How to install and configure Remote Access (VPN) on Windows Server 2012 R2 (Step by Step guide)

Hello friends, I'm Nick from anob Solutions and today I'm going to show you how to

install

and

configure

remote

access

in Windows Server

2012

R2. We all know that VPN

server

is a core solution that has been implemented on Windows

server

s for a long time. It's been a while with previous versions of Windows Server and today many corporations and environments need this

remote

access

for their users to perform their daily tasks, so in this video I'm going to

install

the remote access queue. on Windows Server

2012

R2, then I will

configure

the remote access queue for VPN only after configuring this, I will switch to remote access routing in the remote access console and configure all the settings. which are necessary for my users to be able to connect to my VPN server, then I will switch to a Windows 10 client machine and set up a VPN connection there so we can test and confirm that. my vpn server is working fine before moving to demo.

I just want to give you some tips and tricks depending on the tunneling protocol that you are going to use for your VPN server that you should take care of and that you need. to open some ports on your firewalls on or on your routers and like I said depending on the protocol setting you have several different options and you can see the ports that are needed in my case I am going to use the bptp protocol and it requires port 1723 TCP and protocol 47 in the gr and I have seen many problems with the GRE protocol, many internet providers are blocking this

step

, so if you have any problem connecting to your VPN server from home. for example, you need to see if your internet provider, your ISP is blocking this for you and other tips and tricks so that you can connect to the VPN server your administrator needs to provide you with the necessary access to the You needed permissions to make a dial-up connection, so let's start with the demonstration.

First, what we need to do is install Ro Remote Access, so I'm going to log in to my Windows Server 2012 R2. I'm going to start by I'm adding this Ro to my server and as you all know you can add and remove rolls from the admin in the server admin panel and from here I'll click next, select the server, scroll down a little bit and here I can see the remote access role and basically this remote access role provides many functionalities like shortcut VPN web application proxy and many other things so I will select this role and click next.

I don't need any functions. because R is going to select the functions by itself, the necessary ones and here is a small description of what you can do with remote access. There are a lot of things that can be done here, so I'm going to The additional Ro services that I want to install and I'm going to configure are the first one, which is shortcut and VPN Ras, and it will ask me if I will allow additional features to be added, so I will do that. add the features and press next and I will click install and wait for the wizard to finish and add the remote access VPN server.

Now that the installation has finished successfully, it will say that additional configurations are required and from here you can start the getting started wizard or you can close this window and here you will see an exclamation point and basically it is the same wizard but from a different perspective so I will select this assistant and we will wait for him. to fully load, so as you can see, you have three options here, you can implement direct access and VPN, you can implement only direct access or only VPN, so for the purpose of this video, I'm going to implement only VPN and um.

If you want, in the future I can show you how to implement the shortcut as well, but the shortcut is really a cool feature. It's basically a VPN that automatically and automatically connects your users to your environment so they don't need it. to create additional VPN configurations on your site so that they connect basically automatically, it automatically connects users to your environment, so I'm going to implement VPN only and here you can see that now I can see the routing and remote control. I go into the console and from the left side of the screen I can see that there's a down arrow which is a red arrow and what it says is uh I need to do some additional configuration to be able to power on and start the service.

I'm going to right click here and configure and enable routing in remote access so another little wizard appears and when I click Next I have different options that I can configure again, the options are depending on what you want to implement in your environment um, you need check them one by one and see what suits you best, but in my case I am going to implement only VPN and that is why I am going to choose a custom configuration so that in the custom configuration I can implement a specific configuration. sets out a set of tools that I can install and configure on my routing and remote access server, but I'll select VPN access only for now and click Next.

You can see that when you click finish it will say that this will be it. ask me if I want to start the service, so I'm going to start the service now, okay, and now on the left side you see that the arrow changed to a green up arrow, which is a good sign, it basically says that my server is It's working right now and if I go through the different options that I have, I'll see different ones, for example, the ports that are available for me to use and the different tunneling protocols that I can configure and the network interfaces of course, I can see my card dedicated external which is used for the VPN connection, the internal connection, the loopback as well and from the third, the third option, I can see the remote access clients basically when a client connects to this server.

See the connection right here and you can check the connection status. You can close the connection to basically disconnect this user from using the server at the moment and in IP V4 I can see other information for routing and how. It's done, but to be able to fully configure the server, so that when a user tries to connect to this server they can receive an IP address, and if you have a DP currently configured on the server, you can, you can. use dtp to provide addresses or you can configure a dtp relay agent but in my case I don't have a DHCP server here so I'll open the properties and in ipv4 um you can see that dynamic host protocol uh is currently selected but if you want In order to provide a pool of static addresses to the users, you can add the static pool from here, so what am I going to do now?

I'm going to click Add and specify the start and end IP addresses I want to give to my client, so for example I'll give U a static IP address that is currently in my range and allow only five users to connect with VPN, so this is another way for me, you can see the number of addresses five, this is another way for me to restrict users, along with permissions of course, and now that I have set up only five addresses, only five connections will be available for this server. uh I give in so I'm going to close that and uh basically the routing and remote access server configuration is done.

The other thing I mentioned in the presentation is that you should open depending on the protocol that the users use. you are going to use, you need to open different ports on your firewall or router to allow the connection to reach the server, so, since I am going to use this in a local environment, I don't need to configure it, but you need to keep this in mind now that I'm in my local machine. I'm going to use another user to log in to that machine and that is J Thompson's account. It's okay for Jesse Thompson and she will be a user who will use VPN. connection uh from home and I'm going to pause the video until the initial login uh and the initial setup of your profile is done, so we can keep the video short now that the profile has been successfully loaded, which I'm going to do.

I'm going to right click on the internet access icon at the bottom right and open the Network and Sharing Center and from here I can set up a new connection or network, so I'm going to click on that and select set? establish a dial-up or VPN connection to your workspace, so I'm going to click Next and I'm going to use the Internet so I can connect to my um my server, so um under the Internet address like I said, I'm going to use a local VPN so I can try and show you how to set up the VPN, but basically this will work with an Internet address so you can access the VPN server, so I'm going to specify my local address which is 192.168.1 142 do26 and you can name the VPN connection.

I'm going to name that VPN work and from here you have different options to remember the credentials or allow other people, which is not really secure, so I'm going to just create the VPN connection and now that I've created the VPN connection there is one thing which I like to do basically and that's when I create a VPN connection so that users don't use the Default Gateway uh of my environment. I go ahead and deselect an option here under the DCP advanced IP settings, which is to use the default gateway on the remote network, so I'm going to deselect that option, click Ok, Ok, Ok, now jessc is configured. to connect to my VPN server so I'm going to double right click on that of course you can continue from here and it will show the working VPN connection that we made and it will open up basically the same window where you can um. connect to that VPN, so I'm going to specify JC Thompson's account and his password and click OK, so now it basically says you can't connect to the work VPN and it says remote access, connection was denied because the username and password combination you provided is not recognized or the selected authentication protocol is not allowed on the remote server.

Actually, the main problem with that is that I didn't add Jesse to the option that allows users to establish a VPN connection, so what am I going to do? What I have to do is switch to my domain controller. I'm going to open Jesse's account and allow him to establish a connection on the VPN before switching to my domain controller. I just want to show you a basic troubleshooting

step

. which is a good idea for you to do um to find out what's preventing users from connecting to your server so I'm going to open up Event Viewer and when I expand Windows crashes and go to system, I'm going to see that I have warnings and these warnings when I click In them I can see that the Jame Thompson account user logged into Port VPN does not have remote access privileges, so this is a basic troubleshooting

guide

that can help you resolve problems with your VPN server for example, here You will find when a user and ISP are blocking GRE 47 packets from your environment, the pptp step will be shown here as a warning message and you will know that this is the problem with the user. now that I'm on my domain controller, I'll open tools and then users and computers from active directory and under my NLB lab domain and my OU NLB solutions.

I have U users with the Jesse Thompson account, so I'm going to correct Click and open the properties for that account and when I go into the check tab, I'll see that the first option, network access permissions, is currently set to control access to NPC network policy. Basically, I don't have an NPC server, network. policy server right now to detect and see if my users are in compliance, so what I'm going to do is click allow access for the J Thompson user and click apply, so now when I go to my Windows Server machine Windows uh 10 and I click close that message and try to log in again with your account and password.

I will see that the connection worked and I am currently connected to the NLB lab environment with a VPN connection so I can see that I am currently using the pptp port that I want to see and if I run a CMD and open it and show the IP configuration, I will see that the word The PPP VPN adapter currently gave me the IP address of 1921 1681 142. 231 which is the first address I gave to my VPN users when they connect to my environment so I can see it and confirm that my VPN server is up and running and my users can connect to my corporate environment using it so this um ends the demonstration of how you can configure install and configure VPN server in Windows 2012 R2 hope you like the video if you like it press the like button if you don't like it pre press I don't like the button and give me a comment.

What can be improved to take this into consideration? Thank you very much for watching and see you soon.