Configuring VPN Access with Server 2012

This document demonstrates how to configure PPTP remote VPN Access on server 2012 using the routing and remote access component. If you have a router or other hardware supplying firewall services and the server that will provide the VPN access is not directly attached to the internet (a good thing) – you will need to configure it to pass port 1723 TCP and 47GRE to the remote access server. Some routers will automatically do “the right thing if you map port 1723, Some have specific mappings to pass PPTP and some will never pass the associated data along (especially cheap home routers that seem to have the nasty habit of popping up in small businesses too), YMMV.

  • Open server manager and use the “Add Roles and Features” function on the front page.
  • Choose “Role based or feature based installation” and click NEXT
  • Choose your target server and click NEXT
  • From the feature list that now appears choose “Remote Access”
  • Accept the dependency’s listed by the system (if any) and click “Add features”
  • The next page is for adding Features (which we wont do now), so skip it by clicking “NEXT”
  • The next page displays a summary about the remote access feature and the functionality it provides. click NEXT to move on to the configuration
  • The next step is the important one, as it asks which functions we want enabled. Since we aren’t interested in routing for this scenario select only “Direct Access and VPN” and start the actual installation by clicking INSTALL

This concludes the basic installation on your server, depending on what already was installed when you started the server may require a reboot. The final step is configuring the actual VPN server and user access, so one or more users can connect to the now active VPN Service.

  • Start the “Routing and remote access” tool that is now installed on your server
  • Rightclick your server and choose “Enable and configure routing and remote access”
  • Choose “Remote Access (dial-in or VPN)
  • Choose “VPN”
  • Complete the wizard and start the service