Windows Server 2012 R2 | Virtual Private Network (VPN) – Part 1

Virtual Private Network VPN hello everyone in this video we are going to talk about Virtual Private Network and what it can do for us working Windows Server we’ll visualize what it takes to install VPN in our laboratory environment so we’ll set VPN role service on one of our windows server and we’ll exploit Windows purchaser of a dwelling user to connect to our corporate structure from Internet so what is virtual private structure which is often called as VPN a VPN mostly it provides your private system which is usually your corporate local network to a public system such as internet so this means your remote and mobile users can connect your corporate local area network via VPN if they are connected to internet so for example a dwelling work or a consumer who often works outside of office propositions can connect to your datum server or other corporate sources if they are connected to internet via a VPN server so it is a virtual object stage which is p2p connection established between your remote customers and the VPN server in your corporate structure so these contacts can be secured and encrypted exploiting tunneling protocols and IPSec early type of VPN implementations employed dial-up modems or loaned strands so these networks are not considered as true-life VPNs since they are passively assure data being transmitted by the creation of logical data series so dial-up alliances they are very slow and loaned positions they are very costly so they have been replaced by VPN based on IP network and MPLS structures due to their significant cost reductions and increased bandwidth now VPN can be of two types remote access VPN and site-to-site VPN and remote access VPN a customer coming from Internet can connect to your corporate system whereas in site-to-site VPN if you have two corporate networks you can connect with each other working site-to-site VPN now we can have some limitations of their own the biggest is that VPNs limit the ability of the connected purchaser to be managed like the course you cope the regional computers in your corporate network now this is the lab environment we have this is what we are going to build so we have a home used who is connected to internet it’s a Windows 8.1 buyer and in our corporate structure which is contoso scattered neighbourhood domain we have a VPN server which is running Windows Server 2012 r2 it has two network interfaces the first one is connected to Internet and the second one is connected to the regional corporate network so we have a domain controller and DNS server which is also running Windows Server 2012 r2 we have a DHCP server which will be used to lease out the IP addresses to our VPN clients so it is also rolling Windows Server 2012 r2 and we have a file server which will be used by our VPN clients to access the resources which are hosted on this record server now before we start deploying the VPN service we need to create a brand-new DHCP IP scope for our VPN clients so let me show you how to do that let me login to my DHCP server as a subject admin I’m gonna open up server manager I’ll click tools and I’ll click DHCP I’ll expand my DHCP server and the ipv4 I’m gonna right-click on it and I’ll click new scope I’ll click next on the welcome screen and for the name I’ll category VPN clients DHCP scope and for the description I’ll type this cope is used for assigning IP addresses to VPN clients I’ll click Next in the IP address range screen I’ll specify the start IP address and the end IP address so the start IP address will be 0 1 and the end IP address are likely to be 1 0 so “youve had” 10 IP addresses is to be used for our VPN clients so I’m okay with the subnet cover-up because this is the subnet mask that we are using in our structure so I’m gonna click Next I don’t want to omit any IP address in the series that we have just specified in the previous screen so i’m gonna click Next now this cope is used for our VPN clients I don’t want the VPN clients to have the IP addresses to be retained for 8 dates so I’m going to change from 8 periods to one day which is more secure than leaving it for 8 dates so I’m gonna clink Next alright I want to click on yes to configure the DHCP scope alternatives now so I’m gonna sound Next now in my laboratory environment I’m not exploiting a gateway so I’ll bounce this and I’ll click Next and the domain name and being a server IP address is auto populated as my DHCP server is part and parcel of my Active Directory domain so my domain name is contoso speck local and my and my DNS server IP address is one ninety two fleck one six eight speck 10.1 so I’m gonna sound Next I don’t have a acquire server I’ll hop-skip this and I’ll click next yes I do want to activate the scope now so I’m gonna click yes and I’m gonna click Next alright I have successfully completed generate a DHCP scope for our VPN users so I’m gonna sound finish now you can see the scope that I’ve just developed alright now let us install the VPN role service by installing the remote access role on my remote access server so let me go back to my VPN server which is VPN 0 1 I’m gonna log in to this as a discipline admin I’m gonna open up the server manager and I’ll click supplement roles and the characteristics and I’ll click Next on the before you begin screen and I’ll click role-based or feature-based installation and I’ll click Next I’m gonna select the server from the server pou which is VPN 0 1 I’ll click Next and for the roles I’m gonna hand-picked remote access and I’ll click Next I don’t need to select any added facets right now so I’m gonna clink Next this page will tell us what remote access is so I’ll click Next again and on the select roles service page you need to select which character work you want to enable on this server so the choices are direct access and VPN routing and network application agent in such cases we are going to install VPN simply so we are going to select direct access and VPN now notice as soon as you click on direct access and VPN role service the warlock will inspire you to add the additional features required for direct access and VPN role service so you can also include the management tools that are needed to manage the remote access role service so I’m going to click on contribute features and I’ll click Next so the warlock would like to install webserver role iis so click Next leave the default picks of capacity busines selected for web server role and click Next I’m gonna hand-picked the option that says restart the destination server automatically required and I will sounds yes to restart the server automatically without added notification after the installing is completed so I’m going to sound yes and I’ll click install alright so the facility has started so you can see that the facility is successfully completed but it says that the configuration is required so to configure the VPN role service you can click on the link that says open the getting started wizard I would like to let you know that there is an option to install the remote access capacity exploiting incomplete so let me show you the dominate made which is used to install the role so that will be install windows piece – referred remote access – include all sub include management tools so this command cause will invest all the role service of remote access so it will set direct access and VPN routing and web application proxy role business so let me close this now after installing the remote access role we need to configure the VPN adjusts so the initial configuration of the remote access persona can be done by using the getting started wizard or the remote access setup wizard from the remote access management console but the getting started wizard is a quick way to get the VPN configured and set up so so to configure the road you can click on the link that says open the getting started wizard so I’ll click on the link alright now in the getting started wizard you can see you have three options the first one is deploy both direct access and VPN and then deployed direct access merely and the last option is deploy VPN simply in our case we’ll select third alternative which is deployed VPN simply since we are demonstrating merely the VPN and not direct access so I’m gonna click on the third option now clicking deploy VPN exclusively will make us directly to routing and remote access and then see snap in so click on my VPN server which is VPN 0 1 and I’ll click configure and enable remote access so now in routing and remote access server setup wizard I’ll click next on the welcome screen and in the configuration screen you have numerous persona services to select in our case we want only VPN role service so we’ll click the first option which is remote access dial-up or VPN I’m gonna click Next in the remote access screen you can select VPN or dial-up in our case will simply select VPN and sounds Next now in this screen I need to select the network interface that connects my VPN server to the Internet in my instance it is the public network interface which has the public IP address so I’m gonna clink that now we have a small check box that says enables certificate on the selected interface by setting up static packet filters so mostly checking this alternative are responsible for ensuring that simply VPN traffic is allowed on this network interface and nothing else so I’ll leave that alternative checked and I’ll click Next in the IP address assignment screen we need to specify whether our VPN clients going to get an IP address from a DHCP server or from a specified range of IP address that we are going to specify in our case we already have a DHCP and we already have configured a scope for our VPN clients so if you don’t have a DHCP server you can manually specify a range of IP address from your VPN server for your VPN clients so if I click on from a specified range of places and I’ll click and if I sounds Next I’ll get an option to specify the IP range but I’ll click cancel and going to go because I already have a DHCP server in my structure so I’m gonna select automatically because I want to use my DHCP server to sign the IP addresses to my VPN clients I’m gonna click Next now if you have multiple VPN servers or remote access servers and if you have a lot of remote users and if one remote access server is not enough to handle all the connections then you can implement something called as radius which basically allows you to set up the connectivity in one central place that will go ahead and control all remote access servers so that they’ll all be consistent another thing that you can do it radius is you can also do accounting so you can maintain a racetrack of who is connecting and where they connect and for how long they’ll be connected things like that in our case we don’t use this VPN server to work with the radius server so I’m gonna clink no and I’ll make this VPN server to use routing and remote access to authenticate connection requests so I’ll click Next now you can review the summary and clink finish now you’ll get a message and what it says is to support the relaying of DHCP senses from remote access patients you must configure the dimensions of DHCP relay agent with the IP address of your DHCP server so what it entails is that when your VPN client when they connect to your corporate network they are assigned an IP address from your DHCP server and if you want to include other DHCP scope options such as being a server gateway and other things you need to configure your remote access server as the DHCP relay agent otherwise the VPN client will simply get the IP address from your DHCP server and all other things such as DNS server and nonsense like that will be provided from your remote access server so I’m gonna click on ok and I’ll show you how to do that so now you can see remote access service is being configured and I’ll click finish now as soon as the routing and remote access service is configured if you go back to our DHCP server so let me log in as the domain admin again so if I go into address sleazes under under the scope that i’ve created for my VPN consumers you can see that all the IP addresses defined in the DHCP scope will previously be coughed out to remote access service now if i click refresh it is the beginning crowding up so I have 10 IP addresses allocated for this pool so slowly it will start picking up all the IP addresses though I don’t have any VPN clients connected right now

You May Also Like