In this article, I will share you step-by-step how to build VPN Server using PPTP method at Windows Server 2008. PPTP is less secure type of VPN but widely supported by many devices, even very old devices since Windows NT/95. This VPN not recommended for who needs better security for VPN server. You must consider using L2TP, SSTP or IPSEC.
Steps how to build VPN Server is listed below.
1. Add role RRAS
Start –> Administrative tools –> Server manager –> Add role
Choose Remote access (dial-up or VPN).
Choose interface thas using for RRAS (VPN Server). Please uncheck ‘Enable security on the selected interface..’ if you don’t want to setup any security or filter packets. If you persists to enable this option then have wrong configuration, your VPN server even your server can’t be reach in your network.
Then you must define whether the VPN client automatically get IP from your DHCP Server (if you have it) or use range static IP. If you choose range static IP but you have DHCP Server, then you must insert exclude IP at DHCP Server for VPN client.
I just allowed 10 tunnel between 192.168.40.211-220. FYI, my network address is 192.168.40.0/24.
If you managing multiple Remote Access Servers, you should have RADIUS to control each remote access for better configuration. But, in this case we’re not using RADIUS.
Press Finish to complete.
2. Create VPN client
After we’ve created VPN Server we need to create VPN client.
Start –> Administrative Tools –> Active Directory Users and Computers (ADUC)
Create new user, e.g ‘VPN user’.
FYI, my domain name is SEMHQJKTNET. This is very important point when you create VPN client without using RADIUS because all PPTP is handled by RRAS which is the credentials taken from ADUC. The domain name must be entered on the VPN profile connection.
Then after successfully created account vpnuser, right click choose properties and select Dial-in tab.
On the Network Access Permission choose Allow access.
3. Setup forwarding for PPTP
Your router or DSL modem must support port forwarding feature to forward PPTP port (TCP 1723) from router to VPN server so it can handle if any VPN request from WAN.
4. Make connection profile for VPN client
This is the final step. You need to create VPN profile connection to establish VPN client to your company network. First you have to know your company public IP which is has been setup for forwarding PPTP port to your VPN server. If you don’t know, please contact your network administrator.
In Windows 7, to create VPN profile you just go to Start –> Network –> Network and sharing center –> setup a new connection or network –> Connect to a workplace
No, create new connection –> use my internet connection (VPN) –> then fill the Internet address column with your public IP.
On the destination name put the name of VPN e.g Head Office
Then on the next screen fill the username, password also Domain that we have created before. Then click connect.
Voila! now you’re connected to your company network.
P.S : VPN doesn’t work if you are on the same network on your company.