Windows 2012 as a VPN host

Update your router settings to make sure it has PPTP compatibility and has PPTP and L2TP VPN passthru enabled. Enable port forwarding for port 1723 for the TCP/IP and the GRE protocal (protocal 47) and directed to these to your Windows 2012 server address (e.g.

The Windows 2012 server needs the Network Policy and Access Services role and the Remote Access services role installed. Once installed these need to be configured with a static IP range within the network subnet (e.g. to being assinged as the VPN pool.

A network policy for VPN access was created, with the VPN Users group being created and the appropriate user accounts to this group, allowing VPN access to only members of this group.

Step by step details are:

  1. Open Server Manager, and click on Add roles and features
  2. Click Next
  3. Select Role-based or feature-based installation, click Next
  4. Verify the selection of the DC and click Next
  5. Select Remote Access and Network Policy and Access Services
  6. Click Add Features
  7. Click Next
  8. Click Next
  9. Click Next
  10. Verify DirectAccess and VPN (RAS) is selected, click Next
  11. Click Install
  12. Click on Open the Getting Started Wizard
  13. Select Deploy VPN Only
  14. Right click on SERVERNAME, and select Configure and Enable Routing and Remote Access
  15. Click Next
  16. Select Custom Configuration, Click Next 
  17. Select VPN Access, Click Next
  18. Click Finish
  19. Click Start Service
  20. Right click on SERVERNAME and select properties
  21. Select the Security tab
  22. Click Authentication methods
  23. Untick EAP, click OK
  24. Click OK
  25. Click Yes to restart the services
  26. Open the Network Policy Server console
  27. Expand Policies, and right click on Network Policies.  Select New
  28. Enter the Policy name as Virtual Private Network (VPN) Connections, select the type as Remote Access Server, click Next
  29. Select Add
  30. Select Users Groups, click Add
  31. Click Add Groups
  32. Add the group VPN Users, click OK
  33. Click OK
  34. Select Add
  35. Select NAS port Type, click Add
  36. Tick Virtual (VPN), click OK
  37. Click Next
  38. Select Access granted, click Next
  39. Untick MS-CHAP, click Next
  40. Click Next
  41. Click Next
  42. Click Finish