accepting the incoming connections.

From Administrative Tools, select Remote and Routing Access. A window comes up, right click on the server and select Configure and Enable and Remote and Routing Access.

How to set up a Windows Server 2012 VPN

A wizard pops up and follow along.

How to set up a Windows Server 2012 VPN

Select Custom Configuration and click on Next.

How to set up a Windows Server 2012 VPN

On the next page, select VPN server and click on Finish.

How to set up a Windows Server 2012 VPN

How to set up a Windows Server 2012 VPN

Next step will be to start the services.

How to set up a Windows Server 2012 VPN

Now Right click on the server and click on Properties to configure the IP addresses that it will give out once the connections are made.

How to set up a Windows Server 2012 VPN

Now you will need to allow the connections coming in on the Windows Firewall. Go to start and type Firewall and select the third option as shown below.

How to set up a Windows Server 2012 VPN

Make sure that the connections are allowed for Remote Access as seen below.

How to set up a Windows Server 2012 VPN

That's it! You are done. Before you can receive connections you will have to configure your Firewall.

Configure Perimeter Firewall

Based on the type of firewall you have, ensure the following ports are allowed traffic to the RRAS server:

PPTP Connections:
TCP 1723

L2TP/IPSec Connections:
TCP 1701
UDP 500

SSTP Connections:
TCP 443

You can test the connections by following the the article, how to set up outgoing VPN connections.

I hope this was informative and thank you for reading!

Share.

About Author

I am Adil Arif, working as a Senior Technical Support Engineer at Rubrik as well as an independent blogger and founder of Enterprise Daddy. In my current role, I am supporting infrastructure related to Windows and VMware datacenters.

4 Comments

  1. yeah the Microsoft Windows Server VPN solution is a great inexpensive (free) solution and the advantage is that all Windows Vista/7/8 client PC’s already have the client software included – no third-party programs to download and configure.

    The downside of using PPTP is that security is based entirely on username/password combination so ensure that strong password policies are used.

    It would be best practice use SSTP and client certificates.

    Also many user locations have firewalls that block PPTP and L2TP ports so SSTP may be the only reliable option.

  2. Two-factor authentication is an option you can choose from the initial setup wizard.. Great article, still working on setting up my test lab for direct access. Found this very handy thank you.

Leave A Reply