how to set up simple VPN on Windows server 2008 with a username/password

Posted on 2009-05-26
Medium Priority
Last Modified: 2012-05-07
I'm using Windows Server 2008. Currently I have IIS installed and I'm hosting a few web sites. What I'd like to know is if I can install a VPN server on this same machine so that I can have other people, VPN in and we can play LAN games. Is this going to be possible? I only have one NIC on this machine. I already installed the VPN using a guide I found online but I don't know how to set it up so the clients can just put in a username/password to connect.
Question by:xbrady
  • 3
LVL 78

Accepted Solution

Rob Williams earned 2000 total points
ID: 24485508
Yes you can create a VPN using the same server. It is quite straight forward to set up. The basic server and client configurations can be found at the following sites with good detail. It is for server 2003, but the only difference with 2008 is you first have to add the Routing and Remote Access service using the add server roles in the management console.:
-Server configuration:
-Windows XP client configuration:
-You will also have to configure the router to forward the VPN traffic to the server. This is done by enabling on your router VPN or PPTP pass-through, and also forwarding port 1723 traffic to the server's IP. For details as to how to configure the port forwarding, click on the link for your router (assuming it is present) on the following page:
-The users that are connecting to the VPN need to have allow access enabled under the dial-in tab of their profile in active directory
-The only other thing to remember is the subnet you use at the remote office needs to be different than the server end. For example if you are using 192.168.1.x at the office, the remote should be something like 192.168.2.x

-Once this is configured you can then use services similar to how you would on the local network. You will not be able to browse the network unless you have a WINS server installed. Also depending on your network configuration you may have problems connecting to devices by name, though this can usually be configured.. Using the IP address is less problematic such as \\\SharenName.
-Nome resolution can be dealt with in many ways. See:
However, the best method is to add the DNS suffix to the remote users VPN client configuration as described in the link above.

Author Comment

ID: 24486452
Thank you for your awesome response! It turns out I had everything set up except for one part in active directory:
You also have to grant the user permission to use the VPN connection. To do so, open Active Directory Users and Computers, view the appropriate user profile, and on the "Dial-in" tab select "Allow access".
After selecting Allow Access the connection worked perfectly. We can now put in each others IPs when connecting to each others shared files and folders. However I am still having one problem. When we try to play any pc games that connect over a LAN and have a lobby type system we never show up in each others lobbies. There are games where you can manually type in the IP address and connect to a game and that works fine but none of the games where one person hosts and the clients have a lobby where the game automatically pops up on the list. Is there something special that I need to set up to get this to work? Setting up a WINS server wouldn't help this correct?

Thanks again for your help.
LVL 78

Expert Comment

by:Rob Williams
ID: 24486565
>>"You also have to grant the user permission to use the VPN connection."
Yes, sorry, that is what I meant by; "The users that are connecting to the VPN need to have allow access enabled under the dial-in tab of their profile in active directory"

Name resolution can be problematic over VPN's, and anything that requires browsing may not work as this relies on NetBIOS broadcasts, and broadcast packets are not forwarded over a VPN. The solution is WINS, but requires a WINS server at each location, which synchronizes the client database.
However, name resolution can be "fixed" using WINS and DNS, which will allow most applications to work. Rather than reprint in entirety, have a look at my Blog, regarding VPN client name resolution:
LVL 78

Expert Comment

by:Rob Williams
ID: 24497967
Thanks xbrady.

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question