Configure a Remote Access VPN Server
Applies To: Windows Server 2008
This topic explains the basic steps for configuring a remote access virtual private network (VPN) server using Server Manager, the Add Roles Wizard, and the Routing and Remote Access Server Setup Wizard. After you finish configuring a basic remote access VPN server, you can perform additional configuration tasks, depending on the way you want to use the remote access VPN server.
Before you begin
The following table lists the information that you need to know before you configure a remote access VPN server.
Before adding a remote access/VPN server role
Determine which network interface connects to the Internet and which network interface connects to your private network.
During configuration, you will be asked to choose which network interface connects to the Internet. If you specify the incorrect interface, your remote access VPN server will not operate correctly.
Determine whether remote clients will receive IP addresses from a Dynamic Host Configuration Protocol (DHCP) server on your private network or from the remote access VPN server that you are configuring.
If you have a DHCP server on your private network, the remote access VPN server can lease 10 addresses at a time from the DHCP server and assign those addresses to remote clients. If you do not have a DHCP server on your private network, the remote access VPN server can automatically generate and assign IP addresses to remote clients. If you want the remote access VPN server to assign IP addresses from a range that you specify, you must determine what that range should be.
Determine whether you want connection requests from VPN clients to be authenticated by a Remote Authentication Dial-In User Service (RADIUS) server or by the remote access VPN server that you are configuring.
Adding a RADIUS server is useful if you plan to install multiple remote access VPN servers, wireless access points, or other RADIUS clients to your private network. For more information, see Network Policy Server Help.
Determine whether VPN clients can send DHCP messages to the DHCP server on your private network.
If a DHCP server is on the same subnet as your remote access VPN server, DHCP messages from VPN clients will be able to reach the DHCP server after the VPN connection is established. If a DHCP server is on a different subnet from your remote access VPN server, make sure that the router between subnets can relay DHCP messages between clients and the server. If your router is running Windows Server® 2008, you can configure the DHCP Relay Agent service on the router to forward DHCP messages between subnets.
Verify that all users have user accounts that are configured for dial-up access.
Before users can connect to the network, they must have user accounts on the remote access VPN server or in Active Directory® Domain Services. Each user account on a stand-alone server or a domain controller contains properties that determine whether that user can connect. On a stand-alone server, you can set these properties by right-clicking the user account in Local Users and Groups and clicking Properties. On a domain controller, you can set these properties by right-clicking the user account in the Active Directory Users and Computers console and clicking Properties .
Configuring your remote access VPN server
To configure a remote access VPN server, start the Add Roles Wizard by doing either of the following:
- In the Initial Configuration Tasks window, under Customize This Server. click Add roles. By default, Initial Configuration Tasks starts automatically when you log on.
In the Add Roles Wizard, do the following:
Completing additional tasks
After you complete the steps in the Add Roles Wizard and complete configuration in Routing and Remote Access, your server is ready for use as a remote access VPN server.
The following table lists additional tasks that you might want to perform on your remote access/VPN server.