Active Directory and VPN on single server setup
Solution 1
Can't recommend running a DC as a vpn server... you'll spend loads of time trying to solve problems this will cause. Its not worth the effort you'll spend on it.
If its sbs then it comes with a wizard to do this for you. If not and its for home use then just use the Remote desktop gateway, which comes with 2008, to connect to an internal machine. It works like a dream.
Failing that, if you really want a vpn then just splash out on a small sonicwall or similar. They have some excellent sslvpn firewalls which will do the job for you. The next level up (still small soho firewalls) support an installable ipsec vpn client.
Go with one of the other routes - you'll save yourself a lot of grief in the long term.
Solution 2
Here is a pretty straight forward article on setting it up. http://www.thomasmaurer.ch/2010/10/how-to-install-vpn-on-windows-server-2008-r2/
I wouldn't suggest doing this for a business, but if it's just for your home well then its a risk you have to be ok with.
As mentioned before, multi homed configurations are less than ideal but this article lays out some changes you can make to prevent most of the issues caused by this. http://support.microsoft.com/kb/272294
However, since you're looking into a new config one thing you could do, is use hyper-v. Run one VM as your DC (which you're licenced to do) and then setup another VM running Linux VPN server like pfsense or IPCop. This was you keep everything seperate and a little more secure.
Related videos on Youtube
Neo
Updated on September 18, 2022Comments
-
Neo almost 2 years
I've attempted this several times now and never got it exactly correct. I am looking to setup my ML5 server as a VPN Server, Domain server, DHCP Server and file server. However every time i have attempted this I've read different ways of doing it, all of which never work and always miss something out.
The network has a single Virgin Media Modem, all features turned off so it is just a modem with a tplink router hooked up to that, the server has two different network cards installed both directly connected to the router, then there are several wireless devices, a 360 and a PC all of which require access to the files being shared on the server drives.
I think that about covers it if you need any more info to point me in the right direction just ask.
OS : Server 2008 R2 or SBS 2011, not sure on SBS2011 just yet.
-
Zoredache over 12 yearsTrying to run a VPN from a domain controller seems like a bad idea. Bad things can happen when multi-homing a DC.
-
Neo over 12 yearsHi Zoredache, that may be so but for the number of machines it will be connecting with it shouldn't be an issue as its not a full blown business network
-
Zoredache over 12 yearsIt really has nothing to do with the number of machines, and has more to do with the DC publishing DNS/WINS records with IPs from the VPN network, which will be unreachable by machines on the lan.
-
Neo over 12 yearsZZZOOOMMM over my head on that one Zoredache, only reason I've chosen VPN is to make the system more secure so I don't have to forward ports for remote desktop when I'm not at home
-
Zoredache over 12 yearsIf this is for home-use, why not just install one a SSH daemon, and use an SSH client to tunnel ports.
-
Neo over 12 yearsnever heard of tunneling over ssh for this Zoredache, any links?
-
Zoredache over 12 yearsIt is so extremely common that a simple search for ssh port forward will return lots of good results.
-
-
Neo over 12 yearsEric Why wouldn't you recommend setting up a VPN for business?
-
Eric C. Singer over 12 yearsNo it's not that i'm not reccomending a VPN, I'm reccomending that you don't make your DC your VPN server.
-
Eric C. Singer over 12 yearsThe RDP gateway is another great idea, completely forgot about that. I also like idea of a dedicated VPN / firewall device as well.