top of page

Windows Sever VM as a Homelab to Internet router!!

After quite a bit of reading on this, I found that using the "Remote Access" feature of windows server is the easiest method for securely connecting your Home-Lab to the internet. I felt quite stupid that I was sitting on this feature all this while without knowing of it' powers! I implemented this on a Windows Server 2022, however this feature is supported from at least Windows server 2012. Since my windows server is hosted on ESXi hosts running on NUC10, the USB NIC fling was essential for providing a segmentation between the lab internal network and the internet.

Below is a basic schematic of the network setup:

In this architecture:

- ADDS: This is my homelab AD server. Since it is in a homelab environment, AD,CA ADFS, DHCP and DNS are all configured on this VM. Since this is the DNS server for the lab internal network, DNS forwarding was configured on this VM, to forward the WAN DNS resolutions.

-AWSGW: This VM is the Windows server VM on which the "Remote access" feature is enabled, which allows for NATing and routing.

The AWSGW VM network mapping is done as shown below:

Here, the EXTNW Port Group is on vSwitch1, which is connected to my home ISP router. The "VM Network" Port Group is connected to my homelab internal network. Both these networks are on different IP classes and subnets and physically segregated. You will require a DNS server in your internal network.

A major advantage of this setup is that, the AWSGW VM, which acts as the router to the external network has windows firewall (since it is a Windows VM); and effectively, the firewall configuration of VM becomes your internal network firewall.

Let's take a closer look at setting this up:

1- RDP into your Windows Server VM/System

2- Open network adapter configuration. Label the NIC connected to the internal network as LAN and the NIC connected to the external network as WAN. Set the WAN NIC to DHCP. On the LAN NIC, set a static IP in the internal network IP address range.

3- Open server manager

4- Click on Manage->Add roles and features

5- The "Add roles and features wizard" opens. Click on next.

6- Under Installation type, select the radio button and then click "Next"

7- In the "Select destination server" select the windows server on which you are configuring the feature and then click on next:

8- Under server roles, select "Remote access" and then click on Next:

9- Leave "Select Features" as default and click on next

10- On "Remote access" click on next

11- Under "Select role services" click on the radio button "Routing". At the prompt, leave defaults and click "Add features". "DirectAccess and VPN" gets automatically selected. Then click on next.

12- On Web Server Role (IIS) page click on next

13- Under "Select role services" leave defaults and click on "next"

14- Click on "Install"

15- Once installation is complete, the following window appears. Click on close:

16- Restart the server

17- After system reboots, open "Server manager" and click on Tools--> "Routing and Remote Access"

18- The "Routing and Remote access" window opens. Right click on the server's name and select "Configure and Enable Routing and Remote Access"

19 - The "Routing and Remote Access Server Setup Wizard" open. Click on "Next"

20- Under "Configuration" select the radio button "Network address translation"

21- In "NAT Internet Connection" select the interface connected to the internet, in my example, the NIC mapped from the Port Group which is connected to the internet i.e the WAN NIC. Click on Finish.

22- If you have DHCP server in the network, set the default gateway IP address of the DHCP sever to the IP address of the "LAN" NIC of this remote access VM (here AWSGW VM).

23- Now, RDP into your DNS server VM, in my case this is the ADDS vm.

24- Open "Server Manager" -> from the left hand pane, click on "DNS"

25- Under "servers" in the right hand pane, right click on your DNS server hostname and select "DNS Manager".

26- The DNS manager window opens. Right-click on your DNS server name and select "Properties":

27- The Properties wizard opens. Go to the forwarders tab:

28- Click on "Edit". Edit forwarders window opens. Type in the google DNS server IPs as shown below:

29- Click on "OK"

30- Open the network adapter properties of the DNS VM. Ensure your "internal" DNS server IP is set to static. The gateway IP should be set to the IP of the LAN NIC of the Remote access server (here AWSGW).

Now why would I want to connect my homelab to the internet?? Up next: Monitoring On-premise infrastructure on AWS!!

37 views0 comments
bottom of page