RAS VPN server with remote DHCP

Hi everyone<o:p></o:p>

I'm a network architect, not a windows person although get my hands dirty every now and then :). I'm being asked to deploy a new VPN solution  (easy) using windows 2016 RRAS (OMG!!).   <o:p></o:p>

At first i didn't like the thought of using RRAS. Then i played a bit with it and got excited but now i feel likeI've hit some strong design limitations so the excitement is gone and i'm back at being mad at MS.<o:p></o:p>

I need to support up to 6000 VPN users.  Needless to say i don't want to have a single broadcast domain of 6000 users nor do i want to have countless RRAS servers.<o:p></o:p>

So my main question is around IP addressing. I guess i have two options. Either I use multiple static IP address pools  or I use DHCP.  I've tried the first option, it seems to work but then I don't get any DHCP options apart of what is configured on the selected adaptor.  I want to have DHCP to assign addresses to my VPN users

Here is my setup. 

The RAS server (2016) has 2 NICs, one "outside" (10.103.226.201/24) with a default gateway , one "inside" (10.103.225.201/24) with statics routes (including a route to the DHCP server 10.103.224.254/24) defined at the OS level.

Topology is like this

DHCP Server  10.103.224.254 <->  Firewall  <-> (NIC1) VPN Server (NIC2) <-> Internet <-> VPN users 

My DHCP server does NOT sit in the same subnet as the RAS server. I've created a DHCP scope 10.103.227.0/24 on my DHCP server (which is also a DC, it's just a LAB) and i also created a Loopback adapter on the RAS server using an IP address in the scope (10.103.227.254)

In the RAS config, I've selected DHCP address assignment  and also selected my loopback adapter for DHCP scope selection ( so that the address of the loopback adapter should b used in the GIA field of the DHCP request). Then under the DHCP relay, i've configured the DHCP server address 10.103.224.254 and i've added the "internal" interface (not to confuse with the loopback adapter or "inside" interface". I understand the "internal" interface is the client facing interface for VPN user. 

I'm not getting an DHCP request leaving the RAS server. Looking at the event viewer, the RAS server complains the DHCP server is unreachable but i can ping it (Again no DHCP request packets leaves the RAS server so it's a local issue, not a firewall/dhcp server issue)

What am I missing please ?



<o:p></o:p>