Getting Started Wizard

How to Install VPN on Windows Server 2012 R2

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestShare on TumblrShare on RedditEmail this to someone

This post shows you how you can install a VPN Server on Windows Server 2012 R2 Step-by-Step. It shows you how you can easily setup a VPN server fro a small environment or for a hosted server scenario.

This is definitely not a guide for an enterprise deployment, if you are thinking about a enterprise deployment you should definitely have a look at Direct Access.

I already did a similar post on Windows Server 2008 R2 and Windows Server 2012.

First install the “Remote Access” via Server Manager or Windows PowerShell.

Remote Access

Select the “DirectAccess and VPN (RAS)” role services.

DirectAccess and VPN (RAS)

On the next steps just use the default settings. After that you can have a look at the Overview screen and install the role.

Remote Access Installtion Confirmation

After the features are installed, which can take a while to finish you see the link for the Getting Started Wizard. Click on “Open the Getting Started Wizard“.

Getting Started Wizard

This opens a new wizard which will help you to configure the server. On the first screen select “Deploy VPN only“.

Deploy VPN

This opens the Routing and Remote Access MMC

Routing and Remote Access MMC

Right click on the Server name and click on “Configure and Enable Routing and Remote Access“.

Configure and Enable Routing and Remote Access

On the new wizard select “Custom configuration“.

Custom VPN Configuration

Select “VPN Access“.

VPN Access

After you have click finish you can now start the Routing and Remote Access service.

Start Rotuing adn Remote Access Service

If you have an other firewall between the internet and your Windows Server you have to open the following Firewall port sand forward them to your Windows Server:

For PPTP: 1723 TCP and Protocol 47 GRE (also known as PPTP Pass-through)
For L2TP over IPSEC: 1701 TCP and 500 UDP
For SSTP: 443 TCP

After the installation Users have to be enabled for Remote Access to connect to your VPN Server. On a standalone server this can be done in the Computer Management MMC, in a domain environment this can be done in the user properties of an Active Directory user.

Allow Remote VPN Access for User

If you don’t have a DHCP Server in your environment you have to add a static IP address pool. This is often needed if you have a single server hosted at a service provider. In the properties of your VPN server you can click on the IPv4 tab and enable and configure the “Static address pool”.

static address pool

You now have to add a IP address from the same subnet as your static address pool to the network interface of your server, so users can access the server.

I hope this helps you to setup a VPN server in a small environment, lab or hosted server.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInPin on PinterestShare on TumblrShare on RedditEmail this to someone