January 23 2017

Server 2012 – VPN with 1NIC – [1and1 version]

I case recently was brought to me to investigate using Windows Server 2012 and setting up a native VPN using the features that 1and1.com provides. 1&1’s CloudServers and CloudVPS provide you with a single NIC for connection to the internet and a Hardware Firewall. The CloudServers can have a second nic added, but only for usage with 1&1’s own Private Networking feature to connect multiple VMs together, so it can’t be used in this instance. Fortunately, this is a topic that’s been written about numerously, and the guide here unashamedly will follow most of it. The cavets though, not written in the original guide is that this VPN is to be used to so that the VPN server sends all of the VPN client’s data out to the internet, effectively giving the clients the same IP as the server. The original guide instead only speaks about setting up a simple VPN which creates a LAN for those connected. The original article comes from a great site that features wonderful guides on System Administration and it’s suitably named TheSysAdmins.

You can click through to follow along, or check out the guide above. The differences are my addition of the NAT and my use of Computer Management for setting the Dialin Access whereas they use Active Directory. I’ll have a retype of my exact steps shortly.

Updated the steps without AD and with NAT:

  1. Head to Server Manager, click on Manager, Add Roles and Features
  2. Role-based or feature-based installation
  3. Make sure the server you want to install the RRAS role is selected
  4. Select Remote Access and select “Routing” to install NAT functionality
  5. View items and click add features
  6. Next as you do not need to add any features
  7. Tick DirectAccess and VPN (RAS)
  8. This shows the Role services which are requested and then added
  9. When the feature installation is complete click close
  10. Select Remote Access in Service manager
  11. Right click the Server with the Remote Access role install and choose Remote Access Management
  12. Select Run the Getting Started Wizard
  13. Select Deploy VPN Only, the familiar RRAS console will appear
  14. Right click the server and choose configure and enable routing and remote access
  15. If you select “Remote Access” give the following error “Less than two network interfaces were detected on this machine. For standard VPN server configuration at least two network interfaces need to be installed
  16. Select Custom Configuration to get around this, then select VPN Access and NAT, follow it through to the end
  17. Right click Routing and remote access and select properties
  18. Browse to the IPv4 tab and assign a static pool of IPs for the remote clients
  19. Click OK and go to the “IPv4” in the Treeview and expand it.
  20. Go to the NAT node and right click on the white-space to select “New Interface”
  21. Select the External interface and click OK. The properties will show and you will select the option for Public Access and NAT.
  22. Exit that and redo step 20 to select “Private” interface instead and add it.
  23. Now exit out and go to your Start menu and search for “Computer Management”
  24. In the treeview click/expand on “Local Users and Groups”
  25. Find your users you want to give access to and right click on the user and select Properties.
  26. Go to “Dialin Access” and choose “Allow Access”.
  • Now you’re server is ready, it’s just time to allow access in the CloudPanel’s Firewall
  • Add TCP 1723 for the PPTP connection and GRE protocol for the data connection.


Copyright 2020. All rights reserved.

Posted January 23, 2017 by Timothy G in category "Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.