I recently spun up a new Server 2012 R2 VM to use as a PPTP VPN server. The machine is fully patched, and has only the Remote Access role installed. Per standard configuration, the machine has two NICs (the first intended for internal traffic, and the second intended for incoming VPN traffic; both sit behind a hardware firewall; 10.1.1.22 and 10.1.1.23 respectively).
I walked through the RRAS configuration wizard selecting the following "Remote access", "VPN" only, Enable security on adapter #2, "Automatically", and "No". No further configuration was performed. Testing from within my network (i.e. no NAT funniness to deal with), I can connect just fine to the #1 IP, but connections to #2 fail. If I remove all of the inbound static filters on interface #2 from RRAS, connections to #2 work perfectly.
I've tried clearing all of the inbound filters out and just putting in TCP 1723 and IP 47 (GRE), and connections still fail, despite confirming via WireShark trace that these are the only ports/protocols being used in the exchange. I'd easily be able to accept that something is screwed up with RRAS if I was doing something funky, but these are the 100% out-of-the-box stock settings from the wizard and they're not working. Anybody know what I'm doing wrong?
0 Answers