How to set up a VPN with PPTP on Windows Server 2019 –
👨💻
an introduction
We have already published an article to setup a VPN on Windows Server 2019 using Secure Socket Tunneling Protocol (SSTP) using a third party certificate. In this article, we will discuss “How to setup a VPN with PPTP” article. Point-to-Point Tunneling Protocol using generic routing encapsulation combined with TCP/IP encapsulated transmission tunneling. PPTP tunnels over TCP / IP and transmits packets securely – this is a very old and reliable method of transmitting or accessing the private network over the Internet. We can deploy this method to connect a home or user with a laptop to access the home network or small office network efficiently and quickly.
Configuring to Pointing Tunneling Virtual Private Network on Windows Server 2019 is easy. We can use this method to deploy VPN where Secure Socket Layer type of VPN is not possible. In this VPN configuration method, we need to open port 1723 and enable a feature called Generic Routing Encapsulation (GRE) on the edge firewall or router under Security Settings. I will explain step by step and cover the whole setup process from installation and remote access role configuration to configuring the client machine to connect the network where we have installed PPTP VPN.
So, let’s get to the server and start installing the Remote Access Role and then look at configuring the VPN policy on the Network Policy server on Windows Server 2019. If you’re ready for a configuration task, we’re here, to get you started, so let’s get started.
- Add remote access server role
- Configure Remote Access with VPN Access
- Configure VPN remote access settings
- Configure a Dian-in connection on the user object
- Configure the demand policy on the network policy server
- Crete VPN network connection on a Windows 10 device
- Connect VPN server online
Add remote access server role
The first step in deploying a VPN server is to add the remote access server role on the server – the remote access server role is installed by going to the server manager dashboard. Once Server Manager windows open click Add Roles and Features The Add Roles and Features wizard will start and we can go through this wizard to complete the installation of the remote access role.
The wizard will start with instructions on using this tool to add roles and features. If you do not want to see this page, you can click the checkbox next to “Skip this page by default”, and you will no longer be prompted for this page.
In this wizard we will be using role-based installation to add this role, so select the role or feature-based installation to start with and click Next to continue.
Check and select the local server in the server pool and click Next.
On the Server Role Selection page, select the Remote Access check box, and click Next.
On the next page, leave the features as they are and click Next.
If you need more details, you can see the details about remote access on this page, and once you’re ready to move on, click Next.
This step is important, select Direct Access and VPN (RAS) alone, you will be prompted for relevant features in the popup and click Add Features, which will return to select Role Services page.
We have chosen role services and their feature, we are right to go ahead to continue click next.
The next page is an information page, it shows that adding this role service also installs the web server (IIS) role, click next to continue.
The Web Server (IIS) role will install these role services, leave the default selection, and click Next.
On the confirmation page, verify that the above roles and role services are correct and click Install to start installing the remote access role. Sit back and relax for a few minutes until the installation is complete.
The installation of the remote access role has begun. Let’s wait for the installation to complete, and then start the configuration.
You will notice a message that the installation succeeded and there is a link to open the start wizard To start configuring the remote access role, click on the link.
Clicking the link will start the Remote Access Configuration Wizard, and in the wizard, click on the Deploy VPN only tab as shown in the screen below.
Configure Remote Access with VPN Access
At the remote access configuration prompt, select Deploy VPN Only to define multiple remote access configuration methods.
The Routing and Remote Access management console will open and right-click on the server node and click on Configure and Enable Routing and Remote Access.
The Routing and Remote Access Server Setup Wizard will start with a welcome screen, click Next to start the wizard.
Select the radio button next to Custom Configuration and click Next.
On the Custom Configuration page, check the checkbox next to VPN Access and click Next.
Configure VPN access specified in the wizard, this is the end of the wizard and click Finish.
Click OK to the warning message that the remote access configuration cannot open the requested port. We will manually open the port on Windows Firewall.
Since we have configured Routing and Remote Access services with VPN access and the wizard will end up prompting to start the service.
Once the Routing and Remote Access service is started, you will see a green arrow on the server node indicating that the service is started and running.
Configure VPN remote access settings
There are specific settings that we need to update to set the VPN to run securely and get IP4 IPs to the client system.
Right click on the server node and click on properties as shown in the screen below.
In Remote Access, go to Server properties to the IPV4 tab and select the Static address pool option button under Set IPv4 and click Add to add the IP address pool. Choose an IP address pool and type the start and end IP address for the pool. The IPV4 address pool is static, and if you are running a DHCP server on the server, you can leave the IP address to be assigned from the DHCP server. Since we are not running the DHCP service, we are creating a static address pool in this example.
Choose an IP address pool and type the start and end IP address into the Add dialog. We chose the range from 172.16.1.1 to 172.16.1.10 to assign IP addresses to VPN clients.
Click OK once you have typed the IP address correctly.
How to set up a VPN with PPTP
Configure VPN Policy on Network Policy Server
Open Server Manager window and in Tools menu select Network Policy Server to start configuring VPN policy
Expand Network Policy Server and select New to create a new VPN access policy.
In the new Network Policy window, type VPN Access as the policy name and in the Network Access Server Writer drop-down list, select Remote Access Server (VPN-Dial Up) and click Next.
On the Specify Condition page, select the Windows group and click Add.
You have already created an Active Directory group called “vpngroup” for this purpose, we will add this group. Please note that we are adding all users who need VPN access to this group.
How to set up a VPN with PPTP
Once you confirm the added combination, click Next to continue.
Since we are granting access to the users of this AD group, we select Grant Access and click Next.
In Access Configuration Methods, select Add Microsoft Secure Password (EAP-MSCHAP v2 as Extensible Authentication Protocol) in the Authentication Methods list.
Also, uncheck the boxes next to Least secure authentication methods.
How to set up a VPN with PPTP
Once you select the authentication method, click Next.
On the Configure Restrictions page, leave the default settings and click Next.
Also, leave the Configure Defaults page and click Next.
Click Finish to end the wizard.
Create a Windows Firewall rule to open the PPTP VPN port
Go to Control Panel > System and Security > Windows Defender Firewall and click on Advanced settings.
Select the incoming rule from the left navigation bar and a new rule in the action list
Select Port as the base type and click Next
How to set up a VPN with PPTP
The PPTP port number is 1723, select the rule “Apply to TCP” and the specified local ports are 1723, then click Next.
Select Allow connections and click Next.
Select all network locations and click Next.
Type a name for the rule and click Finish
Create a VPN connection
So, we have completed all the server configurations, now it is time to create a VPN connection on your Windows 10 client computer.
Right-click on the network icon on the taskbar and select Open Network Sharing and Connection. In Settings, click on Network and Sharing Center which will open Network and Sharing Center where we need to select Set up a new connection or network as shown in the steps in the screenshot below.
How to set up a VPN with PPTP
Select the steps as in the steps below.
- Open Network and Internet Sharing
- Network Sharing Center
- Create a new network or connection
There is a start wizard, and in the connection options, select “Connect to a workplace” and click “Next”.
In the destination name type, the name indicates the purpose of the connection. I left the default name in this example.
Leave “Remember my credentials” checked and click Create.
- Type the VPN server’s Internet hostname or IP address.
- Give a name to the VPN connection.
- Click Create to create a connection to the workplace.
To change the VPN type, right-click on the newly created network connection and select Properties.
On the Security tab, select Point to Point Tunneling Protocol (PPTP) and click OK.
How to set up a VPN with PPTP
Click the network icon on the taskbar and the newly created VPN connection will appear in the list of connections, click that, and there will be a credential box open.
At the login prompt, type AD user and password and click OK.
A connected VPN connection will appear. Now we can access the internal devices on the office network using their IP address.
conclusion
In this article, we have gone through step-by-step instructions on how to 1. Install and configure a VPN role for remote access 2. VPN policy server network policy 3. Create a Windows Firewall rule 4. Make a VPN connection on a Windows client system connected to a remote Office network using PPTP . Also, we have one more step on the router or firewall device that is connected to the internet, we need to add a port forwarding rule to route the VPN server connecting port 1723. In the security settings on the firewall we need to enable global routing encapsulation to connect VPN from remote windows client to the VPN server we just configured.
You may have some questions or comments to share with me, please click the comments below and share your thoughts. I am very happy to answer your questions.
[ad_1]
Don’t forget to share this post with friends !
