Server for small local business, which one to get?

d3v said:
Draytek SmartVPNClient software does not work on Server2012 operating system, do I need this software or is there a way to setup remote access to thie lenovo ts140 server without it? I've installed and configured routing & remote access within Server 2012, and have set the router up for remote access (see picture above) is there anything else I need to do before I leave site as I want to be able to work on this server setup from home without having to go back and forth so often as it is quite far away from home!
Click to expand...
The Draytek Smart VPN client is for the PC you're connecting in from, ie from the client-end.

Just configure the Draytek as VPN server (preferably SSL). Once you've established a VPN connection (using the Smart VPN client) you can connect to everything on the network as if you were there, that includes RDP-ing into the server or using Light Out Management (if available).

If I have time, I'll post back with some more details/screenshots shortly ...
 
Ok, from memory (assuming all the other VPN related settings are still at their defaults), this is all you should need to configure to establish an SSL VPN connection ...

Enable SSL VPN (disable the rest):

T4pTAkt.png



Create a VPN user account:

(Be sure to use a long and strong password here!)

dGjCxt2.png



Create a VPN user group, add your user to the group and enable the SSL Application:

Xo88kOE.png


On your remote access client-end, install the Smart VPN client and configure the connection like this:

sVLhWCx.png


Click 'More' if you have any additional subnets on the remote network you need access to.

(You can also select 'Use default gateway on remote network' if you prefer, which will pass all of your internet traffic through the VPN too.)


yKQfZuI.png




That's it.

You should now be able to access everything on the network remotely without compromising security by opening ports, disabling firewalls, etc.
 
Wow I am quite overwhelmed and very thankful for the lengths you have gone to help guide me with screengrabs and uploading them, ect. I followed everything you said whilst I was onsite and now I'm back home now, I installed Draytek VPN client software and getting "can't resolve vpn server dns" error upon trying to connect!

I have remote access to the Draytek router from here so can make any neccesary changes to the router config.

edit: maybe could be due to my OS (windows 7 Ultimate x64) but is highly stripped down for maximum gaming performance so may be missing key remote access features?
 
Last edited:
You switched DHCP off on the router. That won't help! Moltuae has very kindly and very expertly explained how to set up a VPN on the router if you need to do so. But you have just bought - or your customer has - a server which is designed to provide exactly these facilities and - purely IMHO - in this case, that is the way to go. The server is there to do as much of the heavy-lifting for this whole installation as it possibly can and I would advise you to let it.
 
Last edited:
Mick said:
You switched DHCP off on the router. That won't help! Moltuae has very kindly and very expertly explained how to set up a VPN on the router if you need to do so. But you have just bought - or your customer has - a server which is designed to provide exactly these facilities and - purely IMHO - in this case, that is the way to go. The server is there to do as much of the heavy-lifting for this whole installation as it possibly can and I would advise you to let it.
Click to expand...
That's a good point about DHCP; I'd forgotten about that. In which case it would also be necessary to set a static IP per VPN user (Second screenshot: SSL VPN -> User Account -> Subnet). Although the connection error suggests there is no connection to the IP/Host name. @d3v Are you able to ping the IP/Host name you're using? And did you restart the Draytek router after making the changes?

I agree (in part) about making full use of the server's capabilities, especially for DHCP, but personally I would use the gateway/router for remote network access for greater security and availability since this will enable access to Light's Out Management and other network devices in the event that the server OS is out of action.
 
Mick said:
You switched DHCP off on the router. That won't help! Moltuae has very kindly and very expertly explained how to set up a VPN on the router if you need to do so. But you have just bought - or your customer has - a server which is designed to provide exactly these facilities and - purely IMHO - in this case, that is the way to go. The server is there to do as much of the heavy-lifting for this whole installation as it possibly can and I would advise you to let it.
Click to expand...

Thanks for the info, I'm sure eventually I will have both setup and working. As for remote access via Server 2012R2 does it require any external registration process, similar to registering a website domain name, or is everything required built in to the Server2012 operating system?

Moltuae said:
That's a good point about DHCP; I'd forgotten about that. In which case it would also be necessary to set a static IP per VPN user (Second screenshot: SSL VPN -> User Account -> Subnet). Although the connection error suggests there is no connection to the IP/Host name. @d3v Are you able to ping the IP/Host name you're using? And did you restart the Draytek router after making the changes?

I agree (in part) about making full use of the server's capabilities, especially for DHCP, but personally I would use the gateway/router for remote network access for greater security and availability since this will enable access to Light's Out Management and other network devices in the event that the server OS is out of action.
Click to expand...

Again thank you, I set a static IP but still getting "cannot resolve DNS" error below.
I cannot reboot router as they will be working in the office all day, I will txt her now and ask what a good time to reboot is and get back to you!
0fa3e59d7c.png
 
got a call that one of the workers cant access wifi on his macbook. since dhcp is disabled on the router how do i get him connected without joining his macbook to the local domain?
 
d3v said:
Thanks for the info, I'm sure eventually I will have both setup and working. As for remote access via Server 2012R2 does it require any external registration process, similar to registering a website domain name, or is everything required built in to the Server2012 operating system?
Click to expand...
Everything you need to know is in the link I provided a couple of posts back. Both ways of doing this have their benefits (for example, go the server route and you can give granular permissions to your users for days when they might want to work from home or be out on the road) but I would decide on one or the other and stick to it. Basically and briefly, the less routes into your set-up from the outside world, the better.
 
d3v said:
got a call that one of the workers cant access wifi on his macbook. since dhcp is disabled on the router how do i get him connected without joining his macbook to the local domain?
Click to expand...
That's got nothing to do with DHCP (just to save you some time looking in the wrong place). Plenty of firms have this exact same set-up and offer guest wi-fi access (which is really what we're talking about here). In any case, why not join to the domain? He's missing some benefits if he's not joined, although I doubt it will solve the wi-fi issue.
 
d3v said:
got a call that one of the workers cant access wifi on his macbook. since dhcp is disabled on the router how do i get him connected without joining his macbook to the local domain?
Click to expand...

DHCP is available to any network node ARPing on the network. You do not have to be joined to the domain to receive DHCP. NON-domain clients still get leases from DHCP. Example..you don't join network printers to the network..yet they still get an IP. Or you take a brand new computer out of the box and put it up on the bench and unbuckle the OS and start doing windows updates and naming it..before joining the domain.

Most wireless routers..the wireless access component is still bridged to the 4 port switch built onto the LAN side. DHCP still flows up there across the wireless.
 
thanks I just enabled guest wifi on the draytek and txt'd him the instructions. failing that i said to connect to the ethernet, not sure if that would help, though since he needs to be in the domain to get an IP?
Thanks I will check out your instructions that you posted yesterday, I actually started to follow your guide last night but had to leave site as it was almost 10pm!
Would joining the laptops to the domain mess things up when they take them back home in regards to wifi connectivity?
 
d3v said:
Would joining the laptops to the domain mess things up when they take them back home in regards to wifi connectivity?
Click to expand...

Not at all. My laptop that I'm typing from right now is joined to my domain at the office....yet I'm home on my wifi..and I jump on the wifi of dozens and dozens of other clients all week long.
 
Bookmarked and will be looking through the guides in due course, but urgently need to figure out why this guys macbook can't connect to wifi. he's tried the primary and guest SSID and tried via ethernet but no joy?

edit: another workers mabook cant connect either, but a windows laptop there connects absolutely fine as does the AIO printer. what is it with osx.... i loathe the things.
 
Last edited:
d3v said:
but urgently need to figure out why this guys macbook can't connect to wifi. he's tried the primary and guest SSID and tried via ethernet but no joy?.
Click to expand...

Well..if it won't connect via ethernet...no sense it wasting time looking at the wireless. Time to just go through basic troubleshooting of that macbook. Make sure DHCP service on the server is "started" and running.
 
YeOldeStonecat said:
Well..if it won't connect via ethernet...no sense it wasting time looking at the wireless. Time to just go through basic troubleshooting of that macbook. Make sure DHCP service on the server is "started" and running.
Click to expand...
YeOldeStonecat said:
Well..if it won't connect via ethernet...no sense it wasting time looking at the wireless. Time to just go through basic troubleshooting of that macbook. Make sure DHCP service on the server is "started" and running.
Click to expand...

Ok I just enabled DHCP on the router, I hope it doesn't wreck the domain link between the server and the two Dell workstations are they have Sage acocunts 50 shared data!

I was told earlier in this thread to disable DHCP on the router once it was enabled and setup in Server 2012?

Mick said:
Firewall?
Click to expand...

Disabled it just now, hopefully will help, god I despise osx
 
Last edited:
Still cannot remote VPN to the damm router, tried following multiple guides, disabled router firewall ,ect...
I've enabled PPT traffic and opened several ports Draytek say are required for VPN on my home router than I'm trying to connect from to the draytek router in the office!
11a9c73306.png
 
Last edited:
I meant, the firewall on the Mac! Also, don't enable DHCP on the router - it needs to be running on/from the server only.
 
You must log in or register to reply here.

Similar threads

callthatgirl
Outlook Classic Search vs New Outlook Search
Replies
0
Views
201
callthatgirl
callthatgirl
HCHTech
Automating certificate deployment for RDP over VPN
Replies
11
Views
2K
sits
S
thecomputerguy
One of the worst customer service experiences I have ever had.
Replies
18
Views
1K
Markverhyden
Markverhyden
HCHTech
Hot-Desking setup
Replies
0
Views
627
HCHTech
HCHTech
britechguy
Suggestions for a revised "Storage Topography" for a client
2
Replies
33
Views
3K
YeOldeStonecat
YeOldeStonecat
Back
Top