Solved

Android VPN into Server 2012 R2 Essentials (SSTP VPN)

Posted on 2016-11-21
4
106 Views
Last Modified: 2016-11-23
We have a machine running Server 2012 R2 with the Essentials role.  The SSTP VPN that is set up by the Anywhere Access wizard is configured and working fine for Windows clients.

We want to make VPN connections from several Android smartphones also.  How can we achieve this?

I'm looking for confirmation of a working app from experience please -  I can find several apps that say they support this, but I'm after evidence of something working well from someone who's actually tried this in person.  Thanks!
0
Comment
Question by:David Haycox
  • 2
4 Comments
 
LVL 42

Accepted Solution

by:
Jackie Man earned 500 total points
ID: 41897279
Android does not support SSTP VPN, you need to setup a new "L2TP/IPSec PSK" VPN with a PreShared Key (PSK) in your Server 2012 R2 Essentials.

Details of the info is as follows:-

"As for L2TP, it depends on which version you want to use. I'll cover JUST the PreShared Key (PSK) method, as it's much more simple.
Either way, it 'll require install the "RRAS" console. To do so, load up the server manager and add it.
 
Under Roles, make sure that "DirectAccess and VPN (RAS)" and "Routing" are installed (they should be already).
Under featuers, it's "Remote Server Administration Tools -> Role Administration Tools -> Remote Access Management Tools -> Remote Access GUI and Command-Line".
 
Once you've done this, in "Tools" or "Administrative Tools", there will be a "Routing and Remote Access" console. Open that up.
Find the server name, and right click on it.
Select "Properties" and click on the "Security" tab.
Check the "Allow custom IPsec polici for L2TP/IKEv2 connection". Input a ... well passphrase here. This is your preshared key. This is much like your wireless AP's WPA key, in that it allows access to the VPN. However, you also require the username and password to log in.
 
Forward ports 1701, 500, and 4500. These are all UDP ports.
Also, you need to make sure the router allows L2TP (or manually enable "IP Protocol 50", in firewalls/UTMs that require it (like Sophos UTM).
 
You may need to enable the options in Windows firewall, as well.
 
Once you've done this, you should be able to access the VPN over L2TP (which is much more secure than PPTP), and is supported by Android (and possible iOS, but I don't own any apple products, so I have no idea)."

Source: http://homeservershow.com/forums/index.php?/topic/8736-set-up-l2tp-pskpresharedkey-vpn/
1
 
LVL 1

Author Comment

by:David Haycox
ID: 41897751
Exactly what I needed.  Thanks!
0
 
LVL 39

Expert Comment

by:footech
ID: 41897868
I would think one of the 3rd party apps would support SSTP.
0
 
LVL 1

Author Comment

by:David Haycox
ID: 41898730
I checked out a few of them.  It may have been possible to get one of them to work, but the best ones do of course have a cost associated, per device.  By deploying L2TP over IPSEC there was no extra cost involved.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Often, people trade privacy and security for convenience. However in today's concrete jungle, this is an extremely foolish decision considering the vast amount of technologies being used against consumer interest. First off, I won't waste any time e…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now