PPTP VPN & Configuaration.
PPTP (Point-To-Point-Tunneling
Protocol)
Point-To-Point-Tunneling Protocol (PPTP) is the most popularly VPN protocol
and is supported by the most devices. PPTP stands for point to point protocol,
is by far the easiest to configure and has low overhead that makes it faster
than other VPN protocols. Firewalls such as ISA Server, Cisco PIX and Sonic Wall recognize the protocol.
PPTP encrypts data using a 128-bit key which puts it in the “weakest”
category of VPN protocols. It has also had other weaknesses in the past, such
as clear-text authentication prior to a connection being established and as
such it is rarely used in sensitive business environments. However, the most
recent implementations of this protocol have resolved some of the security
issues – for example, the implementation of EAP authentication.
Configuration of PPTP
----------
Server Role----------------
1. Click on Server Manager -> Manage -> "Add Roles and
Features"
2. Add "Remote Access", include VPN and Routing (needed for NAT) role
services and restart
3. Click on Server Manager -> Notifications -> "Open the Getting
Started Wizard"
4. Select "Deploy VPN only"
----------
Server RRAS---------------
1. Run Routing and Remote Access (RRAS) tool
2. Right-click on the server and then on "Configure and Enable RRAS"
3. Choose "Custom configuration", select "VPN access" and
NAT
4. Right-click on the server and then on Properties -> Security
5. Select the <...>.cloudapp.net certificate
6. Click on the IPv4 tab
7. Enter a "Static address pool" for the number of clients, e.g.:
192.168.1.1 - 192.168.1.20 (otherwise the connection will fail with error 720),
then close the dialog
8. Don't enter a range that is too short. The OS keeps a lock on a
used IP address for a while, so reconnecting often or from multiple
devices may use up the pool and the connection will fail with error 0x8007274C
9. Expand the IPv4 node, then right-click on NAT, then on "New
Interface", select the external interface (e.g. "Ethernet 2")
10. Click on "Public interface connected to the Internet" and check
"Enable NAT on this interface"
----------
Client Connection----------
1. Go to Network and Sharing Center, click on "Setup a new connection or
network"
2. Select "Connect to a workplace", then VPN
3. Enter <...>.cloudapp.net, name and create
4. Click on Network tray icon
5. Right-click on new VPN connection, then show properties
6. Click on Security, set VPN type to SSTP and allow only MS-CHAP v2
7. Connect using same credentials used to create the VM and for RDP
8. Test your internet connectivity
9. Use a web site that shows your external IP, it should be an IP from the Azure
datacenter
No comments:
Post a Comment