Loading... <p>Windows上搭建VPN是比较简单的,通过“路由与远程访问”进行配置即可,windows server 2003默认已经安装这个功能。这篇文章将介绍如何在windows server 2003配置VPN Server。</p><p><strong>1、启动VPN服务</strong></p><p>进入“开始”->“所有程序”->“管理工具”->“路由和远程访问”。</p><p>在计算机名称上点击右键,选择“配置并启用路由和远程访问”。</p><p><a href="attachments/201105301339434748.png"><img class="alignnone size-full wp-image-1626" title="windows-vpn-0" alt="" src="attachments/201105301339434748.png" width="276" height="283" /></a></p><p>然后点击下一步,选择要提供的服务:</p><p><a href="attachments/201105301339442774.png"><img class="alignnone size-full wp-image-1627" title="windows-vpn-01" alt="" src="attachments/201105301339442774.png" width="495" height="366" /></a></p><p>如果只是使用VPN访问特定的服务器,只选择VPN就可以了;</p><p>如果还要通过VPN服务器访问internet,那么还需要网络地址转换(NAT)服务 。</p><p>最下边提供了一个自定义配置,可以任意组合需要的功能。</p><p>这里先只用一个VPN访问服务:</p><p><a href="attachments/201105301339447848.png"><img class="alignnone size-full wp-image-1628" title="windows-vpn-02" alt="" src="attachments/201105301339447848.png" width="478" height="260" /></a></p><p>然后下一步,完成,按照提示操作就可以了。</p><p><strong>2、 配置VPN</strong></p><p>安装完了,现在配置下。在计算机名称上点右键,选择“属性”。</p><p><a href="attachments/201105301339445238.png"><img class="alignnone size-full wp-image-1629" title="windows-vpn-03" alt="" src="attachments/201105301339445238.png" width="378" height="308" /></a></p><p>选择IP选项卡,指定VPN客户端可以使用的IP地址。</p><p><a href="attachments/201105301339457544.png"><img class="alignnone size-full wp-image-1630" title="windows-vpn-6" alt="" src="attachments/201105301339457544.png" width="401" height="442" /></a></p><p>这里指定一个IP地址段供客户端使用。</p><p>默认情况下VPN将使用Windows身份验证 ,所以需要创建几个用户。</p><p><a href="attachments/201105301339452131.png"><img class="alignnone size-full wp-image-1631" title="windows-vpn-12" alt="" src="attachments/201105301339452131.png" width="426" height="312" /></a></p><p>我这里创建了vpntest1、vpntest2 。注意设置用户的一些配置,如密码永不过期。</p><p><a href="attachments/201105301339456214.png"><img class="alignnone size-full wp-image-1632" title="windows-vpn-13" alt="" src="attachments/201105301339456214.png" width="370" height="135" /></a></p><p>允许访问VPN及分配一个静态IP。</p><p><a href="attachments/201105301339467832.png"><img class="alignnone size-full wp-image-1633" title="windows-vpn-14" alt="" src="attachments/201105301339467832.png" width="401" height="356" /></a></p><p><strong>3、客户端连接</strong></p><p>客户端配置就是创建一个VPN连接。</p><p>最好换一台机器,在桌面“网上邻居”上点右键选择“属性”,在打开的窗口中找到“新建连接向导”。</p><p>选择“连接到我的工作场所的网络”。</p><p><a href="attachments/201105301339460378.png"><img class="alignnone size-full wp-image-1634" title="windows-vpn-04" alt="" src="attachments/201105301339460378.png" width="491" height="230" /></a></p><p>选择“虚拟专用网络连接”。</p><p><a href="attachments/201105301339466280.png"><img class="alignnone size-full wp-image-1635" title="windows-vpn-05" alt="" src="attachments/201105301339466280.png" width="463" height="238" /></a></p><p>为VPN设置一个名字,随便写就行。</p><p><a href="attachments/201105301339464842.png"><img class="alignnone size-full wp-image-1636" title="windows-vpn-06" alt="" src="attachments/201105301339464842.png" width="449" height="162" /></a></p><p>确认公用网络是否已接好。</p><p><a href="attachments/201105301339462231.png"><img class="alignnone size-full wp-image-1637" title="windows-vpn-07" alt="" src="attachments/201105301339462231.png" width="493" height="203" /></a></p><p>如果你的网络是ADSL等需要先拨号,就选第二个;如果是在局域网中,选第一个。</p><p>然后下一步,输入VPN服务器的地址。</p><p><a href="attachments/201105301339477670.png"><img class="alignnone size-full wp-image-1638" title="windows-vpn-08" alt="" src="attachments/201105301339477670.png" width="489" height="233" /></a></p><p>选择“任何人使用”。</p><p><a href="attachments/201105301339472757.png"><img class="alignnone size-full wp-image-1639" title="windows-vpn-09" alt="" src="attachments/201105301339472757.png" width="316" height="93" /></a></p><p>完成,在桌面上快捷快捷方式。</p><p><a href="attachments/201105301339471637.png"><img class="alignnone size-full wp-image-1640" title="windows-vpn-010" alt="" src="attachments/201105301339471637.png" width="340" height="174" /></a></p><p>在桌面上双击打开连接,输入用户名密码登录。</p><p><a href="attachments/201105301339472448.png"><img class="alignnone size-full wp-image-1641" title="windows-vpn-011" alt="" src="attachments/201105301339472448.png" width="337" height="360" /></a></p><p>连接成功后,一般会在右下角出现一个网络连接的图标。</p><p>现在就可以用虚拟的IP地址访问服务器了,试试:<span class="external-link"><a class="no-external-link" href="http://192.168.92.100/" target="_blank"><font color="#2970a6">http://192.168.92.100</font><i data-feather='external-link'></i></a></span></p><p>我们设置的IP地址段的第一个IP会成为VPN服务的默认IP。</p><p>然后再找一台电脑,设置VPN连接,试试从一个VPN客户端访问另一个VPN客户端:<span class="external-link"><a class="no-external-link" href="http://192.168.92.102/" target="_blank"><font color="#2970a6">http://192.168.92.102 </font><i data-feather='external-link'></i></a></span></p><p>有了VPN我们就可以跨网访问特定的资源了,在一个公网能够访问的机器上搭建VPN服务,然后不同的内网的机器,连接到这个VPN服务器,然后不同的内网就可以相互访问了。</p><p><strong>4、网络地址转换服务(NAT)</strong></p><p>经过上边的配置后我们只可以访问建立了VPN连接的机器,如果此时访问互联网,如百度,就不能连接。</p><p><strong>(1)第一个解决方案:去掉VPN连接的默认网关</strong></p><p>在VPN连接上点右键,选择“状态”。</p><p><a href="attachments/201105301340090262.png"><img class="alignnone size-full wp-image-1642" title="windows-vpn-012" alt="" src="attachments/201105301340090262.png" width="100" height="135" /></a></p><p>选择“网络”选项卡,选中“Internet协议(TCP/IP)”。</p><p><a href="attachments/201105301340090725.png"><img class="alignnone size-full wp-image-1643" title="windows-vpn-3" alt="" src="attachments/201105301340090725.png" width="364" height="431" /></a></p><p>点击“属性”。</p><p><a href="attachments/201105301340107062.png"><img class="alignnone size-full wp-image-1644" title="windows-vpn-4" alt="" src="attachments/201105301340107062.png" width="396" height="385" /></a></p><p>点击“高级”,去掉勾选“在远程网络上使用默认网关”。</p><p><a href="attachments/201105301340102733.png"><img class="alignnone size-full wp-image-1646" title="windows-vpn-5" alt="" src="attachments/201105301340102733.png" width="366" height="166" /></a></p><p>这样保存后重新连接,就可以访问互联网了,当然前提是你没创建VPN连接之前就能够访问。</p><p>这是因为如果VPN使用默认网关,那么所有的网络请求都会被路由到VPN服务器,但是我们前边只是配置了VPN访问,而没有路由转换服务。</p><p><strong>(2)第二个解决方案:配置路由转换服务。</strong></p><p>首先要禁用路由和远程访问,以重新配置添加路由转换功能。</p><p><a href="attachments/201105301340106665.png"><img class="alignnone size-full w p-image-1647" title="windows-vpn-013" alt="" src="attachments/201105301340106665.png" width="307" height="189" /></a></p><p>重新配置,按照是否有多个网卡配置也不太相同。</p><p><strong>2.1 首先对于有多个网卡的情况:</strong></p><p>配置服务,选择“虚拟专用网络(VPN)访问和NAT”:</p><p><a href="attachments/201105301340103311.png"><img class="alignnone size-full wp-image-1648" title="windows-vpn-7" alt="" src="attachments/201105301340103311.png" width="500" height="432" /></a></p><p>选择访问internet的网卡:</p><p><a href="attachments/201105301340112557.png"><img class="alignnone size-full wp-image-1657" title="windows-vpn-8" alt="" src="attachments/201105301340112557.png" width="499" height="430" /></a></p><p>指定客户端IP地址的范围,和上边用的IP范围一致即可。</p><p><a href="attachments/201105301340113005.png"><img class="alignnone size-full wp-image-1650" title="windows-vpn-9" alt="" src="attachments/201105301340113005.png" width="499" height="284" /></a></p><p><a href="attachments/201105301340117837.png"><img class="alignnone size-full wp-image-1651" title="windows-vpn-10" alt="" src="attachments/201105301340117837.png" width="499" height="338" /></a></p><p>选择身份验证方式:</p><p><a href="attachments/201105301340115573.png"><img class="alignnone size-full wp-image-1652" title="windows-vpn-11" alt="" src="attachments/201105301340115573.png" width="494" height="279" /></a></p><p><strong>2.2 对于只有一个网卡的情况</strong></p><p>配置服务,选择“自定义配置”:</p><p><a href="attachments/201105301340115284.png"><img class="alignnone size-full wp-image-1660" title="windows-vpn-20" alt="" src="attachments/201105301340115284.png" width="500" height="435" /></a></p><p>下一步,选择“VPN访问”和“NAT和基本防火墙” :</p><p><a href="attachments/201105301340120061.png"><img class="alignnone size-full wp-image-1661" title="windows-vpn-21" alt="" src="attachments/201105301340120061.png" width="419" height="257" /></a></p><p>下一步,完成向导。</p><p>然后在左侧找到IGMP:IGMP(互联网组管理协议)是一种互联网协议,广播路由相关的吧。</p><p><a href="attachments/201105301340124566.png"><img class="alignnone size-full wp-image-1663" title="windows-vpn-22" alt="" src="attachments/201105301340124566.png" width="209" height="333" /></a></p><p>新增两个接口:内部和本地连接</p><p><a href="attachments/201105301340122220.png"><img class="alignnone size-full wp-image-1662" title="windows-vpn-23" alt="" src="attachments/201105301340122220.png" width="380" height="377" /></a></p><p><a href="attachments/201105301340122351.png"><img class="alignnone size-full wp-image-1664" title="windows-vpn-24" alt="" src="attachments/201105301340122351.png" width="402" height="325" /></a></p><p>继续新增:</p><p><a href="attachments/201105301340135512.png"><img class="alignnone size-full wp-image-1665" title="windows-vpn-25" alt="" src="attachments/201105301340135512.png" width="384" height="207" /></a></p><p>选择IGMP代理:</p><p><a href="attachments/201105301340147552.png"><img class="alignnone size-full wp-image-1666" title="windows-vpn-26" alt="" src="attachments/201105301340147552.png" width="400" height="301" /></a></p><p>左侧找到NAT/基本防火墙:</p><p><a href="attachments/201105301340143635.png"><img class="alignnone size-full wp-image-1667" title="windows-vpn-27" alt="" src="attachments/201105301340143635.png" width="298" height="240" /></a></p><p>右键点击“新增接口”,</p><p><a href="attachments/201105301340144430.png"><img class="alignnone size-full wp-image-1678" title="windows-vpn-28" alt="" src="attachments/201105301340144430.png" width="377" height="195" /></a></p><p><a href="attachments/201105301340146121.png"><img class="alignnone size-full wp-image-1670" title="windows-vpn-29" alt="" src="attachments/201105301340146121.png" width="267" height="142" /></a></p><p>继续新增接口:</p><p><a href="attachments/201105301340154055.png"><img class="alignnone size-full wp-image-1671" title="windows-vpn-30" alt="" src="attachments/201105301340154055.png" width="384" height="177" /></a></p><p>选择“公用接口连接到Internet ”。</p><p><a href="attachments/201105301340152271.png"><img class="alignnone size-full wp-image-1672" title="windows-vpn-31" alt="" src="attachments/201105301340152271.png" width="395" height="242" /></a></p><p>然后进入“服务和端口”选项卡,</p><p><a href="attachments/201105301340151560.png"><img class="alignnone size-full wp-image-1674" title="windows-vpn-32" alt="" src="attachments/201105301340151560.png" width="397" height="325" /></a></p><p>勾选“IP 安全性(IKE)” 、“IP 安全性(IKE NAT遍历)”、“VPN网关(L2TP/IPsec – 运行于此服务器上)”、“VPN网关(PPTP)”。</p><p>选择的时候会弹出一个对话框,填写一个IP地址,都填写“127.0.0.1”就可以了。</p><p><a href="attachments/201105301340154423.png"><img class="alignnone size-full wp-image-1675" title="windows-vpn-33" alt="" src="attachments/201105301340154423.png" width="315" height="109" /></a></p><p>点“确定”,保存操作。</p><p> </p><p>经过以上NAT配置,请在客户端再试试访问internet,不过要记得勾选“在远程网络上使用默认网关”,这样才是通过VPN服务器访问的Internet。</p><p>看看我访问百度经过的路由。</p><p><a href="attachments/201105301340150580.png"><img class="alignnone size-full wp-image-1653" title="windows-vpn-1" alt="" src="attachments/201105301340150580.png" width="521" height="265" /></a></p><p>可以看到路由首先经过VPN服务器:192.168.92.100。</p><p>有没有发现www.a.shifen.com这个域名,这是百度竞价排名用过的一个域名,不是乱搞的啊。</p><p>但是对于客户端主机原来所在网段的IP地址的访问,则不会通过VPN服务器:</p><p><a href="attachments/201105301340160662.png"><img class="alignnone size-full wp-image-1654" title="windows-vpn-gateway-in" alt="" src="attachments/201105301340160662.png" width="525" height="130" /></a></p><p>对于跨网段的IP地址的访问是否都会通过VPN服务器,我这里没有广泛的测试,可能还和子网掩码有关,我对这块不太了解。</p><p>刚在网上搜了下,如果是不同网段,需要做VPN中继代理或者静态映射之类的等等,有问题的自己找找答案吧。</p><p>在Windows上搭建VPN服务真的很简单,我的一个linux的VPN Server还没搞定,等搞好了再写篇文章记录下来。</p><p>这篇文章就介绍到这里了。</p> <hr class="content-copyright" style="margin-top:50px" /><blockquote class="content-copyright" style="font-style:normal"><p class="content-copyright">版权属于:大漠孤狼</p><p class="content-copyright">本文链接:<a class="content-copyright" href="https://www.dmgls.com/399.html">https://www.dmgls.com/399.html</a></p><p class="content-copyright">转载时须注明出处及本声明</p></blockquote> Last modification:July 14th, 2020 at 11:53 am © 允许规范转载 Support 如果觉得我的文章对你有用,请随意赞赏 Appreciate the author