Update your router settings to make sure it has PPTP compatibility and has PPTP and L2TP VPN passthru enabled. Enable port forwarding for port 1723 for the TCP/IP and the GRE protocal (protocal 47) and directed to these to your Windows 2012 server address (e.g. 192.168.0.10).
The Windows 2012 server needs the Network Policy and Access Services role and the Remote Access services role installed. Once installed these need to be configured with a static IP range within the network subnet (e.g. 192.168.0.200 to 192.168.0.220) being assinged as the VPN pool.
A network policy for VPN access was created, with the VPN Users group being created and the appropriate user accounts to this group, allowing VPN access to only members of this group.
Step by step details are:
- Open Server Manager, and click on Add roles and features
- Click Next
- Select Role-based or feature-based installation, click Next
- Verify the selection of the DC and click Next
- Select Remote Access and Network Policy and Access Services
- Click Add Features
- Click Next
- Click Next
- Click Next
- Verify DirectAccess and VPN (RAS) is selected, click Next
- Click Install
- Click on Open the Getting Started Wizard
- Select Deploy VPN Only
- Right click on SERVERNAME, and select Configure and Enable Routing and Remote Access
- Click Next
- Select Custom Configuration, Click Next
- Select VPN Access, Click Next
- Click Finish
- Click Start Service
- Right click on SERVERNAME and select properties
- Select the Security tab
- Click Authentication methods
- Untick EAP, click OK
- Click OK
- Click Yes to restart the services
- Open the Network Policy Server console
- Expand Policies, and right click on Network Policies. Select New
- Enter the Policy name as Virtual Private Network (VPN) Connections, select the type as Remote Access Server, click Next
- Select Add
- Select Users Groups, click Add
- Click Add Groups
- Add the group VPN Users, click OK
- Click OK
- Select Add
- Select NAS port Type, click Add
- Tick Virtual (VPN), click OK
- Click Next
- Select Access granted, click Next
- Untick MS-CHAP, click Next
- Click Next
- Click Next
- Click Finish