I’m looking to setup a permanent VPN connection from our office to a Windows Server provided by 1and1.
We’re looking to get SQL log shipping setup between the hosted 1and1 server and our office. I’m familiar with setting up a VPN point on our office router (Draytek 2820) so that users can VPN in to the office.
I’m looking for advice to specifically have a VPN setup running as a service on the hosted server so that it has a permanent tunnel back to our office.
What should I be searching for or reading up on to get this working?
1and1 now offer Server 2012 so if that has any benefit we can take advantage of it but cannot add a VPN capable router to the 1and1 end of the connection or else I would do that. Also the 1and1 server only has 1 network interface and I cannot add more.
Some of the Draytek routers support IPSEC, but I'm not familiar enough with the product line to talk about it. You may be able to use the built-in IPSEC functionality in Windows Server 2012 to establish a tunnel to your router.
On a completely different tack: I recently deployed a Windows Server 2012-based machine w/ an OpenVPN connection configured to run as a service. It was set to be dropped-in behind a firewall (with a permissive outbound policy) in a remote site. The idea was that I would remotely administer the machine once it was installed. This worked-out really well. If you find that you can't beat your Draytek device and the IPSEC functionality in Windows Server into submission you might consider this method.
I don't know 1&1, so assuming they don't offer their own s2s VPN, you should be able to do it the same as the azure methods you googled, but one recommendation would be to have the Windows server vpn INTO your network via whatever means (your router, your win server) as the client. http://blog.degree.no/2011/10/permanent-vpn-connection-in-windows/
With a single NIC in the server it makes it tough to recommend a normal IKE site-2-site tunnel since it requires a multi-homed server to set it up.
The normal setup here: http://downloads.1and1.com/na/PDF/MAN_WinServ_US.pdf for 1&1 recommends that you basically setup your server as a normal RRAS server and let your clients VPN into it. This might work fine for your needs of log shipping, but all you are doing there is reversing what I said in my first paragraph. You can use the persistent FLAG to keep it going as well.
Another alternative would be to look into OpenVPN on both ends: http://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/site-to-site-layer-3-routin-using-openvpn-access-server/ Something like that is normally used in the Linux world, so I'm not certain if it will work as easily on Windows but it does have a Windows server and client.
NOTE: You may also try the SQL/DBA site here on StackExchange if all you are after is SQL log shipping. They might have other methods that won't require a VPN at all.