Having rummaged around the Internet in search of software for building your own VPN, you constantly come across a bunch of guides related to the inconvenient to set up and use OpenVPN, which requires a proprietary Wireguard client, only SoftEther from this whole circus has an adequate implementation. But we will tell, so to speak, about the native Windows implementation of VPN - Routing And Remote Access (RRAS).
For a strange reason, no one in any guide wrote about how to deploy it all and how to enable NAT on it, so we will fix everything now and tell you how to make your own VPN on Windows Server.
Well, a ready-made and pre-configured VPN can be ordered from our
1. Install services
First, we need Windows Server Desktop Experience. The Core installation will not work for us, because the NPA component is missing. If the computer is a member of a domain, you can stop at Server Core, in which case the whole thing can be put into a gigabyte of RAM.
We need to install RRAS and NPA (Network Policy Server). We need the first one to create a tunnel, and the second one is needed if the server is not a member of the domain.
In the selection of RRAS components, select Direct access and VPN and Routing.
2. Set up RRAS
After we have installed all the components and rebooted the machine, we need to start setting up. As in the picture, in the start, we find the RRAS manager.
Through this snap-in, we can manage servers with RRAS installed. Click the right mouse button, select the setting and go.
Having skipped the first page, we proceed to the choice of configuration, choose our own.
On the next page, we are asked to select components, select VPN and NAT.
Next, next. Ready.
Now we need to enable ipsec and assign an address pool that our NAT will use. Right click on the server and go to properties.
First of all, enter your password for l2TP ipsec.
On the IPv4 tab, be sure to set the range of ip addresses issued to clients. Without this, NAT will not work.
Now it remains to add an interface behind NAT. Go to the IPv4 sub-item, right-click on an empty space and add a new interface.
On the interface (the one that is not Internal), we enable NAT.
3. Allow rules in the firewall
Everything is simple here. You need to find the Routing and Remote Access rule group and enable them all.
4. Set up NPS
We are looking for Network Policy Server in the start.
In the tabs where all policies are listed, you need to enable both standard ones. This will allow all local users to connect to the VPN.
5. Connect via VPN
For demonstration purposes, we will choose Windows 10. In the start menu, we are looking for VPN.
Click on the add connection button and go to the settings.
Set the connection name to whatever you want.
The IP address is the address of your VPN server.
The VPN type is l2TP with a pre-shared key.
Shared key - vpn (for our image in the marketplace.)
And the login and password are the login and password from the local user, that is, from the administrator.
Click connect and you're done. Now your own VPN is ready.
We hope our guide gives another option to those who want to make their own VPN without messing with Linux or just want to add a gateway to their AD.
Source: habr.com