any idea how to add VPN client to Server 20016 Core/Hyper-v Core

cesmith9999

Well-Known Member
Mar 26, 2013
1,202
362
83
I am trying to get a single server off site to replicate a few VM's to as a DR plan.

I have a Ubiquiti router running pptp and IPSEC VPN.

what I found out the hard way is that the VPN client is not a feature that is installed on Server core and Hyper-V core.

does anyone know of a way to have a remote backup while using the free 2016 Hyper-V core?

Chris
 

gregsachs

Active Member
Aug 14, 2018
318
87
28
I know with 100% certainty that the softether VPN server will run on server core 2016. I would suspect that the softether client would also run, but have not tried.
SoftEther VPN Project - SoftEther VPN Project
I do offsite backup of my data using a pi with usb disk running the softether client and the minio server.
Duplicati is the backup software I use to backup to minio.
So basic configuration, which has proven reliable for the last year since crashplan booted me.
PI has a basic install of raspbian, plus teamviewer and softether client, configured to automatically connect back to my server at startup/if the connection drops. Team viewer is just there for a backup.
the PI has static IP on the local network, so it is always reachable if the vpn is connected.
Minio server is pointed at the usb drive mount point, and then duplicati is on each machine that I need to backup. I use this for critical data like family pics, not for global data. I do backup a couple of vms as well.
Does that make sense?
 

EffrafaxOfWug

Radioactive Member
Feb 12, 2015
1,266
428
83
I've never tried it on 2016 or server core so I don't know whether it works there or not, but the regular IPSec connection doofer was always available as an MMC and thus usable without the GUI as long as the Remote Access role was installed. IPsec configuratoin can then be done through the usual server mangler/MMC route.

Failing that, I think there was either VPN endpoint commands in netsh or powershell via add-vpnconnection.
 

cesmith9999

Well-Known Member
Mar 26, 2013
1,202
362
83
SoftEther VPN Project - SoftEther VPN Project
this is one of the options that is on my list to look at. I would have to install the server local and the client on the HyperV Server.

I was hoping for something simpler.

MMC and thus usable without the GUI as long as the Remote Access role was installed
Remote Access is not a role that you can install with on HyperV Core. Server Core yes.



Chris
 

Vit K

Member
Feb 23, 2017
59
20
8
IPSEC (tunnel mode VPN) is integrated in any windows starting xp, setting up from command line with 'netsh ipsec' or configuring remotely with Advanced Firewall MMC. Be careful though, as you can instakill connection to network of the server with wrong ipsec filter set up.
 
Jan 10, 2019
85
17
8
blog.azureinfra.com
there is actually a router built in.. as part of routing and remote access. not sure on the pptp part, but s2s will definitly work:

for example:
Add-VpnS2SInterface -Name Test2 -Protocol IKEv2 -Destination 172.16.3.193 -AuthenticationMethod PSKOnly -SharedSecret '12345' -Persistent -IPv4Subnet 172.16.190.0/24:100 -DHGroup Group2 -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants GCMAES256 -EncryptionMethod AES256 -PfsGroup PFS2048 -SALifeTimeSeconds 14400 -SaRenegotiationDataSizeKB 819200 -MMSALifeTimeSeconds 28800 -CustomPolicy

EDIT: wont this work? (PShell); Add-VpnConnection -Name VPN -ServerAddress myendpoint.com-TunnelType Pptp
 

cesmith9999

Well-Known Member
Mar 26, 2013
1,202
362
83
I will try this tonight. I have not had a lot of time lately to work on this.

IIRC Routing and Remote Access role/feature is not included in the free Hyper-V download.

and Add-VPNConnection requires a GUI shell. and that is not in the free Hyper-V.

Chris
 

manfri

Member
Nov 19, 2015
44
7
8
53
Veeam has a free tool (Veeam PN) that they've developed for your need.
Never used but the guy usually nailed it.
 

cesmith9999

Well-Known Member
Mar 26, 2013
1,202
362
83
Thanks for the pointer

however my client is a Windows client and does not have ESXi on his site. which this product requires

the download is an OVA file and the installer script is BASH

I may look to see if I can convert the OVA to VHD and see if I can get that running.

Chris
 

manfri

Member
Nov 19, 2015
44
7
8
53
the availibility on azure marketplace made me think that was hyper-v compatible....

let us know if it works
 
Last edited:

oddball

Active Member
May 18, 2018
172
57
28
39
If you're on Hyper-V core then create two vswitches, one external, one internal. Build out an OpenBSD VM as a firewall/IPSec gateway using both switches. Have all of the VM's use the internal switch and point to the OpenBSD instance as the gateway. Looks like a remote network.

We're doing this for a remote DR site, but swapping OpenBSD with Juniper's vSRX, same idea though.
 

gregsachs

Active Member
Aug 14, 2018
318
87
28
If you're on Hyper-V core then create two vswitches, one external, one internal. Build out an OpenBSD VM as a firewall/IPSec gateway using both switches. Have all of the VM's use the internal switch and point to the OpenBSD instance as the gateway. Looks like a remote network.

We're doing this for a remote DR site, but swapping OpenBSD with Juniper's vSRX, same idea though.
I had issues getting a h-v guest to work as a vpn endpoint and properly route traffic; something to do with h-v not doing what ESXi calls promiscuous mode I believe. Didn't spend a bunch of time digging into it, though.
 

Robertejes

New Member
Sep 9, 2019
2
0
1
VPN sometimes doesn't work over Server in case of some firewall rules. You can read that t technet microsoft, for example.
 

NashBrydges

Member
Apr 30, 2015
86
24
8
53
This sounds like an ideal scenario for ZeroTier. Installing the .msi client on Hyper-V would be super simple. Install the ZeroTier client on both ends of the connection and you'll immediately have a super simple SSL VPN connection between the 2 devices. It will assign a new IP to each device and you can directly access each server via its new ZeroTier IP address. Oh...and it's free.