how to set up simple VPN on Windows server 2008 with a username/password

I'm using Windows Server 2008. Currently I have IIS installed and I'm hosting a few web sites. What I'd like to know is if I can install a VPN server on this same machine so that I can have other people, VPN in and we can play LAN games. Is this going to be possible? I only have one NIC on this machine. I already installed the VPN using a guide I found online but I don't know how to set it up so the clients can just put in a username/password to connect.
LVL 3
xbradyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
Yes you can create a VPN using the same server. It is quite straight forward to set up. The basic server and client configurations can be found at the following sites with good detail. It is for server 2003, but the only difference with 2008 is you first have to add the Routing and Remote Access service using the add server roles in the management console.:
-Server configuration:
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
-Windows XP client configuration:
http://www.lan-2-wan.com/vpns-XP-Client.htm
-You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding, click on the link for your router (assuming it is present) on the following page:
http://www.portforward.com/english/applications/port_forwarding/PPTP/PPTPindex.htm
-The users that are connecting to the VPN need to have allow access enabled under the dial-in tab of their profile in active directory
-The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office, the remote should be something like 192.168.2.x

-Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name, though this can usually be configured.. Using the IP address is less problematic such as \\192.168.1.111\SharenName.
-Nome resolution can be dealt with in many ways. See:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
However, the best method is to add the DNS suffix to the remote users VPN client configuration as described in the link above.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
xbradyAuthor Commented:
Thank you for your awesome response! It turns out I had everything set up except for one part in active directory:
You also have to grant the user permission to use the VPN connection. To do so, open Active Directory Users and Computers, view the appropriate user profile, and on the "Dial-in" tab select "Allow access".
After selecting Allow Access the connection worked perfectly. We can now put in each others IPs when connecting to each others shared files and folders. However I am still having one problem. When we try to play any pc games that connect over a LAN and have a lobby type system we never show up in each others lobbies. There are games where you can manually type in the IP address and connect to a game and that works fine but none of the games where one person hosts and the clients have a lobby where the game automatically pops up on the list. Is there something special that I need to set up to get this to work? Setting up a WINS server wouldn't help this correct?

Thanks again for your help.
0
Rob WilliamsCommented:
>>"You also have to grant the user permission to use the VPN connection."
Yes, sorry, that is what I meant by; "The users that are connecting to the VPN need to have allow access enabled under the dial-in tab of their profile in active directory"

Name resolution can be problematic over VPN's, and anything that requires browsing may not work as this relies on NetBIOS broadcasts, and broadcast packets are not forwarded over a VPN. The solution is WINS, but requires a WINS server at each location, which synchronizes the client database.
However, name resolution can be "fixed" using WINS and DNS, which will allow most applications to work. Rather than reprint in entirety, have a look at my Blog, regarding VPN client name resolution:
http://msmvps.com/blogs/robwill/archive/2008/05/10/vpn-client-name-resolution.aspx
0
Rob WilliamsCommented:
Thanks xbrady.
Cheers!
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.