English Deutsch Français Italiano Español Português 繁體中文 Bahasa Indonesia Tiếng Việt ภาษาไทย
All categories

Hey there,

I'm trying to set up a VPN for a new business. I've read lots of documentation but I can't find some basics

In the office we have a Windows Server 2003 R2 hooked up to a DSL Router via a network switch, as is 3 other computers in the office (all through the network switch). The Windows Server does have 2 NICs but only one is in operation at the moment.

I cannot figure out how to set up the network so that the Windows Server can be a VPN server, with an address accessible to the internet. At the moment the ISP issued router is using DHCP to assign addresses to all of the computers on our network, including the Windows Server. I would prefer it if the VPN Access were like my old university VPN (ala vpngate.net.ed.ac.uk) instead of a bog-standard IP address.

I would like to keep the network switch active so that if the server goes down the other computers in the office still have internet, but if the Windows Server must be the DHCP server, so be it.

Thanks in advance!

2006-12-22 08:57:31 · 5 answers · asked by Andrew W 1 in Computers & Internet Computer Networking

5 answers

You've got a lot of steps to take.

First, give your server a static local IP address rather than having DHCP assign it. This should be done for several reasons, in addition to solving your current problem. It will need to be in the same subnet as the addresses assigned by DHCP, but either outside the range or excluded by DHCP. Using the router to assign DHCP is ok, I suppose, but I would always rather use the server. It wouldn't affect internet access unless you're down for days.

Second, you need to light up RRAS (routing and remote access) on the server for it to govern your VPN access. You'll also need security groups in active directory to govern which of your users can VPN. You can do this per user if you only have a few, but best practice is to use security groups.

Third, you're going to need to get a static public IP address. Yes, there are dynamic IP services, but for a secure, reliable link, you'll have to have a static public IP. This also comes with many advantages outside the scope of your question.

Fourth, you need to have a registered domain name. With that, you can take your static IP address and map it to a domain name (such as vpn.yourdomain.com).

Fifth, forward the vpn port to your server's internal IP address so that it will handle security.

Sixth, there are several security issues with your setup that are beyond the scope of your question. This will not make you any less secure, but your existing setup is not ideal....

2006-12-22 10:38:46 · answer #1 · answered by antirion 5 · 0 0

If your 2k3 server is going to be a VPN endpoint to grant access to the network, you're going to need to make some significant changes.

First off, it will need to be the gateway device for your network. That's not a great idea, though, for obvious security reasons. You'll need RRAS anyway to make it a VPN endpoint but that really should be on a dedicated server.

Next, you'll have to set the server to be a DMZ host in your router so that all traffic that hits the router is forwarded to the server. And you'll need to give it a static IP. Just assign it one one on the proper subnet but outside the DHCP scope. Or you can port forward the ports needed for the VPN -- check the VPN documentation in Help & Support; I don't recall what they are -- instead of making it a DMZ host.

Ideally, you should have a static public IP address from the ISP. You can use a dynamic DNS service to keep track of the current IP address, however whenever the IP address changes the VPN will go down and will stay down for whatever the TTL interval is on the dynamic DNS service.

2006-12-22 17:33:31 · answer #2 · answered by Bostonian In MO 7 · 0 0

You will need to Port Forward your sever. If you Gateway IP address is Dynamic you will need a program to broadcast the dynamic IP every time it changes. If you don't the first time the lease is renewed on the ADSL modem your VPN will go down.
I use a company called http://www.NO-IP.com . Also the website http://www.PortForward.com will be a great resource and well as http://www.dslwebserver.com/

2006-12-22 17:08:38 · answer #3 · answered by acklan 6 · 0 0

My partner and i recommend utilizing http://www.vpnpower.net to unblock websites. I am using their services for more than 4 years without any issues.

2014-04-19 23:34:02 · answer #4 · answered by Anonymous · 0 0

fedest.com, questions and answers