Windows Server 2012 PPTP VPN

hundreds-of-birds-on-a-phone-poleMany vendors offer customers the ability to build they very own PPTP VPN. You probably shouldn’t since they are no longer consider to be secure, but there’s no law that says you can’t. Microsoft Windows Server 2012 and earlier version are no different. With only a little effort, you can use Windows Server 2012 to make your very own PPTP VPN server.

Many of the steps here are identical to those you would perform if you were building a secure SSTP VPN on Windows Server 2012 and you chose not to use Anywhere Access to do it. The Anywhere Access wizard makes building a secure SSTP VPN almost effortless. The old fashioned way is a little more difficult, but not much. The SSTP VPN adds additional work, compared to PPTP, in the area of Active Directory Certificate Services (AD CS).

The steps required to configure a Windows PC as a client are posted elsewhere. Client PCs do not need to be in a domain. Many vendors offer the ability to make PPTP VPN servers, but all configure exactly the same at the client PC end. Therefore, to be concise and avoid redundancy, I posted the client PC set-up instructions here (toward the bottom), along with a serious warning about the security issues inherent in PPTP.

Modify The User Profile

Select the users who will access the VPN and call up their user profiles. Modify each in this way.


Install the Routing and Remote Access Role

Install the Routing and Remote Access role. About half of the PPTP examples you will see on the Internet include Routing while the other half don’t. I’ve successfully installed a PPTP VPN using both choices, so you decide what you want to install. DirectAccess and VPN (RAS) is required.


Configure Routing And Remote Access Services

Right click the selection next to the red mark. Select Configure and Enable Routing and Remote Access. The wizard will nag you about including DirectAccess. Just select VPN only. DirectAccess is an always on SSTP VPN.  The client must be in a domain and running Windows 7 Enterprise or Ultimate or the equivalent Windows 8 version. DirectAccess is more complicated to install than a typical SSTP VPN or a secure WebDav Server.



Click Next.


Select Custom Configuration.


Select VPN Access




Start the Service.


Right click the server name and select Properties.


Select the IPv4 tab. Select static pool. Click Add.


Type in a range on your local network for IP addresses. The VPN server will give the client PC a local IP address within this range. Make it relatively wide so it won’t conflict with one already in use on your local network. Or, better yet, sign on to your router and reserve a range if your router has this feature. Enter that range here.


Done. Configure client PCs now.



Have Something To Add?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.