This post should show you how to install a VPN Server on Windows Server 2012. This post covers a VPN server for a small environment or for a hosted server scenario. This post is note made for enterprise deployments. If you want to run a VPN solution in your enterprise you should definitely look at Direct Access which is much easier to deploy in Windows Server 2012 than in Windows Server 2008 R2.
For a VPN server on Windows Server 2008 R2 check this post: How to Install VPN on Windows Server 2008 R2
- Install the role “Remote Access” via Server Manager or PowerShell
- Select the DirectAccess and VPN (RAS) role services
- The other selection in the wizard can use the default properties.
- After the features are installed you can us the Getting Started Wizard to configure the VPN scenario.
- If you don’t deploy DirectAccess choose Deploy VPN only.
- This will open the Routing and Remote Access MMC. Right click on your server and chooseConfigure and Enable Routing and Remote Access.
- This launches the Routing and Remote Access Server Setup Wizard
- If you have just a single network interface in your server choose Custom configuration
- Select VPN access
- And click finish and start service
- Now open the following ports on your firewall and forward them to your Windows Server
For PPTP: 1723 TCP and Protocol 47 GRE (also known as PPTP Pass-through
For L2TP over IPSEC: 1701 TCP and 500 UDP
For SSTP: 443 TCP - Users have to be enabled for Remote Access. On a standalone server this can be done in the Computer Management MMC, in a domain environment this can be done in the user properties of an Active Directory user.
Optional: If you don’t have a DHCP Server in your local network you have to add a static address pool. This can could be if you use a single server hosted by a hosting provider.
- Right click on your Remote Access Server and open properties
- Click on the IPv4 tab and select “Static address pool”
- Now add a IP address pool for example 192.168.1.100 – 192.168.1.200
- Now if this is a standalone server which has only a single Public IP address, add a secondary IP address to the server network interface which is in the same subnet as the IP address pool.