How to set up a VPN with Windows server

Estimated reading time: 3 min

Introduction: Step-by-step guide VPN setup on Windows server

A virtual private network (VPN) extends a private network across a public network so that you will be able to access your data remotely through the public network securely. You can also use a VPN to secure your internet activity by using the VPN server as a proxy server.

This article will show you how you can set up a VPN on a windows server machine step-by-step. Follow these easy instructions to set up your own VPN server.

This article will cover the setup of a VPN server which is commonly used for small environments. We recommend using Direct Access for enterprise purposes.


You will need a windows server machine to use this article. We will be using a windows server 2016 as an example.

Step 1 Routing and Remote Access

First, start with installing and setting up Routing and Remote Access. We will add the required features with the help of Server Manager. Open server manager and navigate to Manage>Add Roles and Features.

Server ManagerWe want to add Remote access so proceed with checking ''Remote Acces'' in the Server Roles tab.

Server RolesWe will need the VPN role as well as Routing. We will be able to configure an internal NAT to assign internal IP addresses.  Check ''DirectAccess and VPN(RAS)" and "Routing" in the Role services tab.

Server Roles
Check and proceed to the installation by confirming in the next screen.Confirmation
We can now start with the setup of Routing and Remote access. Go to Tools> Routing and Remote Access. And Right click on your server name. This will open a menu where you can select ''Configure and Enabling Routing....."

Routing and Remote AccessWe will continue with Deploy VPN only this time to make this guide easy. Select "Deploy VPN only'' in the new window

Deploy VPN onlyIt's important to select "Custom Configuration" in the next screen

Custom Configuration
We have now the option to select the services which we need. Select "VPN access'' and ''NAT'' and proceed.

VPN access & NAT
Start the service and finish the setup. This can take a couple minutes as the services are starting.

Start the service

Step 2: Windows Firewall

It is possible that you will need to manually configure the Firewall. Please proceed if that's the case.
Open Windows Firewall with Advanced Security  and go to  Inbound rules >  New Rule and select Predefined: Routing and Remote Access

Check the boxing according to the connection type you will use. We will check all three of the connection types in this case as we will have multiple clients which will need each of them. But you can limit it depending on your use to make it more secure.

Firewall RulesSelect ''Allow Connection'' and Finish to complete the setup of the firewall.

Firewall Allow

Step 3: Configuring the IP range

We will now configure the IP range which the server will assign to the incoming VPN clients.

Open the Routing and Remote Access in Server Manager> Tools >Routing and Remote Access and right click on your server name and go to Properties.

Routing and Remote AccessGo the IPv4 tab and select ''Static address pool'' as the type of IPv4 address assignment.

Routing and Remote Access PropertiesAdd the range according to your needs. Each client will need his own IPv4 address. We will add a local range with 249 addresses.  And click OK and OK to close the configuration

IPv4 address range

Step 4: Enable NAT

Configure the NAT to give your VPN clients internet access from the VPN. This is important if you want your users to be able to connect to the web. Right click on NAT and add New Interface<

New InterfaceSelect your main external Interface. This is the interface that is connected to the outbound network.

InterfaceCheck the following boxes to enable your clients to send and receive data using this interface.

Enable NAT
Go to the ''Service and Ports'' Tab and select the following services. These services are required for a working NAT.

Services and Ports
Beware each time you select a service a windows will pop-up. Fill in the address field '''' and continue. This is the IPv4 address for your local network.
You want to configure this was as this will enable your clients to use your VPN as the gateway.


Step 5: Configure access

You will need to grant access for your local user(s) so that VPN users can use this account to authenticate.

Open your Computer management and go to Local Users and Groups. Right-click >''your user'' and go to Properties.

Computer ManagementGo to the tab Dial-in a select "Allow Access"

Allow Access

Step 6: Testing

You can check if the configuration works within the server and by testing it.
Open the Remote access Management console dashboard to see if all operation is up and running. You should see green icons next to the operations. Server Manager Tools &Remote access Management> Dashboard
Management Console
Connect to the VPN with your local machine. In this case, we will connect using a windows 10 machine.
Go to Settings>Network &Internet> VPN > Add a VPN connection And fill in the form

Save it then select the connection and click connectAnd done. You can continue by adding a VPN connection to your client-side machine.

Was this article helpful?
Dislike 0
Views: 614

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *