How do I assign a static IP address to a Win 2008 VPN server?

Question

I am setting up a VPN to a Windows Server 2008 box at my hosting provider. I actually do have it working already and am using a static IP range to assign addresses to my VPN clients in the range of 192.168.42.101-150. As I said, it works fine, but the server seems to be ALSO drawing it's IP address from this range...

For example, as the first person to connect, I find that the server ends up with an ip of .101 on it's internal interface and I end up with .102 on my client side....

For my specific implementation, I need to know that the server will always have the same IP, so I was hoping to assign a static address to that internal interface (such as 192.168.42.2). Any ideas on how this can be done?

While I'm not totally against setting up a DHCP server rather than using a static range and trying to setup a reservation for the servers "internal" interface, I'd imagine that there is a much simpler way to assign the VPN server's side of the interface to a static IP...

Any Suggestions?

Answer 1

VPN connections work by creating tunnels between client and server. These tunnels are essentially very small subnets with 4 addresses. In the above address range given, your first tunnel will use subnet 192.168.42.100/30, and the addresses are used like this:

1. 192.168.42.100 is the network address
2. 192.168.42.101 is the address of the server endpoint
3. 192.168.42.102 is the address of the client endpoint
4. 192.168.42.103 is the broadcast address of the subnet

If you connect a second client to the VPN server, the next subnet will be used (192.168.42.104/30). This is needed so that the VPN server can route traffic to the clients. So when your client speaks to 192.168.42.101, it doesn't actually speak to the server, it speaks to the VPN endpoint of its tunnel. This happens to be on the server, and therefore things generally work (particularly if the services on the server are not restricted to incoming traffic on a particular subnet or interface)

However, the server is also available to the clients via its very own base IP address (or, if DNS is configured, through its hostname). Your post doesn't mention it, but from what you are writing, we can probably safely assume that this is another address in the 192.168.42.0/24 subnet. And that address never changes, no matter how many clients connect.