How to set up a VPN with Windows server

Estimated reading time: 3 min

Introduction: Step-by-step guide VPN setup on Windows server

A virtual private network (VPN) extends a private network across a public network so that you will be able to access your data remotely through the public network securely. You can also use a VPN to secure your internet activity by using the VPN server as a proxy server.

This article will show you how you can set up a VPN on a windows server machine step-by-step. Follow these easy instructions to set up your own VPN server.

This article will cover the setup of a VPN server which is commonly used for small environments. We recommend using Direct Access for enterprise purposes.


You will need a windows server machine to use this article. We will be using a windows server 2016 as an example.

Step 1 Routing and Remote Access

First, start with installing and setting up Routing and Remote Access. We will add the required features with the help of Server Manager. Open server manager and navigate to Manage>Add Roles and Features.

Server Manager

We want to add Remote access so proceed with checking ”Remote Access” in the Server Roles tab.

Server Roles

We will need the VPN role as well as Routing. We will be able to configure an internal NAT to assign internal IP addresses.  Check ”DirectAccess and VPN(RAS)” and “Routing” in the Role services tab.

Server Roles
Check and proceed to the installation by confirming in the next screen.Confirmation
We can now start with the setup of Routing and Remote access. Go to Tools> Routing and Remote Access. And Right click on your server name. This will open a menu where you can select ”Configure and Enabling Routing…..”

Routing and Remote Access

We will continue with Deploy VPN only this time to make this guide easy. Select “Deploy VPN only” in the new window

Deploy VPN only

It’s important to select “Custom Configuration” in the next screen

Custom Configuration
We have now the option to select the services which we need. Select “VPN access” and ”NAT” and proceed. VPN access & NAT
Start the service and finish the setup. This can take a couple minutes as the services are starting.

Start the service

Step 2: Windows Firewall

It is possible that you will need to manually configure the Firewall. Please proceed if that’s the case.
Open Windows Firewall with Advanced Security  and go to  Inbound rules >  New Rule and select Predefined: Routing and Remote Access

Check the boxing according to the connection type you will use. We will check all three of the connection types in this case as we will have multiple clients which will need each of them. But you can limit it depending on your use to make it more secure.

Firewall Rules

Select ”Allow Connection” and Finish to complete the setup of the firewall.

Firewall Allow

Step 3: Configuring the IP range

We will now configure the IP range which the server will assign to the incoming VPN clients.

Open the Routing and Remote Access in Server Manager> Tools >Routing and Remote Access and right click on your server name and go to Properties.

Routing and Remote Access

Go the IPv4 tab and select ”Static address pool” as the type of IPv4 address assignment.

Routing and Remote Access Properties

Add the range according to your needs. Each client will need his own IPv4 address. We will add a local range with 249 addresses.  And click OK and OK to close the configuration

IPv4 address range

Step 4: Enable NAT

Configure the NAT to give your VPN clients internet access from the VPN. This is important if you want your users to be able to connect to the web. Right click on NAT and add New Interface

New Interface

Select your main external interface. This is the interface that is connected to the outbound network.


Check the following boxes to enable your clients to send and receive data using this interface.

Enable NAT

Go to the ”Service and Ports” Tab and select the following services. These services are required for a working NAT.

Services and Ports
Beware each time you select a service a windows will pop-up. Fill in the address field ”” and continue. This is the IPv4 address for your local network.
You want to configure this was as this will enable your clients to use your VPN as the gateway.


Step 5: Configure access

You will need to grant access for your local user(s) so that VPN users can use this account to authenticate.

Open your Computer management and go to Local Users and Groups. Right-click >”your user” and go to Properties.

Computer Management

Go to the tab Dial-in a select “Allow Access”

Allow Access

Step 6: Testing

You can check if the configuration works within the server and by testing it.
Open the Remote access Management console dashboard to see if all operation is up and running. You should see green icons next to the operations. Server Manager Tools &Remote access Management> Dashboard
Management Console
Connect to the VPN with your local machine. In this case, we will connect using a windows 10 machine.
Go to Settings>Network &Internet> VPN > Add a VPN connection And fill in the form Add VPN
Save it then select the connection and click connect and done. You can continue by adding a VPN connection to your client-side machine.


After following all these steps, your Windows Server should now be set up for VPN connections. As mentioned in the introduction, a VPN is appropriate for smaller network deployments. Now you should have everything you need for your VPN use!

Was this article helpful?
Dislike 0
Views: 3300

Reader Interactions


  1. Under Configure and Enable Routing and Remote Access, is there any specific reason why you selected "[x] Custom configuration" (and then checked "[x] VPN access" and "[x] NAT"), rather than "[x] Virtual private network (VPN) access and NAT" in the first place?


Leave a Reply

Your email address will not be published. Required fields are marked *