Active Directory and VPN on single server setup
I've attempted this several times now and never got it exactly correct. I am looking to setup my ML5 server as a VPN Server, Domain server, DHCP Server and file server. However every time i have attempted this I've read different ways of doing it, all of which never work and always miss something out.
The network has a single Virgin Media Modem, all features turned off so it is just a modem with a tplink router hooked up to that, the server has two different network cards installed both directly connected to the router, then there are several wireless devices, a 360 and a PC all of which require access to the files being shared on the server drives.
I think that about covers it if you need any more info to point me in the right direction just ask.
OS : Server 2008 R2 or SBS 2011, not sure on SBS2011 just yet.
Solution 1:
Can't recommend running a DC as a vpn server... you'll spend loads of time trying to solve problems this will cause. Its not worth the effort you'll spend on it.
If its sbs then it comes with a wizard to do this for you. If not and its for home use then just use the Remote desktop gateway, which comes with 2008, to connect to an internal machine. It works like a dream.
Failing that, if you really want a vpn then just splash out on a small sonicwall or similar. They have some excellent sslvpn firewalls which will do the job for you. The next level up (still small soho firewalls) support an installable ipsec vpn client.
Go with one of the other routes - you'll save yourself a lot of grief in the long term.
Solution 2:
Here is a pretty straight forward article on setting it up. http://www.thomasmaurer.ch/2010/10/how-to-install-vpn-on-windows-server-2008-r2/
I wouldn't suggest doing this for a business, but if it's just for your home well then its a risk you have to be ok with.
As mentioned before, multi homed configurations are less than ideal but this article lays out some changes you can make to prevent most of the issues caused by this. http://support.microsoft.com/kb/272294
However, since you're looking into a new config one thing you could do, is use hyper-v. Run one VM as your DC (which you're licenced to do) and then setup another VM running Linux VPN server like pfsense or IPCop. This was you keep everything seperate and a little more secure.