System environment:
Windows Server 2008 R2 Enterprise 6.1.7600.16385
RRAS 5.2.0000
NPS 6.1.7600.16385
Test purpose: Set up VPN server and access internal network via VPN
Operation Steps:
1. Add the Role Network policy and Access service in Server Manager and install the following role services:
Next until the installation is complete.
2. Open RRAS in the beginning of-> management tools-> Routing and Remote Access, as follows:
Click on the server status to see that there is currently only one server (that is, this machine). As an example of a server with my computer named i-pc, right-click I-PC and select Configure and Enable Routing and Remote Access to open the wizard.
If the server has two network adapters, select Remote Access (dial-up or VPN), and if there is only one network adapter, select the custom configuration and check the VPN in the next step.
I now use a computer with only one network card, so choose a custom configuration.
And then you can do it.
This will be a hint:
That means you use NPS to manage access policies for RRAS.
Start service after OK:
Then we also need to configure the VPN IP address allocation method. Right-click I-PC (local) and select Properties to go to the IPv4 tab.
Here you can select a DHCP or static address pool. DHCP needs to have a DHCP server, because it involves the configuration of DHCP servers, and so on, we skip. Select the static address pool and add an address segment.
I used a total of 100 10.0.0.100~10.0.0.199 addresses. At this time the host must be 10.0.0.100, is the address pool's first address.
So the configuration of RRAS is complete, so let's go to NPS.
3. Open NPS at the beginning of the-> Administration Tool-> Network Policy server.
NPS has a built-in RADIUS server configuration for dial-up or VPN connections. We select this directly and open the wizard.
Select a VPN connection.
Then the next step:
Add a RADIUS client, take a friendly name, address on the local IP bar, and then generate a shared secret, of course, manual input can also. This is not a password.
The authentication default is good. Then it's the select group.
In this explanation, we chose the Ms-chapv2 authentication, then we need to specify the user group authorized for VPN dial-in. I've added the administrators and users groups here. It's best to create a new group specifically for VPN access, but here's a quick way to use ready-made user groups.
Next IP filter, the default is good.
Next specifies the encryption setting, with the default.
The next step is to specify a realm name, regardless of the default.
It's done here.
4. Establish account for VPN connection:
In the Beginning-> management tool-> Server Management, open the configuration-> Local Users and Groups-> users, right-click the right window and create a new user VPN and set the password to 123456.
The new user is subordinate to the Users group by default. VPN dial-in permission is already available.
5. Let's test the VPN connection.
Click the set up new connection or Network Open Wizard in the network and Sharing Center.
Select to connect to the workspace.
Select the first item.
Because it is a test, the address is filled in locally.
Next enter user name VPN password 123456.
You can then see the dial-in success.
View the information to see the address of the 10.0.0.101 assigned before.
So far, done.
PostScript: This is simply a simple case of setting up a VPN server in a Windows Server environment, starting with the simplest. There are many details that need to be refined to implement the VPN functionality and put it into practical use.
By the way, the whole process of Ruijie did not utter a word. Explains the use of NAT-SSTP VPN theory to circumvent Ruijie.