RDort

Home Of RDort

Windows Server 2012 R2 based Virtual Router using PowerShell

Every now and then you need to give a set of lab VMs access to Internet but still keep them on a separate, isolated network.

In this scenario, instead of relying on the physical host platform (Hyper-V / VMware), you use a virtual machine with multiple network adapters to do the routing. One benefit of doing that is that this works the same no matter what virtual platform you are using, and obviously that you don’t need to change the host network configuration (something that can be challenging/scary when remoting into a lab server in another city, like I do :) ).


PowerShell cmdlets for Routing and Remote Access (RRAS) in Windows Server 2012 and Windows Server 2012 R2

Installing a router manually may be fun, but doing it using PowerShell is much more fun (and smarter too). Anyway, I though it was about time to write a post on how to setup a virtual router using PowerShell. The prerequisites for this guide is that you have a Windows Server 2012 R2 VM installed with at least two network cars. One connected to the External network (Internet), and one to the internal network where you have your VMs. On both networks there are DHCP servers, but you will obviously set a static IP address on the internal NIC. You don’t want that address to change :)

Note: In this guide I’m using Hyper-V is the virtual platform, but this works equally great on VMware as well. Again, I’m not using any gateway features on the host, only in the VM acting as a router.

The VM used for virtual router is named GW01, Windows Server 2012 R2 is installed and is configured in a workgroup, even though it’s perfectly fine to join it to a domain. The reason for using a workgroup machine is that I just wanted a generic router, without any dependencies.




The GW01 virtual machine, running Windows Server 2012 R2, and having two network cards configured.

The configuration

Setting up Routing and Remote Access is done in three steps:

  1. Configuring the internal NIC
  2. Install the Routing and Remote Access role
  3. Configure the Routing and Remote Access role

Step1 - Configure the internal network adapter

On my GW01 server I have named the network interfaces External and Internal, listed by running:

1
Get-NetAdapter | Select Name,MacAddress



Listing the network adapters.

To set a static IP address on the internal network adapter you run the following commands:

1
Get-NetAdapter -Name Internal | New-NetIPAddress -IPAddress 192.168.1.1 -AddressFamily IPv4 -PrefixLength 24

 

Step 2 - Install the Routing and Remote Access role

Once the network adapter is configured it’s time to add the Install the Routing and Remote Access role, as well as its PowerShell cmdlets, by running the following command:

1
Install-WindowsFeature Routing -IncludeManagementTools

 

Step 3 - Install the Routing and Remote Access role

Once the Routing and Remote Access role and its PowerShell cmdlets are added, you can now configure it. In this scenario you set up a simple NAT gateway.

To configure the NAT gateway, run the following commands:

1
2
3
4
5
6
7
8
9
Install-RemoteAccess -VpnType Vpn
 
$ExternalInterface="External"
$InternalInterface="Internal"
 
cmd.exe /c "netsh routing ip nat install"
cmd.exe /c "netsh routing ip nat add interface $ExternalInterface"
cmd.exe /c "netsh routing ip nat set interface $ExternalInterface mode=full"
cmd.exe /c "netsh routing ip nat add interface $InternalInterface"

If you want to verify the setup you can open the Routing and Remote Access management tool.


Done!