I seem to spin up a lot of Virtual Labs. To make sure my lab doesn’t interfere with the rest of my network, and to simulate a larger enterprise environment you should use a virtual router.
I normally use pfSense as my virtual router of choice, but decided recently to create a router on Windows Server 2016 Core.
This isn’t the first time I’ve installed or used Windows Server Core - in a previous lab I have used it for a DC but I haven’t had much experience with it. This is the first time I’ve used Windows Server for a router let alone on Core.
- You’ve configured your Virtual Switches with one connected to your host’s network and at least one private\internal network
- You’ve created the virtual machine with the associated NICs attached
- You’ve installed Windows Server 2016 Core selecting the none GUI option
Setting up the server
On first boot you’ll be presented with a prompt asking to configure the Administrator password.
We’ll be doing most of the work in Powershell so we need to launch it.
First lets name the computer (ignore the prompt about rebooting, we’ll do this after configuring the machine).
> Rename-Computer -NewName GW
We now want to rename the network adaptors, but to do this, we first need to find out the current names. Use the output from this to double check the MAC addresses with the NICs inside your virtualization software.
We then want to rename the adaptors using Rename-NetAdaptor. Using the -Name switch to pass the current names that we found in the previous step. Then use Get-NetIPConfiguration again to confirm.
> Rename-NetAdapter -Name Ethernet -NewName External > Rename-NetAdapter -Name "Ethernet 2" -NewName Internal > Get-NetIPConfiguration
Next we’ll configure and validate the internal network adaptors IP details, DNS Addresses, and disable IPv6 for both adaptors. I’m setting my DNS addresses to 22.214.171.124 as this will be my DC, and 192.168.1.254 as this is my external router.
> New-NetIPAddress -InterfaceAlias Internal -IPAddress 126.96.36.199 -PrefixLength 24 > Set-DnsClientServerAddress -InterfaceAlias Internal -ServerAddresses 188.8.131.52, 192.168.1.1 > Disable-NetAdaptorBinding -Name Internal, External -ComponentID ms_tcpip6 > Get-NetAdaptorBinding -Name Internal, External -ComponentID ms_tcpip6 > Get-NetIPConfiguration > Test-NetConnection
The last step is to reboot the computer.
Installing and configuring the Gateway
- After boot, login, and launch Powershell.
First, we need to enable a firewall rule used by routing.
> Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)"
Next, we need to install the Routing Windows Feature, plus the management tools and then reboot the computer.
> Install-WindowsFeature Routing -IncludeAllSubFeature -IncludeManagementTools > Restart-Computer
Once rebooted, re-login and launch Powershell to install the router.
> Install-RemoteAccess -VpnType Vpn
We now need to enter a NETSH session.
The final step is to add some routing rules, were going to add the two interfaces, and configure the external mode.
> routing ip nat add interface External > routing ip nat set interface External mode=full > routing ip nat add interface Internal
We can validate the config by creating a second VM with or without a GUI. Configuring the IP address inside the 184.108.40.206/24 range with a default gateway of the GW we’ve just configured (220.127.116.11), and the DNS address of your external router. We then use the the Test-NetConnection Powershell command to confirm external access.
Thats it, you should have now configured a Virtual Router on Windows Server 2016 Core. Let me know how it goes!