How to setup a PPTP VPN in Windows Server 2008. A VPN (Virtual Private Network) creates a secure tunnel across the Internet between you and your office, a VPN provider, or your home. So what does all of that mean to me? With a VPN, you can surf the Web through the virtual tunnel you create, this keeps your system away from prying eyes and snoop programs, plus gives you the benefit of encrypting your internet traffic. Whether you just want to access Wi-Fi networks while your on vacation without potentially exposing your network activities to snoopers, or maybe you need to lock down a group of remote employees that require secure connections for doing business on the Internet, you should be able to find a VPN solution to suit your needs.
Windows Servers and clients have supported VPN connections since the days of Windows NT and Windows 95. While Windows clients and servers have supported VPN connections for over a decade, the type of VPN support has evolved over time. Windows Vista Service Pack 1 and Windows Server 2008 now support three types of VPN connections. These are as follows:
Windows Vista SP1 and Windows Server 2008 now support a new VPN protocol – Secure Socket Tunneling Protocol or SSTP. SSTP uses SSL encrypted HTTP connections to establish a VPN connection to the VPN gateway. SSTP is secure because user credentials are not sent until after a secure SSL tunnel is established with the VPN gateway. SSTP is also known as PPP over SSL, so this means that you can use PPP and EAP authentication mechanisms to make your SSTP connection more secure.
Today we will be setting up a PPTP VPN Server in Windows Server 2008. PPTP VPNs are certainly a simple and effective way to allow users onto your network. However, if you wish to have more security I would suggest using SSTP. RRAS needs to be added to your server configuration when setting up a VPN, you can use Server Manager to add the role.
Install all VPN Server Related Services
Open Server Manager.
On the top menu, click on Action and Add Roles.
This will bring up the role installation wizard. On the first screen titled Before your begin read the requirements and click Next to continue.
Next, on the screen titled Select Server Roles, place check mark on Network Policy and Access Services and click Next to continue.
On the third screen titled Network Policy and Access Services read what it is stated and click Next to continue.
On the following screen titled Select Role Services place a check mark on Routing and Remote Access Services and make sure Remote Access Service and Routing are selected as well. Click Next to continue.
Next, on the screen titled Confirm Installation Selection, you will get a summary of everything that will be installed. Make sure everything looks good and click on the Install button. Once the installation finishes, click Close to end the wizard.
Back on the main Server Manager window, right click on Configure and Enable Routing and Remote Access.
This will bring up the Routing and Remote Access Wizard. On the first window, click Next.
On the second window, select Custom Configuration and click Next to continue.
Next, place a check mark on VPN access and click Next to continue.
On the last screen of the wizard, click Finish and then click Start Service on the following window that will pop up.
Once the process is finished, and you are back on the main Server Manager window, routing and remote access should now be up and running.
Open the following Ports on your Firewall
- Port 1723 TCP
- Port 47 GRE
Now we can give all of our domain users acces to the VPN we just created.
If you are on a domain, go to your domain server, click on Start then click All Programs and then click Administrative Tools and finally click Active Directory Users and Computers.
On the left hand side column, look for your domain users. Double click on the user you want to give access to. This will bring up the properties for that user. Click on the Dial-In tab and under Network Access Permission select Allow Access. Click Apply and Ok to finish. Repeat the same procedure for all users on your network you want to give VPN access to.