What is Virtual Private Network (VPN)?
VPN enables you to connect network resources from one network to another network. Through VPN, we can create a secured link between a private network (such as corporate offices network) through a public network (Internet). VPN uses particular TCP/IP protocol called Tunneling method, which provides same protection and characteristics as a private network through Internet or through another public network. The information is transmitted using a routing infrastructure.
Using VPN and Internet connection, you can be located at any place but still able to login to your secured private network. VPN allows companies to link to other company’s network or to its other remote branches network.
Types of VPN connections:
- Remote Access Virtual Private Network: enables user to gain authorization to connect to the remote server located on the private network from home or on fly using public network.
- Site-to-site VPN: This is also called as router-to-router Virtual Private Network connections. Using site-to-site, companies can use routed methodology to connect to its own branch offices located in other regions or other companies over public network.
How VPN works?
As on site-to-site VPN, a routed connectivity is established to the system by VPN server. The VPN client (calling router) acknowledges itself to the VPN server (answering router) and on a mutual authentication, the VPN server authenticates itself to the VPN client. This creates two-way authentication and data in form of packets are sent from both server and client router.
Components of a VPN
- VPN Server: Server where we host Routing and Remote Access, configure the server as a router, set the connection properties for the client etc.
- VPN Client: Client computer must be configured to access a VPN connection from the server.
- VPN connection: VPN uses Remote Access connection or Site-to-site connection mechanism.
- VPN Tunneling Protocol: VPN uses Point-to-Point Tunneling Protocol (PPTP) protocol to encapsulate IP packets over a public network. VPN also uses other tunneling protocol such as Layer Two Tunneling Protocol (L2TP) and Secure Socket Tunneling Protocol (SSTP).
Installation of VPN on Windows 2008 Server
#1.Select Start->Programs->Administrative Tools->Server Manager
#2.On the right pane of the Server Manager select Roles and on the left pane click on Add Roles
#3.Click next on the next Before You Begin page
#4.Put a check mark on the On the Network Policy and Access Services at Select Server Roles dialog and click next
#5.The next page will brief about the Network Policy and Access Services and what are the components. Click next
#6.On Role Services windows put a check mark on Routing and Remote Access Services and click next
#7. Review the features that you selected On Installation Selections windows and click Install
#8.Installation will then start
#9.Click Close on the Installation Results page
#10. After Installation is done, the Routing and Remote Access (RRA) is installed but in a disabled state.
To check service status, Start->Programs->Administrative Tools->Services
Configuration of VPN Server
Now let’s enable the service and configure the server for routing and remote access.
Note: If the administrator is not a domain administrator, the ID needs to be added to RAS and IAS Services security group.
#11. Open Routing and Remote Access from Start->Programs->Administrative Tools-> Routing and Remote Access
#12.By default, the local computer is listed as server.
To add another server in the console tree, Right click Server Status and then click Add Server
#13.Select the desired server to which you want to add and click OK
#14.On the console tree, right click on the server you want to enable and then click Configure and Enable Routing and Remote Access.
#15.On Routing and Remote Access Server Setup Wizard click next
#16.Choose either dial-up or VPN Remote access and click next
Note: You can choose the configuration here that best suited for your network. To configure VPN server requires at least two Network Interface Card (NIC). You can select custom configuration in case your server has a single NIC.
#17.On Remote Access page select VPN and click next
#18.On the IP assignment page select Automatically is DHCP server is configured on the network. Click next
#19.On the Managing Multiple Remote Access Servers select the first option (No. use Routing and Remote Access to authenticate connection requests) and click Next
#20.Click Finish on the Completing the RRA Server Setup Wizard
#21.Once configuration is done, the Routing and Remote Access service will get enabled and Remote and Remote Access configuration get added to the console tree.
Configure a Router through RAS
The Remote Access Server must be configured as a router with either routing protocols or static routes to forward traffic properly inside the network.
#22.On the server console pane, right click on the Remote Access Server and click property
#23. Go to General tab and then under the section enable this computer as a select required Router (IPv4 or IPv6) and select LAN and demand-dial routing.
Once done click OK to close the Properties dialog box.
Note: if IPv6 router is configured on the network then you can select IPv6 router the same way as IPv4 router is chosen above.
#24.Click Yes on the Routing and Remote Access page to restart the router
Modify the Number of Simultaneous Connections
By default VPN connections permit 128 concurrent users connections. To change this settings
#25.On the Remote and Routing Access right pane, select Port and the right click and select properties
#26. In the next page Ports Properties, select WAN Miniport (PPTP) and select Configure
#27. On the next Maximum ports window enter the number of VPN connections that is required for your organization to allow and click OK
#28.Once configuration is done, on the Ports Properties page click OK
User Configuration to allow Access to VPN or dial-up connections
By default users don’t have access permission to access to dial-up networking or access is controlled by NPS Security Policy.
To enable a user to use dial-up connection
#29.Select Start->Programs->Administrative Tools->Active Directory Users and Computers
#30.On the Active Directory Users and Computers right pane expand the Server DC and select Users
#31.On the right pane, select a user, right click on the user and click property
#32.On the user property page Select the Dial-in Tab and Choose Allow Access under Network Access Permission
#33.Click Apply and ok to save the configuration changes