Help me setup a home VPN server

[zylander]

I access my home network quite often when I am out and currently have a ton of ports being forwarded. I have a file server in the basement runing Server 2008 and I would like to try and setup a VPN server to play around with. Ive spent the last couple hours reading through tutorials found on google trying to setup this VPN server but Im stuck. Here is what Ive got so far;

Installed the Network and Policy access role.
Enabled the server and set the desired number of ports and IP range

But now Im stuck. I know I need to create a new user and give that user VPN access, but how do I do that? I also dont know which ports to forward in my router. I have 1723 forwarded, but I read something else about Protocol 17 and something called GRE I think. am just completely lost now, can anyone help me out?

 

[acole1]

To create new users, go to the Control Panel, then User Accounts, then click on Manage User Accounts. From there, add a new user, then add them to the group named something like Remote Access. One way of adding them to the group is to open the Server Manager, expand Configuration -> Local Users and Groups -> Groups. Open Remote Access (if that is the name), click Add, type in the name of the user you created, click OK, Apply, OK.

You should need TCP port 1723, and IP 47 (GRE) forwarded if you are using PPTP, and UDP ports 500 and 1701 for L2TP. Note: to forward or open 47, look for an option in your router like "VPN Passthrough."

I haven't used server 2008 to create a VPN before, only 2003, but the paths above were from looking at a 2008 server, so they should be fairly accurate.

Hope it helps some!

 

[sonoma1993]

Originally posted by: zylander
I access my home network quite often when I am out and currently have a ton of ports being forwarded. I have a file server in the basement runing Server 2008 and I would like to try and setup a VPN server to play around with. Ive spent the last couple hours reading through tutorials found on google trying to setup this VPN server but Im stuck. Here is what Ive got so far;

Installed the Network and Policy access role.
Enabled the server and set the desired number of ports and IP range

But now Im stuck. I know I need to create a new user and give that user VPN access, but how do I do that? I also dont know which ports to forward in my router. I have 1723 forwarded, but I read something else about Protocol 17 and something called GRE I think. am just completely lost now, can anyone help me out?

you dont have to create a new user. do you have active directory install? if you do, you can go into the user properties, then go to the dial-in tab. select either allow access or control access through NPS network policy

 

[zylander]

Got it, thanks guys, its working perfectly now.

 

[zylander]

Another question; How would I go about setting up L2TP so I dont have to run PPTP? Aside from forwarding the right ports, is there anything else I have to do differently on the server?

 

[acole1]

Originally posted by: zylander
Another question; How would I go about setting up L2TP so I dont have to run PPTP? Aside from forwarding the right ports, is there anything else I have to do differently on the server?

As per this TechNet article... "To disable PPTP, clear the Remote access connections (inbound only) and Demand-dial routing connections (inbound and outbound) check boxes."

 

[zylander]

Ok now Im stuck again. I disabled the PPTP ports on the server and I forwarded UDP ports 500 and 1701 on the router but when I try to connect the connection times out. Am I missing some ports?

 

[acole1]

Try re-enabling pptp then forcing a connection using L2TP. This may help diagnose if the problem is at the router or the server configuration. You can force your VPN to connect using L2TP in the properties of the connection on the client side, under the Networking tab and "Type of VPN:".

Also this MSDN article shows IPSec needs TCP ports 50 and 51 in addition to UDP 500. Try forwarding those as well. The document may help you set it up.

 

[zylander]

Great thank you, will try those tonight.

 

[James Bond]

IPSec FTW :evil:

 

[zylander]

uggg, I can not get this L2TP working. Disabled the PPTP ports, added UDP ports 500 and 1701 and TCP ports 50 and 51 to my router, forced an L2TP connection and the connection still times out. Thinking about just sticking with PPTP.