Windows Server 2008 Remote VPN/SSL


The growth number of mobile working motivates small to medium companies to allow remote access to corporate resources. VPN has become the first and direct solution for these needs as it provides the necessary level of performance and allows the employee to work in a safe and secure environment.

Security by using virtual private network has been firstly introduced in Windows NT, by the time the number of supported protocols by Microsoft are increasing as we have in windows 2008 four protocols: PPTP, L2TP, IPsec, and SSTP which comes to enhance security by adding SSL.

SSTP (Secure Socket Tunneling Protocol) has added a flexibility and simplicity for using VPN as we do not require creating a firewall rules, Nat devices or proxy servers. To use the service the VPN-Client connects to SSTP server using HTTPS port 443 and the server sends the certificate, clients will check the Trusted Root Certification Authorities as in opening any https website and sends the server a specially encrypted form of key SSL-session.

The server will decrypt the key using the private key certificates and as a result the connection is done with the agreed method of encryption and key SSL-session. This form has reduced all usual steps for installing and configuring VPN client. Next the server check user credentials through the authentication mechanisms PPP / EAP and configuration settings for IPv4/IPv6 traffic. Finally client gets access to the desired remote network resources.
For creating the VPN we need:

* Win2k8 Domain Controller
* Certificate Server
* RRAS (Routing and Remote Access)
* NPS (Network Policy Server)

If the domain is configured we start by setting the Server certificate In Server manager, go to Roles Summary, and click on Add Roles , Click on Web Server (IIS) and click next twice, On the Roles Services page, select all of the Security options and click next, then install, then finish.
In Server manager, go to Roles Summary, and click on Add Roles , Click on Network Policy and Access Services then click next twice, Select Routing and Remote Access services then click next, then click install, then click finish.

Open Routing and Remote Access (Administrator tools> Routing and Remote Access), Right click on your computer name and select Configure and Enable Routing and remote Access , Click next, Select Custom Configuration (You have to do this if you only have one NIC) and click next, Select all options and click next, Click finish.

Expand IPv4, and then right click on DHCP Relay agent. Insert the IP Address of your DHCP server, Right click on your server name, and click properties, select the option for Local Area Network Routing Only, Open up TCP 443 on your firewall and create a NAT rule to your server.

I recommend following the Step-by-Step Guide for Deploying SSTP Remote Access, which provides a clear and simple way for installing SSTP.

Server side installation can take about 30 minutes and it discards all firewall and Nat configuration to simplify all administrator tasks.

make sure you subscribe to my RSS feed!