I'd like to use RRAS on Win2k8 R2 to set up VPN with NAT. I already did the VPN part last evening and it works: I can connect from home and access a shared folder on the server and receive a VPN IP assignment from within the IP range I configured. The NAT part, however, has a hitch. I am wondering if I need a second instance of the Xen Net Driver to simulate the second NIC card usually present on a physical NAT setup?
When I configured RRAS through the wizard, I selected VPN plus NAT. VPN wizard proceeded as expected. No NAT part followed, however. So I went to RRAS snap-in module, selected my server/IPv4/General, right click, selected "new routing protocol," and I received the message "No new router interfaces are available for addition." Likewise right click on the same, selecting "New interface", results in the same message.
Network and Sharing center likewise shows the regularly functioning internet connection from NFO Network 5 to the internet. It also now shows the new RAS Interface, as Private Network, but next to it, it has "access type: No internet access" and "Connection:" is blank, rather than "Xen Network Adapter." So is something wrong here?
I tried going to the Xen Network Adapter / Adapter Settings / IPv4 / Properties / Advanced and added a second IP address in the 10.x.x.x range, but this didn't give me any more options for adding a new routing protocol, which is the step I think I'm missing to enable NAT. I've also heard it's harder and not Microsoft "recommended scenario" to multihome the public internet IP and the internal NAT service on the same NIC, though it seems it can be done but is more complicated.
So, questions:
Is the right solution to install a second instance of the Xen Net Driver to simulate a two-NIC machine? If so, how? If not, what is the right way to proceed? Or perhaps I making some other noob mistake here?
Background, if it helps:
Why both VPN and NAT? I'd like to use the VPN to coordinate file sharing between several computers (home, portable, and work office), and I'm hoping adding NAT to the VPN would allow me to tunnel to internet access through NFO when logged on from work, because our work network is a ramshackle mess, has terrible response times for new DNS lookups (10s for new addresses, often fails on first try), making browsing awful, really slow during peak usage hours, weird local caching issues, and some blocked ports which occasionally it would be nice to bypass (like to check on the gameserver) because they are trying to preserve limited bandwidth. The IT guy there knows less than I do, I think, about networking. It's often faster to browse on my phone in 3G than on the ethernet-connected desktop at work! I realize tunneling won't solve the problem of limited bandwidth during peak usage, but I'm betting with tunneling through VPN+NAT, I will get a real benefit due to the other issues.