VPN setup behind router windows 2016

Question

I have been trying to follow tutorials to setup VPNs on Windows Server 2016. However, they are not really the case for setting up VPN for a server behind router. Is it possible to do this and how?

Answer 1

It is possible with port forwarding or address mapping, which allows the VPN traffic to pass through your router.

Here is the similar discussion - https://social.technet.microsoft.com/Forums/ie/en-US/b3c0ca4f-d3ee-4b76-85e7-58ad23258bf2/vpn-server-behind-router-issues?forum=winserverPN

P.S. some routers allow to configure VPN server directly on the router

Answer 2

Our server (Windows 2016 - NO DOMAIN) has two NIC. We've named it "Internet" and "Local" to avoid any confusion while configuring RRAS.

The "Internet" NIC is connected to the Internet router directly and the "Local" one is connected to our switch.

We used different network IP rank on each NIC

Internet NIC is on 192.168.1.100 and its gateway is the router internal IP 192.168.1.1

Local NIC is on 192.168.22.100 with no gateway

Windows RRAS is configured by default so on IPV4 options -> Internet card, you can add your own NAT options. We've also redirected PPTP option to the "Local" NIC IP of our server.

DHCP Service is on Local NIC

To allow external connections on PPTP we only needed to redirect router port 1723 to the Internet NIC IP. We've also redirected some other ports to allow http, https,...

Router's DHCP server is disabled so all other devices get their IP from the server and are connected to the internal switch.

On a few installations with no additional switch than the included in the router, both server NIC where connected to the same physical network but, as long as router's DHCP was disabled and all internal device's get IP from the server's DHCP (or fixed IP's on the internal scope and using Local server IP address as gateway) everything is working fine.