A virtual private network (VPN) extends a private network across a public network so that you will be able to access your data remotely through the public network securely. You can also use a VPN to secure your internet activity by using the VPN server as a proxy server.
This article will show you how you can set up a VPN on a windows server machine step-by-step. Follow these easy instructions to set up your own VPN server.
This article will cover the setup of a VPN server which is commonly used for small environments. We recommend using Direct Access for enterprise purposes.
You will need a Windows Server machine to use this article. We will be using a Windows Server 2016 as an example.
Step 1 Routing and Remote Access
First, start with installing and setting up Routing and Remote Access. We will add the required features with the help of Server Manager. Open server manager and navigate to Manage>Add Roles and Features.
We want to add Remote access so proceed with checking ”Remote Access” in the Server Roles tab.
We will need the VPN role as well as Routing. We will be able to configure an internal NAT to assign internal IP addresses. Check ”DirectAccess and VPN(RAS)” and “Routing” in the Role services tab.
Check and proceed to the installation by confirming on the next screen.
We can now start with the setup of Routing and Remote access. Go to Tools> Routing and Remote Access. And Right-click on your server name. This will open a menu where you can select ”Configure and Enabling Routing…..”
We will continue with Deploy VPN only this time to make this guide easy. Select “Deploy VPN only” in the new window
It’s important to select “Custom Configuration” in the next screen
We have now the option to select the services which we need. Select “VPN access” and ”NAT” and proceed.
Start the service and finish the setup. This can take a couple of minutes as the services are starting.
Step 2: Windows Firewall
It is possible that you will need to manually configure the Firewall. Please proceed if that’s the case
Open Windows Firewall with Advanced Security and go to Inbound rules > New Rule and select Predefined: Routing and Remote Access
Check the boxing according to the connection type you will use. We will check all three of the connection types in this case as we will have multiple clients which will need each of them. But you can limit it depending on your use to make it more secure.
Select ”Allow Connection” and Finish to complete the setup of the firewall.
Step 3: Configuring the IP range
We will now configure the IP range which the server will assign to the incoming VPN clients.
Open the Routing and Remote Access in Server Manager> Tools >Routing and Remote Access and right-click on your server name and go to Properties.
Go the IPv4 tab and select ”Static address pool” as the type of IPv4 address assignment.
Add the range according to your needs. Each client will need his own IPv4 address. We will add a local range with 249 addresses. And click OK and OK to close the configuration
Step 4: Enable NAT
Configure the NAT to give your VPN clients internet access from the VPN. This is important if you want your users to be able to connect to the web. Right-click on NAT and add New Interface
Select your main external interface. This is the interface that is connected to the outbound network.
Check the following boxes to enable your clients to send and receive data using this interface.
Go to the ”Service and Ports” Tab and select the following services. These services are required for a working NAT.
Beware each time you select a service a windows will pop-up. Fill in the address field ” 127.0.0.1” and continue. This is the IPv4 address for your local network.
You want to configure this was as this will enable your clients to use your VPN as the gateway.
Step 5: Configure access
You will need to grant access for your local user(s) so that VPN users can use this account to authenticate.
Open your Computer management and go to Local Users and Groups. Right-click >”your user” and go to Properties.
Go to the tab Dial-in a select “Allow Access”
Step 6: Testing
You can check if the configuration works within the server and by testing it.
Open the Remote access Management console dashboard to see if all operation is up and running. You should see green icons next to the operations. Server Manager Tools &Remote access Management> Dashboard
Connect to the VPN with your local machine. In this case, we will connect using a Windows 10 machine.
Go to Settings>Network &Internet> VPN > Add a VPN connection And fill in the form
Save it then select the connection and click connect and done. You can continue by adding a VPN connection to your client-side machine.
After following all these steps, your Windows Server should now be set up for VPN connections. As mentioned in the introduction, a VPN is appropriate for smaller network deployments. Now you should have everything you need for your VPN use!