How to Install and Configure a VPN on Windows Server 2016, 2019, 2022: Allow Remote VPN Access for Domain or Local Users
Remote access is used to access your network remotely. This provides an encrypted and secure connection over an unsecured network such as the Internet. A remote access connection consists of a server(s) and clients that remotely access the contents of the server (network). So, what is a Virtual Private Network (VPN)? A VPN is a way to connect to a private network like your corporate network. A VPN combines the advantages of a dial-up connection to a dial-up server with the ease and flexibility of an Internet connection. These implementation steps apply to Windows Server 2016, 2019 and 2022. Here are some related content: Windows 10 Always On VPN (AOVPN), Quick Steps in Setting Up AWS VPC, How to Activate (License) Cisco ASA 5505, How to Create Certificate Form to Revoke Securing a BitLocker Network, How to Configure AnyConnect SSL VPN Client Connections.
This guide will explain how to install, configure, and use a Windows Server VPN. In this guide, we will use “Only VPN” to provide remote access to your customers. In the following guide, I will show you how to use the rich direct access-based remote access experience by enabling direct access on this server. The two tunnel protocols built into Windows are: Point-to-Point Tunneling Protocol (PPTP): Provides data encryption using Microsoft Point-to-Point encryption. Layer Two Tunneling Protocol (L2TP): Provides data encryption, authentication, and integration using IPSec.
Step A: this step my choice It depends on whether you are going to use L2TP in your environment. In this case, you will have to install a certificate To a VPN server and a VPN client or on a VPN server only. You may want to learn how to install and configure Active Directory Certificate Services. Please see the following interesting related how-to articles on how to import a certificate into the profile certificate store and trusted root, how to request a certificate signing request in Windows using Microsoft Management Console, and how to export a certificate in PFX format in Windows. You may also be interested in this guide: How to install and configure Active Directory Certificate Services.
step b: Launch Server Manager from Start Menu as shown below
In this window, click “Add Roles and Features”.
Click Next as this window will only give you information. You may also want to skip this step in the future by selecting the n skip button.
Select role-based installation or feature-based installation.
– Please see some role-based installations and features that you configured earlier. How to set up a domain controller, how to add a second domain controller to your environment, how to setup and install a WDS role, how to install a DHCP role on Windows Server, etc.
Click Next in the server selection window. We only have one server in the pool, and there’s not much work to do here 🙂
Select the remote access role and click Next.
Click next button again
In the step, select Direct Access and VPN (RAS), click Add features and click Next to process.
In the last step, select Install to install the remote access role.
You can now close this window. No restart is required for this installation.
Part C – Configuring Deployment: After installing the features, you see the link, click “Open the start wizard”.
Select Deploy VPN Only as shown below.
This will open the Routing and Remote Access Manager C.Shoe. Right-click on the server name and click “Configure and enable Routing and Remote Access”.
In this window, click Next
Choose custom configuration and click Next
Choose “VPN accessAs shown below, then click “Next” to continue
Click Finish. Click Start the required service. This will ensure that the Routing and Remote Access service is started.
Right-click on your server name and click Properties.
This will open Windows properties as shown below. On the General tab I’m fine with the settings.
Click on the Security tab and make sure only EAP and MS-CHAP v2 are selected
On the IPv4 tab, select Static address pool. If you have a DHCP server, select “Dynamic Host Configuration Protocol (DHCP).
– I will statically define the scope of the assembly as shown below. Later you will see that an IP address from this pool will be assigned to my VPN client.
Select the Register tab and check the Register additional Routing and Remote Access information box.
Part D: To allow remote VPN access for a domain user: The process for configuring user ownership settings to allow remote VPN access is slightly different when the account is a domain user account, as opposed to a local user account. Local user properties settings are set through the Computer Management utility in Windows while domain user properties settings are modified by Active Directory Users and computer utilities in the Windows server software. In order to grant a domain user remote VPN access, you must have access to the network domain controller computer.
– Active Directory Users and Computers’ window to open the Active Directory Users and Computers window. – Double-click on the domain user account you wish to grant remote VPN access. The properties box for the selected domain user will open. – Go on the Request tab. In the Access Permissions section Remote (Dial or VPN) Click the Allow access radio button Click Apply to save the new settings Click OK to close the properties box If you want to Create local accounts To access your VPN, please follow the steps discussed here. Alternatively, you can run this through the server manager as well. Click Start, type Run and type compmgmt.msc to access Computer Management. Right-click on Users and click New User. Give the user a name and password. You can continue to part and Part E is optional and start the test by connecting to the VPN server.
Part E – Create Firewall Rules (Optional Step): Since I will be showing the L2PT setup, let me create the following rules. Open Windows Firewall with advanced security software via the Windows Administrative Tool or via Server Manager as shown below.
Right-click the incoming rules and click New Rule. You can also create a new rule under Actions as shown below.
Select the port and click Next under Base type
Since I will be showing the L2PT setup, let me create the following rules (I don’t need to create them). Select UDP and type port 500,1701 and 4500 and then click Next.
Click Allow connection, then click Next
Apply the rule to all profiles and click Next
Enter the desired rule name and description if desired and click Finish.
As you can see, we have a firewall base ready for our L2TP VPN server.
Part F – Creating a VPN Client Connection (Profile): Whether it is for work or personal use, you can connect to a Virtual Private Network (VPN) on your Windows 10 PC. A VPN connection can help provide a more secure connection and access to your corporate network and the Internet. I recommend setting up a joint connection.
Set up (create) a new VPN connection: Before you can connect to a VPN, you must have a VPN profile on your computer. You can either create a VPN profile yourself or set up a business account to get a VPN profile from your company.
Select Connect to the workplace as shown below.
Select Use my internet connection (VPN)
You will be asked to enter the domain name, IP address, etc. Click remember My credentials and
– Allow others to use this connection.
When finished, tap Creates.
As you can see, our contact profile is now available. You can now connect to the VPN. This basically means, when you have a VPN profile, you are ready to connect to your organization’s network.
– If the connect button appears under VPN connection, select Connection or
Login method: for Login information typeWe use a username and password.
Noticeable: Depending on your setup (authentication method), you can use a file One-time password, certificate or smart card.
As you can see, I am now connected to my VPN server.
Let’s check out some basic settings. You can see that we now have an additional network interface for our VPN connection as shown below.
You will also notice that my client is assigned an IP address from the IP address range you specified “192.168.xxx.101.
Other ways to find out if you are connected to a VPN. select file network at the far right of the taskbar, then check if the VPN connection says so Connected As shown below.
As you can see from the image below, we are connected to the server via the domain user account for which you have enabled remote access.
I hope you find this blog useful. If you have any questions, please let me know in the comments session.