any idea how to add VPN client to Server 20016 Core/Hyper-v Core

Discussion in 'Windows Server, Hyper-V Virtualization' started by cesmith9999, Dec 13, 2018.

  1. cesmith9999

    cesmith9999 Well-Known Member

    Joined:
    Mar 26, 2013
    Messages:
    1,088
    Likes Received:
    332
    I am trying to get a single server off site to replicate a few VM's to as a DR plan.

    I have a Ubiquiti router running pptp and IPSEC VPN.

    what I found out the hard way is that the VPN client is not a feature that is installed on Server core and Hyper-V core.

    does anyone know of a way to have a remote backup while using the free 2016 Hyper-V core?

    Chris
     
    #1
  2. gregsachs

    gregsachs Active Member

    Joined:
    Aug 14, 2018
    Messages:
    200
    Likes Received:
    35
    I know with 100% certainty that the softether VPN server will run on server core 2016. I would suspect that the softether client would also run, but have not tried.
    SoftEther VPN Project - SoftEther VPN Project
    I do offsite backup of my data using a pi with usb disk running the softether client and the minio server.
    Duplicati is the backup software I use to backup to minio.
    So basic configuration, which has proven reliable for the last year since crashplan booted me.
    PI has a basic install of raspbian, plus teamviewer and softether client, configured to automatically connect back to my server at startup/if the connection drops. Team viewer is just there for a backup.
    the PI has static IP on the local network, so it is always reachable if the vpn is connected.
    Minio server is pointed at the usb drive mount point, and then duplicati is on each machine that I need to backup. I use this for critical data like family pics, not for global data. I do backup a couple of vms as well.
    Does that make sense?
     
    #2
  3. EffrafaxOfWug

    EffrafaxOfWug Radioactive Member

    Joined:
    Feb 12, 2015
    Messages:
    1,048
    Likes Received:
    351
    I've never tried it on 2016 or server core so I don't know whether it works there or not, but the regular IPSec connection doofer was always available as an MMC and thus usable without the GUI as long as the Remote Access role was installed. IPsec configuratoin can then be done through the usual server mangler/MMC route.

    Failing that, I think there was either VPN endpoint commands in netsh or powershell via add-vpnconnection.
     
    #3
  4. cesmith9999

    cesmith9999 Well-Known Member

    Joined:
    Mar 26, 2013
    Messages:
    1,088
    Likes Received:
    332
    this is one of the options that is on my list to look at. I would have to install the server local and the client on the HyperV Server.

    I was hoping for something simpler.

    Remote Access is not a role that you can install with on HyperV Core. Server Core yes.



    Chris
     
    #4
  5. Vit K

    Vit K New Member

    Joined:
    Feb 23, 2017
    Messages:
    22
    Likes Received:
    3
    IPSEC (tunnel mode VPN) is integrated in any windows starting xp, setting up from command line with 'netsh ipsec' or configuring remotely with Advanced Firewall MMC. Be careful though, as you can instakill connection to network of the server with wrong ipsec filter set up.
     
    #5
  6. Roelf Zomerman

    Joined:
    Jan 10, 2019
    Messages:
    32
    Likes Received:
    4
    there is actually a router built in.. as part of routing and remote access. not sure on the pptp part, but s2s will definitly work:

    for example:
    Add-VpnS2SInterface -Name Test2 -Protocol IKEv2 -Destination 172.16.3.193 -AuthenticationMethod PSKOnly -SharedSecret '12345' -Persistent -IPv4Subnet 172.16.190.0/24:100 -DHGroup Group2 -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants GCMAES256 -EncryptionMethod AES256 -PfsGroup PFS2048 -SALifeTimeSeconds 14400 -SaRenegotiationDataSizeKB 819200 -MMSALifeTimeSeconds 28800 -CustomPolicy

    EDIT: wont this work? (PShell); Add-VpnConnection -Name VPN -ServerAddress myendpoint.com-TunnelType Pptp
     
    #6
  7. cesmith9999

    cesmith9999 Well-Known Member

    Joined:
    Mar 26, 2013
    Messages:
    1,088
    Likes Received:
    332
    I will try this tonight. I have not had a lot of time lately to work on this.

    IIRC Routing and Remote Access role/feature is not included in the free Hyper-V download.

    and Add-VPNConnection requires a GUI shell. and that is not in the free Hyper-V.

    Chris
     
    #7
  8. Roelf Zomerman

    Joined:
    Jan 10, 2019
    Messages:
    32
    Likes Received:
    4
    On the free hyper-v image iT probably wont work. But paid core it probably will
     
    #8
  9. manfri

    manfri Member

    Joined:
    Nov 19, 2015
    Messages:
    41
    Likes Received:
    5
    Veeam has a free tool (Veeam PN) that they've developed for your need.
    Never used but the guy usually nailed it.
     
    #9
  10. cesmith9999

    cesmith9999 Well-Known Member

    Joined:
    Mar 26, 2013
    Messages:
    1,088
    Likes Received:
    332
    Thanks for the pointer

    however my client is a Windows client and does not have ESXi on his site. which this product requires

    the download is an OVA file and the installer script is BASH

    I may look to see if I can convert the OVA to VHD and see if I can get that running.

    Chris
     
    #10
  11. manfri

    manfri Member

    Joined:
    Nov 19, 2015
    Messages:
    41
    Likes Received:
    5
    the availibility on azure marketplace made me think that was hyper-v compatible....

    let us know if it works
     
    #11
    Last edited: Aug 16, 2019
  12. oddball

    oddball Active Member

    Joined:
    May 18, 2018
    Messages:
    144
    Likes Received:
    40
    If you're on Hyper-V core then create two vswitches, one external, one internal. Build out an OpenBSD VM as a firewall/IPSec gateway using both switches. Have all of the VM's use the internal switch and point to the OpenBSD instance as the gateway. Looks like a remote network.

    We're doing this for a remote DR site, but swapping OpenBSD with Juniper's vSRX, same idea though.
     
    #12
  13. gregsachs

    gregsachs Active Member

    Joined:
    Aug 14, 2018
    Messages:
    200
    Likes Received:
    35
    I had issues getting a h-v guest to work as a vpn endpoint and properly route traffic; something to do with h-v not doing what ESXi calls promiscuous mode I believe. Didn't spend a bunch of time digging into it, though.
     
    #13
  14. Robertejes

    Robertejes New Member

    Joined:
    Sep 9, 2019
    Messages:
    2
    Likes Received:
    0
    VPN sometimes doesn't work over Server in case of some firewall rules. You can read that t technet microsoft, for example.
     
    #14
  15. NashBrydges

    NashBrydges Member

    Joined:
    Apr 30, 2015
    Messages:
    81
    Likes Received:
    23
    This sounds like an ideal scenario for ZeroTier. Installing the .msi client on Hyper-V would be super simple. Install the ZeroTier client on both ends of the connection and you'll immediately have a super simple SSL VPN connection between the 2 devices. It will assign a new IP to each device and you can directly access each server via its new ZeroTier IP address. Oh...and it's free.
     
    #15
Similar Threads: idea client
Forum Title Date
Windows Server, Hyper-V Virtualization Hyper-v, Strange connectivity issue, any Ideas? Oct 5, 2018
Windows Server, Hyper-V Virtualization Win Server on a 50gb SSD. Good idea or bad idea ?? Mar 7, 2016
Windows Server, Hyper-V Virtualization Thin/Zero Client for RDP w/Video Streaming Jul 10, 2019
Windows Server, Hyper-V Virtualization Windows 2016 DNS issue with client Dec 6, 2018
Windows Server, Hyper-V Virtualization Cheap thin client for dual monitor (w10, 2012 r2 and 2016) Jan 9, 2018

Share This Page