How to Setup RRAS for VPN Server (PPTP) Windows Server 2008

Server

In this article, I will share you step-by-step how to build VPN Server using PPTP method at Windows Server 2008. PPTP is less secure type of VPN but widely supported by many devices, even very old devices since Windows NT/95. This VPN not recommended for who needs better security for VPN server. You must consider using L2TP, SSTP or IPSEC.

Steps how to build VPN Server is listed below.

1. Add role RRAS

Start –> Administrative tools –> Server manager –> Add role

image

Choose Remote access (dial-up or VPN).

image

Choose VPN.

image

Choose interface thas using for RRAS (VPN Server). Please uncheck ‘Enable security on the selected interface..’ if you don’t want to setup any security or filter packets. If you persists to enable this option then have wrong configuration, your VPN server even your server can’t be reach in your network.

image

Then you must define whether the VPN client automatically get IP from your DHCP Server (if you have it) or use range static IP. If you choose range static IP but you have DHCP Server, then you must insert exclude IP at DHCP Server for VPN client.

image

I just allowed 10 tunnel between 192.168.40.211-220. FYI, my network address is 192.168.40.0/24.

image

If you managing multiple Remote Access Servers, you should have RADIUS to control each remote access for better configuration. But, in this case we’re not using RADIUS.

image

Press Finish to complete.

image

2. Create VPN client

After we’ve created VPN Server we need to create VPN client.

Start –> Administrative Tools –> Active Directory Users and Computers (ADUC)

Create new user, e.g ‘VPN user’.

image

FYI, my domain name is SEMHQJKTNET. This is very important point when you create VPN client without using RADIUS because all PPTP is handled by RRAS which is the credentials taken from ADUC. The domain name must be entered on the VPN profile connection.

Then after successfully created account vpnuser, right click choose properties and select Dial-in tab.

image

On the Network Access Permission choose Allow access.

3. Setup forwarding for PPTP

Your router or DSL modem must support port forwarding feature to forward PPTP port (TCP 1723) from router to VPN server so it can handle if any VPN request from WAN.

ScreenShot387

4. Make connection profile for VPN client

This is the final step. You need to create VPN profile connection to establish VPN client to your company network. First you have to know your company public IP which is has been setup for forwarding PPTP port to your VPN server. If you don’t know, please contact your network administrator.

In Windows 7, to create VPN profile you just go to Start –> Network –> Network and sharing center –> setup a new connection or network –> Connect to a workplace

image

No, create new connection –> use my internet connection (VPN) –> then fill the Internet address column with your public IP.

On the destination name put the name of VPN e.g Head Office

image

Then on the next screen fill the username, password also Domain that we have created before. Then click connect.

image

image

Voila! now you’re connected to your company network.

P.S : VPN doesn’t work if you are on the same network on your company.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s