This article will show you how to set up PPTP VPN server in Windows 7, you will then be able to connect to it securely and access your home network resources.
Windows has the built-in ability to function as VPN server using the point-to-point tunneling protocol (PPTP), although this option is somewhat hidden. Here’s how to find it and set up your VPN server.RELATED:Setting up a VPN server could be useful for connecting to your home network on the road, playing LAN games with someone, or securing your web browsing on a public Wi-Fi connection – a few of the many. This trick works on Windows 7, 8, and 10. The server uses the point-to-point tunneling protocol (PPTP.). Note: Some people who have updated to the Windows 10 Creators Update have a problem where creating a VPN server fails because the Routing and Remote Access Service fails to start.
This is a known issue that has not yet been fixed through updates. However, if you’re comfortable editing a couple of Registry keys, there is. We’ll keep this post up to date if the issue gets formally fixed. LimitationsWhile this is a pretty interesting feature, setting up a VPN server this way may not be the ideal choice for you.
It does have some limitations:. You will need the ability to. You have to expose Windows and a port for the PPTP VPN server directly to the Internet, which is not ideal from a security standpoint. You should use a strong password and consider using a port that isn’t the default port. This isn’t as easy to set up and use as software like.
Most people will probably be better off with a more complete software package like those offer.Creating a VPN ServerTo create a VPN server in Windows, you’ll first need to open the “Network Connections” window. The quickest way to do this is to hit Start, type “ncpa.cpl,” and then click the result (or hit Enter).In the “Network Connections” window, press the Alt key to show the full menus, open the “File” menu, and then select the “New Incoming Connection” option.Next, select the user accounts that can connect remotely. To increase security, you may want to create a new, limited user account rather than allow VPN logins from your primary user account. You can do that by clicking the “Add someone” button. Whatever user account you choose, ensure that it has a very strong password, since a weak password could be cracked by a simple dictionary attack.When you’ve got your user selected, click the “Next” button.On the next page, select the “Through the Internet” option to allow VPN connections over the Internet. That’s likely the only option you’ll see here, but you could also allow incoming connections over a dial-up modem if you have the dial-up hardware.Next, you can select the networking protocols that should be enabled for incoming connections. Router SetupIf you’re connecting to your new VPN server over the Internet, you’ll need to set up port forwarding so that your router knows to send traffic of that type to the right PC.
And forward port 1723 to the IP address of the computer where you set up the VPN server. For more instructions, check out our guide on.For maximum security, you may want to create a port forwarding rule that forwards a random “external port”—such as 23243—to “internal port” 1723 on your computer.
This will allow you to connect to the VPN server using port 23243, and will protect you from malicious programs that scan and attempt to automatically connect to VPN servers running on the default port.You can also consider using a router or firewall to only allow incoming connections from specific IP addresses.RELATED:To ensure you can always connect to the VPN server, you also may want to. Connecting to Your VPN ServerRELATED:To connect to the VPN server, you will need (your network’s IP address on the Internet) or its dynamic DNS address, if you set up a dynamic DNS service.In whatever version of Windows you’re using on the machine doing the connecting, you can just hit Start, type “vpn,” and then select the option that appears. In Windows 10, it will be named “Change Virtual Private Networks (VPN).” In Windows 7, it’s named “Set up a virtual private network (VPN) connection.When asked, provide a name for the connection (anything will do) and the Internet address (this can be a domain name or IP address).RELATED:For more instructions on connecting—including some of the advanced options you can choose—check out our full guide on.
The Case for Windows-based VPNHistorically, VPN has been implemented using firewalls or dedicated VPN appliances. So why use a Windows Server for VPN? Here are some things to consider.
Easy to Implement – Installing and configuring a VPN server using Windows Server 2012 R2 is simple. By following the guidance in this article, a VPN server can be implemented in just a few minutes.
Easy to Manage – Managing a VPN server running Windows Server 2012 R2 is no different than any other Windows server. Windows system management is mature and well understood, and the server can be maintained using existing platforms, tools, and procedures. Cost Effective – A Windows Server 2012 R2-based VPN server costs significantly less than it does to deploy dedicated and proprietary VPN hardware. The server can be deployed in existing virtual infrastructure and has no per-user licensing requirements. In addition, adding capacity is as easy as spinning up additional VMs, in most cases.Installation PrerequisitesThe VPN server should be configured with two network interfaces; one internal and one external. This configuration allows for a better security posture, as the external network interface can have a more restrictive firewall profile than the internal interface.
A server with two network interfaces requires special attention to the network configuration. Only the external network interface is configured with a default gateway. Without a default gateway on the internal network interface, static routes will have to be configured on the server to allow communication to any remote internal subnets. For more information about configuring a multi-homed Windows server, click.The server does not have to be joined to a domain, but it is recommended to streamline the authentication process for VPN clients and to provide better management and security for the server. Preparing the ServerOnce the server is provisioned and joined to the domain, installing the VPN role is simple and straightforward. To install the VPN role, enter the following command in an elevated PowerShell command window.Install-WindowsFeature DirectAccess-VPN -IncludeManagementToolsInstall the VPN role using the Install-WindowsFeature PowerShell command. Configure Remote AccessOpen the Routing and Remote Access management console.
Right-click the VPN server and choose Configure and Enable Routing and Remote Access.Configure and enable Routing and Remote Access.Click Next, choose the Remote access (dial-up or VPN) option, and click Next.Choose Remote access (dial-up or VPN).Choose VPN and click Next.Choose VPN.Select the network interface that is Internet-facing. In addition, select the option to Enable security on the selected interface by setting up static packet filters and click Next.Select the Internet-facing network interface. Note:If the VPN server is to be deployed in a load-balanced cluster, IP addresses must be assigned to clients manually.The VPN server can authenticate users itself, or forward authentication requests to an internal RADIUS server.
For the scope of this article, native Windows authentication using RRAS will be configured. Choose No, use Routing and Remote Access to authenticate connection requests and click Next.Use Routing and Remote Access to authenticate connection requests.Review the configuration and click Finish.The RRAS configuration wizard will indicate that the DHCP relay agent must be configured for remote access clients. Click OK to continue. “To support the relaying of DHCP messages from remote access clients, you must configure the properties of the DHCP Relay Agent with the IP address of your DHCP server.”DHCP Relay Agent configuration reminder. Configure DHCP Relay AgentTo enable the internal DHCP server to provide IP address assignment for remote access clients, expand IPv4 and then right-click DHCP Relay Agent and choose Properties.Configure DHCP relay agent.Enter the IP address of the DHCP server and click Add.
![Cara membuat vn server windows 7 1 Cara membuat vn server windows 7 1](/uploads/1/2/5/4/125468416/329057609.png)
Repeat this process for any additional DHCP servers and click OK.Configure DHCP relay agent. Network Policy Server (NPS) ConfigurationThe VPN server is configured to allow remote access only to users whose domain account dial-in properties are set to allow access, by default. A better and more effective way to grant remote access is by using an Active Directory (AD) security group.
To configure remote access permissions for an AD group, right-click Remote Access Logging and choose Launch NPS.Launch NPS.Right-click Network Policies and choose New. Provide a descriptive name for the policy, select Type of network access server, and then choose Remote Access Server (VPN-Dial up) from the drop-down list and click Next.Create a new network policy.Click Add, select Windows Groups, and click Add.Select Windows Groups.Click Add Groups, specify the name of the AD security group that includes users to be authorized for remote access VPN, then click OK and Next.Specify AD security group for remote access.Choose Access Granted and click Next.Specify access permission.Uncheck the option to use Microsoft Encrypted Authentication (MS-CHAP). Click Add and select Microsoft: Secure password (EAP-MSCHAP v2). Click OK and Next three times and then click Finish.Configure authentication methods. Client Connectivity TestingThe VPN server is now configured to accept incoming remote access client connections, but only in a limited fashion. Only the PPTP VPN protocol will function without additional configuration.
Unfortunately, PPTP suffers from some serious security vulnerabilities in its default configuration, and it should not be used as configured in a production environment. However, it is quick and effective to validate the network communication path and that authentication is working using it.To test client connectivity on a Windows 10 client, click on the network icon in the system notification area, click Network Settings, click VPN, and then click Add a VPN Connection. Choose Windows (built-in) for the VPN provider, provide a descriptive name for the connection, enter the name or IP address of the VPN server, and then click Save.Add a VPN connection.Click on the test VPN connection and then click Connect.Establish a VPN connection.Enter domain credentials when prompted and click OK. If everything is working correctly, the connection should be established successfully.VPN connection successful.
SummaryImplementing a client-based VPN solution for secure remote access using Windows Server 2012 R2 has many advantages over dedicated and proprietary security appliances. Windows-based VPN servers are easy to manage, cost effective, and offer greater deployment flexibility. However, at this point additional configuration is required to properly secure incoming connections, which will be covered in my next article.