How to Install VPN on Windows Server 2012

Windows Server 2012 RC Logo

This post should show you how to install a VPN Server on Windows Server 2012. This post covers a VPN server for a small environment or for a hosted server scenario. This post is note made for enterprise deployments. If you want to run a VPN solution in your enterprise you should definitely look at Direct Access which is much easier to deploy in Windows Server 2012 than in Windows Server 2008 R2.

For a VPN server on Windows Server 2008 R2 check this post: How to Install VPN on Windows Server 2008 R2

  1. Install the role “Remote Access” via Server Manager or PowerShell
  2. Select the DirectAccess and VPN (RAS) role services
  3. The other selection in the wizard can use the default properties.
  4. After the features are installed you can us the Getting Started Wizard to configure the VPN scenario.

  5. If you don’t deploy DirectAccess choose Deploy VPN only.
  6. This will open the Routing and Remote Access MMC. Right click on your server and choose Configure and Enable Routing and Remote Access.
  7. This launches the Routing and Remote Access Server Setup Wizard
  8. If you have just a single network interface in your server choose Custom configuration
  9. Select VPN access
  10. And click finish and start service
  11. Now open the following ports on your firewall and forward them to your Windows Server
    For PPTP: 1723 TCP and Protocol 47 GRE (also known as PPTP Pass-through
    For L2TP over IPSEC: 1701 TCP and 500 UDP
    For SSTP: 443 TCP
  12. Users have to be enabled for Remote Access. On a standalone server this can be done in the Computer Management MMC, in a domain environment this can be done in the user properties of an Active Directory user.

Optional: If you don’t have a DHCP Server in your local network you have to add a static address pool. This can could be if you use a single server hosted by a hosting provider.

  1. Right click on your Remote Access Server and open properties
  2. Click on the IPv4 tab and select “Static address pool”
  3. Now add a IP address pool for example 192.168.1.100 – 192.168.1.200
  4. Now if this is a standalone server which has only a single Public IP address, add a secondary IP address to the server network interface which is in the same subnet as the IP address pool.