The following guide will show you how to setup a secure VPN connection using encryption. You will need only Windows Server 2008 R2, with the Network Policy and Access role, including Routing and Remote Access and Network Policy Server. You will also need to allow the VPN port 1723 through your firewall as a NAT rule, pointing this to the Routing and Remote Access server.
Routing and Remote Access server configuration:
Click on the Security tab.
Click Configure, add in the RADIUS server IP address.
On the RADIUS server, add in a RADIUS client which points to the Routing and Remote Access server.
Then create a network policy with the following settings.
On the client that is connecting, change the following:
De-select “Use default gateway on remote network”.