I was looking on the Internet for an easy to follow guide to be able to setup a WHS to act as a VPN server. However the guide I found on a popular WHS website didn’t seem to work for me. So I did it a way I knew would work using Routing and Remote Access which is part of Windows Server 2003.
Why would you want to do this? If you are away from your home and you want full LAN access to your home network then VPN on WHS is ideal for this. I’m sure most of you will have used VPN’s to connect to your companies corporate networks before when you are remote working, its the same kind of deal.
To setup your WHS as a VPN server you can follow these steps.
To use Routing and Remote Access you first need to disable the Windows Firewall/Internet Connection Sharing (ICS) service.
Go to the Start Menu –> Run and enter Services.msc then press OK.
Scroll down and find Windows Firewall/Internet Connection Sharing (ICS) right click it and select services. Stop the service then set the startup type to disabled on the General tab.
Now open Routing and Remote Access
Start –> All Programs -> Administrative Tools -> Routing and Remote Access.
Right click the server name and select Configure and Enable Routing and Remote Access
You will then see the Setup Wizard, click Next.
Select Custom Configuration and click Next.
Select VPN Access and click Next
Click Finish
Click Yes to start the Routing and Remote Access service.
Now we have to tell Routing and Remote Access which device on our network is doing DHCP?
Expand IP Routing and right click DHCP Relay Agent and click Properties.
Enter the IP address of your DHCP service. Normally your broadband router / gateway. In my case this is 192.168.1.1
Click OK.
Now we need to specify which users on the WHS will have VPN access. Go to the Start Menu and right click Computer and select Manage.
In the Computer Management console, select the Local Users and Groups and then Users from tree on the left.
On the right hand side right click the user account you want to enable for VPN access and select Properties.
On the Dial-in tab select Allow access under Remote Access Permission (Dial-in or VPN) and click OK.
You now need to configure your router to allow inbound the VPN ports to your WHS.
These ports are:
1723 TCP
47 TCP
How you do this will depend on the make and model of your broadband router. But basically we need to use NAT to port forward requests coming from the Internet (WAN) to the Windows Home Server on the LAN.
My test router was a D-Link DSL-2542B and I had to select Advanced Setup –> NAT
Its also sometimes called Virtual Server on some routers.
You might be able to see on this screen shot that I have TCP ports 1723 and 47 port forwarded to the internal IP of the WHS which is our case is 192.168.1.6
That’s it, you just need to setup a Windows Client VPN connection on your PC or Laptop and point it to the WHS domain name for your server and login with the user account you enabled for VPN access earlier.
The screenshots don’t show up for me in IE9 in compatibility mode. What’s broken? My browser or your web page? If the problem is on your side I’d appreciate being able to see the screen shots if you still have them.
Will this process allow connections to other devices on my network or simply the WHS? I have a Home Automation controller that I want to access on my network which is why I’m asking. I have followed the instructions and added the details to my iphone and it appears I am connected but when I run my HA app it can’t connect although in theory it is supposed to. My router doesn’t have its own VPN which is why this option seems like a perfect solution.
>>Will this process allow connections to other devices on my network or simply the WHS? I have a Home Automation controller that I want to access on my network which is why I’m asking. I have followed the instructions and added the details to my iphone and it appears I am connected but when I run my HA app it can’t connect although in theory it is supposed to. My router doesn’t have its own VPN which is why this option seems like a perfect solution.<<
Jay,
Did you make this work for you? I have similar situation. I want to control Home Automation when I am away from home using iPhone. The software that I use on iPhone require VPN connection. I have WHS and router without VPN. Would be interested to konw how you solve your issue.
I can’t comment on VPN connections made from an iPhone as I’ve never tried
It however a VPN connection should give you internal access to your whole LAN and not
Just the whs box. Can you try pinging other internal local LAN ip addresses?
You still have to connect each computer to the WHS VPN manually? Why not just connect each directly to the VPN manually? I don’t get the benefit of this. My router maintains a constant connection to my VPN that applies to all network devices automatically. Can a WHS be set up this way?
Off the top of my head, I remember when setting up client VPN connections there use to be an option some where to tell the client not to use the remote Internet gateway, the client will then use it’s own gateway for Internet traffic but still be connected to the LAN where the WHS VPN server is.
I was using this guide to connect my blackberry playbook to our home network. I have managed to connect windows 7 machines to my home network, but not the playbook yet. It asks for extra settings. I have it set to:
Gateway type – microsoft IKEv2 VPN Server
Authentication Type – EAP-MSCHAPv2
Authentication ID Type – Identity Certificate General Name
MSCHAPv2 EAP Identity – blank (i don’t know what to put here)
Would these be the correct settings, following this guide to create the VPN? And if so, what do I put in for the MSCHAPv2 EAP Identity? Thanks
{"id":null,"mode":"button","open_style":"in_place","currency_code":"GBP","currency_symbol":"\u00a3","currency_type":"decimal","blank_flag_url":"https:\/\/thedigitallifestyle.com\/w\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/blank.gif","flag_sprite_url":"https:\/\/thedigitallifestyle.com\/w\/wp-content\/plugins\/tip-jar-wp\/\/assets\/images\/flags\/flags.png","default_amount":500,"top_media_type":"none","featured_image_url":false,"featured_embed":"","header_media":null,"file_download_attachment_data":null,"recurring_options_enabled":true,"recurring_options":{"never":{"selected":true,"after_output":"One time only"},"weekly":{"selected":false,"after_output":"Every week"},"monthly":{"selected":false,"after_output":"Every month"},"yearly":{"selected":false,"after_output":"Every year"}},"strings":{"current_user_email":"","current_user_name":"","link_text":"Leave a tip","complete_payment_button_error_text":"Check info and try again","payment_verb":"Pay","payment_request_label":"TheDigitalLifestyle.com","form_has_an_error":"Please check and fix the errors above","general_server_error":"Something isn't working right at the moment. Please try again.","form_title":"TheDigitalLifestyle.com","form_subtitle":null,"currency_search_text":"Country or Currency here","other_payment_option":"Other payment option","manage_payments_button_text":"Manage your payments","thank_you_message":"Thank you for being a supporter!","payment_confirmation_title":"TheDigitalLifestyle.com","receipt_title":"Your Receipt","print_receipt":"Print Receipt","email_receipt":"Email Receipt","email_receipt_sending":"Sending receipt...","email_receipt_success":"Email receipt successfully sent","email_receipt_failed":"Email receipt failed to send. Please try again.","receipt_payee":"Paid to","receipt_statement_descriptor":"This will show up on your statement as","receipt_date":"Date","receipt_transaction_id":"Transaction ID","receipt_transaction_amount":"Amount","refund_payer":"Refund from","login":"Log in to manage your payments","manage_payments":"Manage Payments","transactions_title":"Your Transactions","transaction_title":"Transaction Receipt","transaction_period":"Plan Period","arrangements_title":"Your Plans","arrangement_title":"Manage Plan","arrangement_details":"Plan Details","arrangement_id_title":"Plan ID","arrangement_payment_method_title":"Payment Method","arrangement_amount_title":"Plan Amount","arrangement_renewal_title":"Next renewal date","arrangement_action_cancel":"Cancel Plan","arrangement_action_cant_cancel":"Cancelling is currently not available.","arrangement_action_cancel_double":"Are you sure you'd like to cancel?","arrangement_cancelling":"Cancelling Plan...","arrangement_cancelled":"Plan Cancelled","arrangement_failed_to_cancel":"Failed to cancel plan","back_to_plans":"\u2190 Back to Plans","update_payment_method_verb":"Update","sca_auth_description":"Your have a pending renewal payment which requires authorization.","sca_auth_verb":"Authorize renewal payment","sca_authing_verb":"Authorizing payment","sca_authed_verb":"Payment successfully authorized!","sca_auth_failed":"Unable to authorize! Please try again.","login_button_text":"Log in","login_form_has_an_error":"Please check and fix the errors above","uppercase_search":"Search","lowercase_search":"search","uppercase_page":"Page","lowercase_page":"page","uppercase_items":"Items","lowercase_items":"items","uppercase_per":"Per","lowercase_per":"per","uppercase_of":"Of","lowercase_of":"of","back":"Back to plans","zip_code_placeholder":"Zip\/Postal Code","download_file_button_text":"Download File","input_field_instructions":{"tip_amount":{"placeholder_text":"How much would you like to tip?","initial":{"instruction_type":"normal","instruction_message":"How much would you like to tip? Choose any currency."},"empty":{"instruction_type":"error","instruction_message":"How much would you like to tip? Choose any currency."},"invalid_curency":{"instruction_type":"error","instruction_message":"Please choose a valid currency."}},"recurring":{"placeholder_text":"Recurring","initial":{"instruction_type":"normal","instruction_message":"How often would you like to give this?"},"success":{"instruction_type":"success","instruction_message":"How often would you like to give this?"},"empty":{"instruction_type":"error","instruction_message":"How often would you like to give this?"}},"name":{"placeholder_text":"Name on Credit Card","initial":{"instruction_type":"normal","instruction_message":"Enter the name on your card."},"success":{"instruction_type":"success","instruction_message":"Enter the name on your card."},"empty":{"instruction_type":"error","instruction_message":"Please enter the name on your card."}},"privacy_policy":{"terms_title":"Terms and conditions","terms_body":null,"terms_show_text":"View Terms","terms_hide_text":"Hide Terms","initial":{"instruction_type":"normal","instruction_message":"I agree to the terms."},"unchecked":{"instruction_type":"error","instruction_message":"Please agree to the terms."},"checked":{"instruction_type":"success","instruction_message":"I agree to the terms."}},"email":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email address"},"success":{"instruction_type":"success","instruction_message":"Enter your email address"},"blank":{"instruction_type":"error","instruction_message":"Enter your email address"},"not_an_email_address":{"instruction_type":"error","instruction_message":"Make sure you have entered a valid email address"}},"note_with_tip":{"placeholder_text":"Your note here...","initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"empty":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"not_empty_initial":{"instruction_type":"normal","instruction_message":"Attach a note to your tip (optional)"},"saving":{"instruction_type":"normal","instruction_message":"Saving note..."},"success":{"instruction_type":"success","instruction_message":"Note successfully saved!"},"error":{"instruction_type":"error","instruction_message":"Unable to save note note at this time. Please try again."}},"email_for_login_code":{"placeholder_text":"Your email address","initial":{"instruction_type":"normal","instruction_message":"Enter your email to log in."},"success":{"instruction_type":"success","instruction_message":"Enter your email to log in."},"blank":{"instruction_type":"error","instruction_message":"Enter your email to log in."},"empty":{"instruction_type":"error","instruction_message":"Enter your email to log in."}},"login_code":{"initial":{"instruction_type":"normal","instruction_message":"Check your email and enter the login code."},"success":{"instruction_type":"success","instruction_message":"Check your email and enter the login code."},"blank":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."},"empty":{"instruction_type":"error","instruction_message":"Check your email and enter the login code."}},"stripe_all_in_one":{"initial":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"empty":{"instruction_type":"error","instruction_message":"Enter your credit card details here."},"success":{"instruction_type":"normal","instruction_message":"Enter your credit card details here."},"invalid_number":{"instruction_type":"error","instruction_message":"The card number is not a valid credit card number."},"invalid_expiry_month":{"instruction_type":"error","instruction_message":"The card's expiration month is invalid."},"invalid_expiry_year":{"instruction_type":"error","instruction_message":"The card's expiration year is invalid."},"invalid_cvc":{"instruction_type":"error","instruction_message":"The card's security code is invalid."},"incorrect_number":{"instruction_type":"error","instruction_message":"The card number is incorrect."},"incomplete_number":{"instruction_type":"error","instruction_message":"The card number is incomplete."},"incomplete_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incomplete."},"incomplete_expiry":{"instruction_type":"error","instruction_message":"The card's expiration date is incomplete."},"incomplete_zip":{"instruction_type":"error","instruction_message":"The card's zip code is incomplete."},"expired_card":{"instruction_type":"error","instruction_message":"The card has expired."},"incorrect_cvc":{"instruction_type":"error","instruction_message":"The card's security code is incorrect."},"incorrect_zip":{"instruction_type":"error","instruction_message":"The card's zip code failed validation."},"invalid_expiry_year_past":{"instruction_type":"error","instruction_message":"The card's expiration year is in the past"},"card_declined":{"instruction_type":"error","instruction_message":"The card was declined."},"missing":{"instruction_type":"error","instruction_message":"There is no card on a customer that is being charged."},"processing_error":{"instruction_type":"error","instruction_message":"An error occurred while processing the card."},"invalid_request_error":{"instruction_type":"error","instruction_message":"Unable to process this payment, please try again or use alternative method."},"invalid_sofort_country":{"instruction_type":"error","instruction_message":"The billing country is not accepted by SOFORT. Please try another country."}}}},"fetched_oembed_html":false}
How many simultaneous connections does WHS allow? Win 7 allows 1 while Server 2008 R2 allows 1,000.
The screenshots don’t show up for me in IE9 in compatibility mode. What’s broken? My browser or your web page? If the problem is on your side I’d appreciate being able to see the screen shots if you still have them.
Thanks
I think the screen shots broken on older posts when Ian upgraded this website to the new platform. I will ask if it can be fixed?
The pictures are still showing on my blog
http://windowsmediacenter.blogspot.com/2010/06/turn-your-windows-home-server-v1-in-to.html
Will this process allow connections to other devices on my network or simply the WHS? I have a Home Automation controller that I want to access on my network which is why I’m asking. I have followed the instructions and added the details to my iphone and it appears I am connected but when I run my HA app it can’t connect although in theory it is supposed to. My router doesn’t have its own VPN which is why this option seems like a perfect solution.
>>Will this process allow connections to other devices on my network or simply the WHS? I have a Home Automation controller that I want to access on my network which is why I’m asking. I have followed the instructions and added the details to my iphone and it appears I am connected but when I run my HA app it can’t connect although in theory it is supposed to. My router doesn’t have its own VPN which is why this option seems like a perfect solution.<<
Jay,
Did you make this work for you? I have similar situation. I want to control Home Automation when I am away from home using iPhone. The software that I use on iPhone require VPN connection. I have WHS and router without VPN. Would be interested to konw how you solve your issue.
sjmjnk
I can’t comment on VPN connections made from an iPhone as I’ve never tried
It however a VPN connection should give you internal access to your whole LAN and not
Just the whs box. Can you try pinging other internal local LAN ip addresses?
You still have to connect each computer to the WHS VPN manually? Why not just connect each directly to the VPN manually? I don’t get the benefit of this. My router maintains a constant connection to my VPN that applies to all network devices automatically. Can a WHS be set up this way?
@Dude
This is so you can connect a remote client pc to your entire home LAN via a VPN connection.
It’s for inbound VPN connections to your home LAN. Not outbound VPN connections to someone else’s VPN server.
I can’t access the internet on the client PC once I have dialed into the VPN. Switching on split tunneling doesn’t work. Any solution?
Off the top of my head, I remember when setting up client VPN connections there use to be an option some where to tell the client not to use the remote Internet gateway, the client will then use it’s own gateway for Internet traffic but still be connected to the LAN where the WHS VPN server is.
Hi
Thanks for your tutorial
May I ask which client do u use?
Thanks
I was using this guide to connect my blackberry playbook to our home network. I have managed to connect windows 7 machines to my home network, but not the playbook yet. It asks for extra settings. I have it set to:
Gateway type – microsoft IKEv2 VPN Server
Authentication Type – EAP-MSCHAPv2
Authentication ID Type – Identity Certificate General Name
MSCHAPv2 EAP Identity – blank (i don’t know what to put here)
Would these be the correct settings, following this guide to create the VPN? And if so, what do I put in for the MSCHAPv2 EAP Identity? Thanks
I keep getting error 800 or 619?