Shulou(Shulou.com)06/02 Report--

Build a virtual private network server

Virtual private network (Virtual Private Network)

Establish a private network on the public network for encrypted communication. The virtual private network gateway realizes remote access through the encryption of the data packet and the translation of the destination address of the packet. Virtual private networks can be classified in many ways, mainly according to protocols. Virtual private network can be realized by server, hardware, software and so on.

Working principle of Virtual Private Network

The  virtual private network gateway adopts a dual network card structure, and the external network card uses the public network IP to access the Internet.

The  virtual private network client accesses the outer network port of the virtual private network server through Internet (192.168.90.33)

 then translates the destination address into the address of the internal host unified network segment through the gateway

The essence of  is to open a dedicated data communication channel.

Building a virtual private network server in server2016

1. Open Server Manager-add remote access service

2. Add role services

3. Add two network cards (bind VMnet1 and VMnet2 respectively)

4. Configure the IP address of the network card (in this experiment, 192.168.80.33 is used as the IP,192.168.90.33 of the × × server to access the internal host as the external network port IP)

5. Open windows management tools-routing and remote access

Configure and enable routing and remote access

1. Right-click-configure routing and remote access

2. Select remote access

3. Select virtual private network for remote access.

4. Specify the external network port (the IP address used in this experiment is 192.168.90.33)

Note: the network port is connected to the Internet but has been protected. Virtual private network clients cannot access the network port.

Later, you can verify the network port through ping.

5. Specify the address range (the range of addresses that can be obtained by virtual private network clients to access internal hosts, which ranges from 192.168.80.100 to 192.168.80.200 in this lab)

6. Create a new address range

7. Manage multiple remote access servers (one server is used in this lab, so no RADIUS server is required)

Third, add access users

1. Windows Management tool-Local Security Policy-disable complex password Policy

2. Windows Management tools-computer Management-add test users

3. Change the network access rights dialed in test user attributes (it is convenient for clients to dial through this account)

4. Configure internal hosts (win7 is used for internal hosts in this lab)

1. Bind the internal host network card

Note: the bound virtual network card must be the same network card as the IP of the network port in the virtual private network server (VMnet1 is used in this experiment)

2. Configure the IP of the win7 local network card (the IP in this lab is 192.168.80.88)

Note: this IP is the IP of the same network segment as the IP of the private network port of the virtual private network server.

3. Add a folder to set up sharing (the shared file added in this article is aaa)

% folder sharing specific methods are not introduced, steps can be Baidu%

4. Turn off the password for accessing the shared folder

Note: do not turn off password-protected sharing, then access the shared folder through your × × account, and you will always report an error if you enter the password.

Configure the virtual private network client (real machine)

1. Configure the VMnet1 network card bound to the internal network port and the VMnet2 network card bound to the external network port.

Note: the IP addresses of the two network cards should be in the same network segment as the corresponding network port.

2. Set up a new network connection

3. Select the workspace connection option

4. Use Internet to connect to virtual private network

5. Add Internet address

Note: this address is the IP address of the external network port where the virtual private network client accesses the virtual private network server through Internet.

6. Connect to the virtual private network and enter the access account and password

VI. Verification principle

1. Verify whether the network can communicate through the ping external network port, internal network port and internal host.

Note: because the external network port is already protected when the external network port is specified, the client cannot ping.

2. Enter win+r\ 192.168.80.88 to access the internal host

3. Access to the internal host succeeded

4. Verify the principle of virtual private network by checking the connection status of virtual private network.

Note: directly get the IP address that accesses the unified network segment of the private network host, and the IP address is within the specified IP address range.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.