How to install a VPN on Windows Server 2016
This post shows you how you can install VPN server on Windows Server 2016 step by step. It shows you how you can easily set up a VPN server for a small environment or for a hosted server scenario. This blog post covers how you can use a Windows Server VPN.
This is definitely not a guide to enterprise publication, if you are considering an enterprise publication then you should definitely take a look at Direct Access.
I’ve already done similar blog posts for Windows Server 2008 R2, Windows Server 2012 and Windows Server 2012 R2.
You can simply follow this guide step by step:
Install Windows Server VPN Role
First install “remote accessVia Server Manager or Windows PowerShell.
Locate “Direct Access and VPN (RAS)” Role Services and click Next.
In the following steps only use the default settings. After that you can look at the overview screen and install the role.
After you install the features, which may take some time to finish, you see the Startup Wizard link. Click “Open the Getting Started Wizard“.
Configure Windows Server VPN
This opens a new wizard that will help you configure the server. On the first screen, select “Post VPN only“.
This opens the Routing and Remote Access management console
Right click on the server name and click on “Configure and enable Routing and Remote Access“.
In the new wizard, select “custom configuration“.
Choose “VPN access“.
After clicking Finish, you can now start the Routing and Remote Access service.
If you have another firewall between the Internet and your Windows server, you must open the following firewall port, and forward it to your Windows server:
For PPTP: 1723 TCP and Protocol 47 GRE (also known as PPTP Pass-through)
For L2TP over IPSEC: 1701 TCP and 500 UDP
For SSTP: 443 TCP
After installation, users must be enabled for remote access to connect to your VPN server. On a stand-alone server this can be done in Computer Management MMC, in a domain environment this can be done in the user properties of an Active Directory user.
If you do not have a DHCP server in your environment, you must add a static IP address group. This is often required if you have only one server hosted with your service provider. In the properties of your VPN server, you can click on the IPv4 tab and enable and configure the Static Address Pool.
Now you must add an IP address from the same subnet as the set of static addresses to the network interface of your server, so that users can access the server.
I hope this helps you to setup a VPN server in a small, lab or hosted server environment.
Tags: direct access, GRE, installation, L2TP, Microsoft, PPTP, RAS, remote access, routing, setup, SSTP, VPN, VPN server, Windows, Windows Server, Windows Server 2016, Windows Server VPN Last modified: April 25, 2019
About the author / Thomas Maurer
Thomas works as a senior advocate for the cloud at Microsoft. He interacts with the community and customers around the world to share his knowledge and gather feedback to improve the Azure cloud platform. Prior to joining the Azure engineering team, Thomas was a Principal Architect and Microsoft MVP, helping to design, implement, and enhance Microsoft’s cloud technology. If you want to know more about Thomas, check out his blog: www.thomasmaurer.ch and Twitter: www.twitter.com/thomasmaurer
December 21, 2021 • Microsoft Azure
I know many of you want to know more about Azure Arc and how you can take advantage of the Azure Hybrid management and control level and…
Read more →