Thursday, 9 September 2010

How to configure Windows VPN in less than 5 minutes!

There are many software and hardware solutions out there that allow VPN connections in to your home network. Some of these solutions are free and lightweight, however (perhaps foolishly), I have just never trusted them as they usually go via a third party service.

I have always wanted to have proper VPN access to my home network but have just never got around to it for one reason or another, however, I have a machine doing nothing here and I thought it was about time... and it is seriously so easy to do, I wish I had done it sooner!

With this guide, you should be able to get a full Windows VPN tunnel set up in less than 5 minutes!

For Windows Server 2003 Server go to 2b.
For Windows Server 2008, read below.


1. To start, In Windows 2008, you have to go to server manager and install the following roles:

[ ] Network Policy and Access Services [NPAS]
[ ] Network Policy Server [NPAS-Policy-Server]
[ ] Routing and Remote Access Services [NPAS-RRAS-Services]
[ ] Remote Access Service [NPAS-RRAS]

2 a). Next, Go to computer Management and expand Services and Applications.

2 b). (For Windows Server 2003) Go to "Administration tools" > "Routing and Remote Access"

2 c). Right click and choose "Configure and Enable Routing and Remote Access"


3. The predefined VPN templates require two network cards and if you only have one, it will come up with an error. I am unsure why as it is not actually required. To continue, choose the "Custom Configuration" option.

4. Select the "VPN access" option.
5. Confirm your selection and finish the wizard

6. By default, Routing and Remote Access will pass DHCP requests through, however, I have encountered mixed results through this option (I think due to gateway settings), and prefer selecting the "Static Address Pool" option which I also think is a lot faster at connecting.

You can configure this by right clicking on the computer (where you clicked above in stage 2c) but this time choose properties, and go to the IP tab.

Assign as many IPs as concurrent VPN connections you want - make sure they are working IPs within your current subnet. If they are covered by your current router (or DHCP server) and you are not able to setup exclusions, you can simply make DHCP reservations for fictional MAC addresses and that will keep them unregistered by DHCP clients.

7. Go to Computer Management > Users and groups and create a new user. Make sure that you allow remote access in the "Dial in" tab.

8. At your firewall/router, make sure that UDP port 500 (IPsec) and TCP port 1723 (PPTP) are forwarded to the server.

And that's it! Done!



If you are not sure how to create a VPN connection to the server in Windows, follow this guide (For Windows 7/2008):

Go to "Network and Sharing center" and choose "Setup a new connection or network" option.

Simply type the ip address of your server, and the username and password that you set up (leave domain blank) and you are done!


Under the quick connections menu on the taskbar, you will be able to easily connect to the VPN whenever you want (and when outgoing ports are not blocked!)

I did a quick speed test when out and about and was able to reach a download speed of my home upload speed! It works very well and is satisfying to see my own IP address on IP checking sites!



FYI - I love everything I have seen about DirectAccess - it is a far superior solution, but I simply do not have the infrastructure at home to support it. Hopefully in the future, I will be able to deploy it and write a similar guide (although I think it will be more than 5 minutes work!)

*Windows Server 2008 Web edition is not supported, It requires the Remote Access role to be installed.

42 comments:

  1. Thanks for this tutorial! I came here from you SuperUser profile (that went to a Twitter link and now I'm here), and as a coincidence I was looking exactly for something like this! Keep up the good work here and at the SuperUser (I've read some of your answers as well). Thanks!

    ReplyDelete
  2. @Anonymous - Whoever you are, cool! Glad I could help you! Hope your VPN is working well!

    ReplyDelete
  3. I also tried this like Anonymous did and it work out really great. Thank you very much.

    ReplyDelete
  4. hi This was very helpfull!
    a month after i folow your how to i get 20171 error.
    any point were to look for help or an advice :)
    Thanks any way for the Guide

    ReplyDelete
  5. Is there a way to change the DNS of VPN connection? I usually use Google's public DNS.

    ReplyDelete
  6. Wow, this is so helpful, and thanks so much, William. Your step 6) above directly helped resolve the problem I'd been having for weeks:

    It instantly works for me if I selected "Static Address Pool" option as you suggested, DHCP options didn't work for me for unknown reason when I tried to VPN from the internet.

    ReplyDelete
  7. I have a windows 2008 r2 server, motorola nvg510 router from ATT (ADSL 6Mbps up and 540Kbps down)
    - no firewall
    - AD, DC, DNS and DHCP configured
    - 2 NICs
    - Router has private IP addresses for intranet and 5 public IP addresses for internet

    Objective: Setup VPN services on this server

    Help:
    1. Best setup for router to pass VPN services
    2. Best setup for server VPN services using one or two NICs

    Thanks

    ReplyDelete
  8. I am wondering can you setup UPN to ping remote server using NetBios (computer name)? Would be there some additional configurations?
    If yes, is it possible to enlighten us.

    ReplyDelete
  9. that is simple pptp vpn ,., but that did not access to internet ,..
    for internet access ,, make first (DHCP , SERVER) .(DNS SERVER) (WINS SERVER)
    that 3 server will make forwrding internet access...


    i have see alot of tuterials but not shoing next optstion.. how to configure DHCP . DNS OR WINS SERVER ...

    HAHHAHAHHAHHHHHAHAHHAH

    ReplyDelete
  10. thank you for taking the time to do this tutorial. it helped me alot.

    ReplyDelete
  11. Thanks, your tutorial is very helpful.

    ReplyDelete
  12. Hi, that's for PPTP and IPSEC, how about L2TP? my firewall supports VPN passthrough? but it seems like Win2008R2 doesn't, any ideas?

    ReplyDelete
  13. Hi, Thanks for this tuts.

    Last question, is it possible to setup VPn on server with just only one NIC?

    thanks.

    ReplyDelete
  14. Am unable to connect from my client

    ReplyDelete
  15. Thanks for post. very simple config.

    ReplyDelete
  16. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point.

    You obviously know what youre talking about, why throw away your intelligence on just posting videos to your blog when you
    could be giving us something enlightening to read?

    Also visit my homepage - seo tips

    ReplyDelete
  17. Wonderful site. A lot of helpful information here. I'm sending it to some friends ans
    additionally sharing in delicious. And obviously, thank you in your sweat!



    http://whys-digital.net/board/26547

    Here is my blog :: electronic cigarettes health

    ReplyDelete
  18. Nice post. I learn something totally new and challenging on sites I
    stumbleupon everyday. It's always exciting to read through content from other writers and practice a little something
    from other websites.

    Also visit my web blog ... hay day storage

    ReplyDelete
  19. Thanks for sharing your info. I really appreciate
    your efforts and Iwill be waiting for your further post thank you once again.

    Loook into my blog post - mp3 sites unblocked

    ReplyDelete
  20. Very good information. Lucky me I discovered your blog by chance (stumbleupon).
    I've book marked it for later!

    my page; best Weight Loss pills

    ReplyDelete
  21. When I initially commented I appear to have clicked on the -Notify me when new comments are added- checkbox
    and now whenever a comment is added I get four emails with the
    exact same comment. Is there an easy method you can remove me from that service?
    Cheers!

    Here is my webpage :: castle Clash cheats

    ReplyDelete
  22. Creating an animated GIF in photoshop is relatively simple to do frame-by-frame.
    Finally, you are able to see you animated gif file with your image viewer.

    On the plus side, the graphics are nearly always free so you don’t need any artistic skills to
    utilize them.

    Check out my web site ... funny gifs []

    ReplyDelete
  23. I'm really impressed with your writing skills as well as with the layout on your weblog.

    Is this a paid theme or did you modify it yourself? Anyway keep up the excellent quality writing, it is rare to see a nice blog like this one these days.



    My weblog: Muscle chart

    ReplyDelete
  24. I am sure this paragraph has touched all the internet users, its really really pleasant
    post on building up new website.

    Feel free to visit my web-site Losing 10 pounds in a month

    ReplyDelete
  25. What's up, I check your new stuff regularly.
    Your writing style is witty, keep doing what you're doing!


    my blog ... lose weight fast diet

    ReplyDelete
  26. The other day, while I was at work, my sister stole my iPad and tested to see if it can survive a forty foot
    drop, just so she can be a youtube sensation. My iPad is now broken and she
    has 83 views. I know this is entirely off topic but I
    had to share it with someone!

    Here is my blog post :: anxiety treatment sarasota - esitec.co.kr,

    ReplyDelete
  27. Great blog you have here.. It's hard to find
    high quality writing like yours nowadays. I truly appreciate individuals
    like you! Take care!!

    Also visit my weblog: vidconv download and save video from youtube

    ReplyDelete
  28. What i do not realize is if truth be told
    how you're now not actually a lot more smartly-preferred than you
    might be righ now. You're very intelligent. You recognize thus significantly in relation to this matter, made me personally imagine it from so many
    numerous angles. Its like men and women aren't interested until it's something to accomllish with Woman gaga!
    Youur individual stuffs excellent. Always handle iit up!



    Feel free to visit my web blog: natural weight loss supplements dr oz

    ReplyDelete
  29. Howdy just wanted to give you a quick heads up.
    The words in your article seem to be running off the screen in Firefox.

    I'm not sure if this is a format issue or something to do with web browser compatibility but I thought
    I'd post to let you know. The layout look great though!
    Hope you get the issue resolved soon. Kudos

    My web page myfreecams free tokens ()

    ReplyDelete
  30. Robin went to the book store and bought ethanol fireplace retailers in michigan my wood.

    A fireplace of this style is added to your home decor
    in mind. Chimneyless fireplaces are now turned to home decor, I believe that my" dude" mentioned that this was used
    for cooking purposes. If you really want your fireplace to give it more substance.
    Remember that you will have more energy and be more productive later in the day.

    If they don't, parents would explain the importance of good nutrition and
    healthy eating is stressed.

    Here is my blog post: cheminee ethanol fermee

    ReplyDelete
  31. Chose tthe Best loans Option? There's gotya
    be a huge sum of money small cash loans is near tthe household and twice the
    level of bad debt. Now days, there are some eligibility conditions.

    You can choose fom equal payment, sudden car damage expenses, car accidental bills, utility expenses, credit referehce agencies will have
    to worry about loans.

    Review my homepage ... www.hetilainat.fi

    ReplyDelete