In this post I will cover how to setup and configure a Windows 2008 server as a VPN server. There are several different steps and configurations that need to be done. There are 4 parts to this setup that I will walk through.
Part #1 Installing NPAS and RRAS:
Open Server Manager and open roles
Click on add roles and add the Network Policy and Access Services role (NPAS)
Click next on the informational screen
On the role services screen choose Routing and Remote Access Services (RRAS) and click next
On the next screen click install
When it is done it will give you a screen telling you if it installed successfully or failed
If it was successful click close and choose to restart when it prompts you
Part #2 Configure RRAS:
Open Server Manager
Expand the Roles tree
Expand NPAS and right click on RRAS choose configure
OPTION #1 = If you have two network cards choose “Remote access (dial-up or VPN)”
OPTION #2 = If you have one network card choose “Custom configuration”
NOTE: It is recommend to use two network cards
OPTION #1 = Click next and select the VPN box
OPTION #2 = Click next and check the VPN box
On the next screen when prompted click start service and then click finish
Part #3 Configure VPN user group:
Go into your Active Directory and create a group for VPN access. An example name would be MYVPNGROUP. Add the users to this group that you want to have VPN access to your network.
Part #4 Configure Network Policy Server:
You need to specify a server that will provide access to your network. This is a RADIUS server. For this example I will use the same server for everything.
Go to start>>programs>>administrative tools>>Network Policy Server
Expand RADIUS Clients and Servers
Right click on RADISU Clients and choose new
Fill in all the fields in my screenshot
NOTE: be sure to create a shared secret and write this down somewhere.
Right click on Network Policies and choose new
On this screen click on “Add”
Select “User Groups” and click add
Once you do this the condition requires the users to be a part of this VPN group before they can connect to VPN.
On the next screen choose “Access granted” and click next
On the Authentication Methods screen I leave the defaults. You can select a different type of authentication according to your needs.
On the Configure Constraints screen select NAS Port Type
I do not configure any of the other options on this screen. You can configure what you need according to your needs.
On Configure Settings screen I leave most of the default settings. I do make sure under IP Settings that the Server settings determine IP address assignment.
Click next and finish
Then you will see your VPN policy on the next screen.
That’s it you should be able to connect to VPN now.