Windows Small Business Server 2011 installation and configuration – Part 16 Configuring “Configure a virtual private network (VPN)”
Go directly to SBS 2011 index file. With links to all articles from this serie.
After we have finished with Part 15 Configuring “Software update settings” we go to the Network page of the SBS console and choose for the connectivity tab.
In this part we are going to setup virtual private network (VPN) so people can connect to your network from a remote location / connection and access the network as if they are connected in the local office. First we are going to configure the server and further on how to configure a connection from a windows 7 workstation.
On the right connectivity task bar we choose “Configure a virtual private network”.
The configuration of the server is really easy, choose Allow users to connect to the server by using a VPN.
And the server part is ready. Only thing that could happen is the wizard cannot automatic configure your router. If you choose View Warning Details.
You see that the only thing you have to do is open port 1723 on your router and let it through to your SBS server.
How to setup a VPN connection from a windows 7 workstation, go to the Network and Sharing Center.
Choose Set up a new connection or network, a new wizard will start.
Choose Connect to a workplace (set up dial-up or VPN connection to your workplace.)
Now we choose Use my Internet connection (VPN) Connect using a virtual private network (VPN) connection through the internet.
Now we are going to setup the internet address, this is the fqdn or ip address the vpn connection must connect to. At destination name give a logical name for this connection.
The three other options on the screen are really straight forward, choose use a smart card if smart card logon is configured. Allow other people to use this connection if all people who use this computer may use this vpn connection and don’t connect now if you will not connect the vpn connection directly after configuration is finished.
Give in your user name, password and domain name. My opinion is never use the remember this password, because if anyone takes your workstation they can simply connect to your network.
Setup is finished, you can now choose Connect now to connect your vpn connection.
When you connect and haven’t checked the remember the password option you will get this username and password windows and you just have to enter your password.
And the connection is made, you are now able to access your network as if you were connected on the local area network.
Some additional information:
You can see if your VPN connection is connected, by choosing this icon on the right bottom part of your taskbar. You can also right click the connection to disconnect it.
If you got this Error 812: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
Probably the user does not have the right to make a vpn connection. Go to the properties of this user.
And go to the Remote Access part, make sure the “User can access virtual private network” option is enabled.
Additional information: Here is a really good article that describes the whole VPN setup (it is for 2008 but this is almost the same in SBS 2011)