How to setup a VPN to Gradwell for OCS 2008 R2

Getting started

You will need to have had your account configured for OCS access and a VPN endpoint IP, Username and Password issued.

Basic configuration

The VPN is setup on the Mediation server itself, and will be used to route traffic towards our OCS Gateway.

The VPN will need to be configured to talk to our VPN host IP which you would have been issued, and the following security parameters need to be configured:

On the VPN Connection Options tab, click on ‘PPP Settings’ and remove all the check boxes.

Next, on the security tab select ‘Advanced’ and then set the settings as below, allowing optional encryption, enabling PAP (and CHAP and MS-CHAP)

Under the networking tab, select PPTP VPN and importantly on the properties of the IPv4 protocol set it to use the internal DNS server, otherwise the mediation server picks up the DNS settings from the VPN thus meaning it will not be able to resolve active directory.

Having established the VPN, setup a static route on the Mediation server so that traffic will be routed towards the VPN gateway. The following command will setup the route:

route add -P 195.74.61.0 mask 255.255.255.0 XX.XXX.XX.XXX (The X's represent the IP allocated to your VPN connection)

Your mediation server should now be connected to the VPN, next you will need to add an additional IP to the second NIC in the mediation server so that the mediation server can route to its next hop.

You must ensure that when configuring the additional IP the subnet mask is set to 255.255.255.255

Advanced configuration and troubleshooting

The final stage is to enable Windows Server 2008 to forward traffic between the NICs - this has to be performed additionally as Windows Server 2008 is more secure than 2003 by default:

netsh interface ipv4 set int "2nd NIC Name" forwarding=enabled
netsh interface ipv4 set int "vpn name" forwarding=enabled

This will allow the traffic from the 2nd NIC in the Mediation server to pass across to the VPN adapter and then towards our gateway.

The final stage will be to use the OCS Admin console and connect to the Mediation server and bring up the properties dialog box.

The gateway listening IP should be set to the second NIC IP's and configured to listen on port 5060.

Next, click on Next Hop Connection and configure the server to route calls to the OCS Gradwell host on port 5060 using TCP/IP.

Finally, save the configuration and restart the Mediation services, you should now be able to route calls in and out of your OCS server via the VPN connection to the Gradwell network.