1. Configure IP addresses on the VPN server
2. Join the VPN server to the domain
3. Install Network Policy and Access Server Role
4. Configure Routing and Remote Access
5. Allow users to login via VPN
6. Setup a VPN connection on the remote client PC

The network topology used in this setup is shown below

 

Configure IP addresses on the VPN Server

The VPN server will have two interfaces, private and public with the following IP configuration

private
IP address – 10.0.0.1
Subnet Mask – 255.0.0.0
Preferred DNS – 10.0.0.2 (Assuming DNS runs on the Active Directory Server)

public
Obtain the public IP information from your ISP (Internet Service Provider)

Join the VPN server to the domain

Right Click computer -> Properties -> Change Settings -> Change -> Select Domain and enter your domain name you’ll be asked for credentials enter them also and reboot.

 

Install Network Policy and Access Server Role

Login to the VPN server as the administrator, go to Start -> Administrative Tools -> Server Manager. Click Add Roles and Check “Network Policy and Access Server”

 

In the role services section check “Routing and Remote Access”

 

Confirm your selections and install.

Configure Routing and Remote Access

After installation Go to Start -> Run and type rrasmgmt.msc. In the console that opens right click your server name and click “Configure and Enable Routing and Remote Access”

 

In the Wizard that appears click Next and Select Custom Configuration

 

Select the Check Box VPN access

 

Click Next -> Finish. In the message box that appears click “Start Service”. If you have a DHCP server configured in the network in the same subnet you can go ahead with the final step.

Networks which have a DHCP server in a different subnet, should have the DHCP relay agent configured. Expand IPv4 -> right click DHCP relay agentand go to properties

 

In the window that appears enter the IP address of the DHCP server. The appropriate DHCP scope should be configured in the DHCP server.

If your network doesn’t have a DHCP server the VPN server itself can assign IP addresses to VPN clients. Right click your Server name -> properties -> IPv4 tab -> select “static address pool” -> click Add. Enter the start and end IP ranges.

 

Allow users to login via VPN

On the Active Directory Server go to Start -> Administrative Tools -> Active Directory Users and Computers -> Right Click the properties of an user -> Dial-In tab and click “Allow access”

 

Setup a VPN connection on the remote client PC

On the VPN client PC go to start -> Run and type ncpa.cpl, open “New Connection Wizard”, in the wizard that appears click next and select “Connect to the network at my workplace”

 

In the next step select Virtual Private Network Connection.

 

Enter a company name which is used to name the connection and in the final step enter the IP address of the PUBLIC IP address of the VPN server. After the connection is created enter the username and password of a user in the active directory database and click connect.