Hey folks, I was wondering if someone could point me in the right direction on setting up VPN access to my server 2008 r2 Enterprise x64. I am still fairly new to working on servers with taking courses but can't see to figure how to setup a VPN, despite having a good old google. AIM - Connect remotely to my domain hosted on my DC. I have installed Netwrok Policy and Access Service role, enbled and configured as per the following link as I have one network card - http://www.petenetlive.com/KB/Article/0000103.htm. All VPN setup instruictions say it is this simple so off I was away to conenct on some remote test machines, XP and Windows 7 but neither work. I am using dynamic DNS as my service provider does not provide static IP addresses - works fine and able to Remote desktop fine. Where I am with connecting to the VPN: PPTP - I ahve opened 1723 and configured all the options I can to allow GRE buit it will not conenct. I suspect this is a router fault not forwarding GRE so looking at getting a different router that has VPN pass through, should have one for the weekend. L2TP - I have opened port 1701 but it shows as closed on www.ping.eu. I assume there is no service listening onit SSTP - I have opened port 443 on my router firewall and it shows as open on www.ping.eu. Unfortuantely, it doesn't connect from my win 7 machine. Any suggestions which VPN type I am much likely to get working with my setup? I

Hello, Can you please check this link once :http://www.windowsecurity.com/articles/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part2.html & Moreover since it is related to security query you can seek help here: http://social.technet.microsoft.com/Forums/en/winserversecurity/threads Regards, Ravikumar P

Hi, In relation to your VPN setup, I am unsure if you are using Windows Server as the VPN host or a 3rd party appliance as the host. I ALWAYS recommend appliance based VPN units (e.g. actual hardware VPN's) as they are more reliable. I suspect that you are using the Windows server as the VPN host, so I will assume this and proceed as that. First thing, you need 2 network cards in your server. One card for WAN and one card for LAN (that is if you want to do it properly) Next, put your broadband router/modem in passive mode (i.e. the modem/router does not authenticate over PPPOE or sign on to internet) Depending on the modem/router it will determine the active port for passive mode, most commonly its ethernet port 1 - See your modem manual for further info. Once done, connect a cable from the modem directly to the servers primary network card (the one you will designate as WAN port) - This should be a clean straight connection with no switches. Next create a new network connection on the server to connect to broadband using PPPOE and use details as issued by your ISP (Here is a guide designed for windows XP but same principal - http://www.triotel.net/PDF%20files/PPPoE%20Files/Microsoft%20Word%20-%20PPPoE%20Authentication%20Procedures%20for%20Windows%20XP.pdf) Once you have successfully configured PPPOE authentication on the server and connected, you should have internet access on the server. Be sure to realise that you now have a direct connection between the server and the internet, so please configure your firewall on the server as appropriate. On the servers secondary network card (LAN) you can connect your switch which will connect the rest of your environment. At this point, you should be able to configure your VPN services on the server and open relevant firewall ports to allow it In relation to internet access for the rest of the computers on the network, you have a few options here, you can distribute access via a few methods, for example, bridging, proxy, or DNS (I would advise you read up on each and make an educated decision on how to best proceed). If you need me to go into any further detail on the distribution of net access across the network, please let me know and I can assist. Best of luck, Martin If you find my information useful, please rate it. :-)

Hi, In relation to your VPN setup, I am unsure if you are using Windows Server as the VPN host or a 3rd party appliance as the host. I ALWAYS recommend appliance based VPN units (e.g. actual hardware VPN's) as they are more reliable. I suspect that you are using the Windows server as the VPN host, so I will assume this and proceed as that. First thing, you need 2 network cards in your server. One card for WAN and one card for LAN (that is if you want to do it properly) Next, put your broadband router/modem in passive mode (i.e. the modem/router does not authenticate over PPPOE or sign on to internet) Depending on the modem/router it will determine the active port for passive mode, most commonly its ethernet port 1 - See your modem manual for further info. Once done, connect a cable from the modem directly to the servers primary network card (the one you will designate as WAN port) - This should be a clean straight connection with no switches. Next create a new network connection on the server to connect to broadband using PPPOE and use details as issued by your ISP (Here is a guide designed for windows XP but same principal - http://www.triotel.net/PDF%20files/PPPoE%20Files/Microsoft%20Word%20-%20PPPoE%20Authentication%20Procedures%20for%20Windows%20XP.pdf) Once you have successfully configured PPPOE authentication on the server and connected, you should have internet access on the server. Be sure to realise that you now have a direct connection between the server and the internet, so please configure your firewall on the server as appropriate. On the servers secondary network card (LAN) you can connect your switch which will connect the rest of your environment. At this point, you should be able to configure your VPN services on the server and open relevant firewall ports to allow it In relation to internet access for the rest of the computers on the network, you have a few options here, you can distribute access via a few methods, for example, bridging, proxy, or DNS (I would advise you read up on each and make an educated decision on how to best proceed). If you need me to go into any further detail on the distribution of net access across the network, please let me know and I can assist. Best of luck, Martin If you find my information useful, please rate it. :-)

Hey Martin, thanks. I never consider removing my router from the equation and connecting the server directly to the fibre modem, good thinking. I should have no problem creating a PPP0E conenction or configuring the frewall but just don't have a Win 7 Server 2008 compaitible NIC. So I will be off to get one for the weekend to have a crack because this is cheaper than buing VPN hardware. I am also going to grab the lend of another router which has better logs and VPN pass through to sort my GRE protocal issue out and look to see if traffic is being passed across to the server, or I have a router problem blocking traffic, not fit for purpuse, etc. Also,I will ahve a look at the link above on VPN setup to have a good run this weekend but suspect a direction connection to the server is the way forward and hangmy router of the swithc for wireless. Though not sure about proxy/DNS setup so some more reading. Cheers John Oh Martin - you assumed right, Thanks :)

Hi John, No problem, I hope it works out for you. Martin If you find my information useful, please rate it. :-)

Hi John, No problem, I hope it works out for you. Martin If you find my information useful, please rate it. :-)

Hi, How are things going? I just want to check the status of the issue. If you have any update or concern, please feel free to let us know. Best Regards, AidenAiden Cao TechNet Community Support