Server 2012 – VPN with 1NIC – [1and1 version]
I case recently was brought to me to investigate using Windows Server 2012 and setting up a native VPN using the features that 1and1.com provides. 1&1’s CloudServers and CloudVPS provide you with a single NIC for connection to the internet and a Hardware Firewall. The CloudServers can have a second nic added, but only for usage with 1&1’s own Private Networking feature to connect multiple VMs together, so it can’t be used in this instance. Fortunately, this is a topic that’s been written about numerously, and the guide here unashamedly will follow most of it. The cavets though, not written in the original guide is that this VPN is to be used to so that the VPN server sends all of the VPN client’s data out to the internet, effectively giving the clients the same IP as the server. The original guide instead only speaks about setting up a simple VPN which creates a LAN for those connected. The original article comes from a great site that features wonderful guides on System Administration and it’s suitably named TheSysAdmins.
You can click through to follow along, or check out the guide above. The differences are my addition of the NAT and my use of Computer Management for setting the Dialin Access whereas they use Active Directory. I’ll have a retype of my exact steps shortly.
Updated the steps without AD and with NAT:
- Head to Server Manager, click on Manager, Add Roles and Features
- Role-based or feature-based installation
- Make sure the server you want to install the RRAS role is selected
- Select Remote Access and select “Routing” to install NAT functionality
- View items and click add features
- Next as you do not need to add any features
- Tick DirectAccess and VPN (RAS)
- This shows the Role services which are requested and then added
- When the feature installation is complete click close
- Select Remote Access in Service manager
- Right click the Server with the Remote Access role install and choose Remote Access Management
- Select Run the Getting Started Wizard
- Select Deploy VPN Only, the familiar RRAS console will appear
- Right click the server and choose configure and enable routing and remote access
- If you select “Remote Access” give the following error “Less than two network interfaces were detected on this machine. For standard VPN server configuration at least two network interfaces need to be installed
- Select Custom Configuration to get around this, then select VPN Access and NAT, follow it through to the end
- Right click Routing and remote access and select properties
- Browse to the IPv4 tab and assign a static pool of IPs for the remote clients
- Click OK and go to the “IPv4” in the Treeview and expand it.
- Go to the NAT node and right click on the white-space to select “New Interface”
- Select the External interface and click OK. The properties will show and you will select the option for Public Access and NAT.
- Exit that and redo step 20 to select “Private” interface instead and add it.
- Now exit out and go to your Start menu and search for “Computer Management”
- In the treeview click/expand on “Local Users and Groups”
- Find your users you want to give access to and right click on the user and select Properties.
- Go to “Dialin Access” and choose “Allow Access”.
- Now you’re server is ready, it’s just time to allow access in the CloudPanel’s Firewall
- Add TCP 1723 for the PPTP connection and GRE protocol for the data connection.