How to setup PPTP VPN on Windows Server 2016
Estimated reading time: 3 minutes
A VPN extends a private network across a public network so that you can safely access your data remotely over the public network. You can also use a VPN to secure your internet activity by using the VPN server as a proxy server.
This article will show you how to set up a VPN on a Windows server machine step by step. Follow these easy instructions to set up your own VPN server.
This article discusses setting up a VPN server that is commonly used in small environments. We recommend using Direct Access for enterprise purposes.
This article is deprecated, please use this article to setup VPN on Windows Server 2016
You will need a Windows Server machine to use this article. We will use Windows Server 2016 as an example.
Step 1 Routing and remote access
First, start by installing and setting up Routing and Remote Access. We will add the required features with the help of Server Manager. Open Server Manager and go to Manage > Add Roles and Features.
We want to add remote access, so keep checking Remote Access on the Server Roles tab.
We will need the VPN role in addition to routing. We will be able to configure internal NAT to assign internal IP addresses. Check “Direct Access and VPN (RAS)” and “Routing” on the Role Services tab.
Check and continue the installation by confirming on the next screen.
We can now start setting up Routing and Remote Access. Go to Tools > Routing and Remote Access. And right-click on your server name. This will open a menu where you can select “Configure and enable routing…”
We will continue to publish VPN this time just to make this guide easier. Select “Publish VPN Only” in the new window
It is important to select “Custom Configuration” on the next screen
We now have the option to select the services we need. Select “VPN Access” and “NAT” and continue.
Start the service and complete the setup. This may take a few minutes as the services start.
Step 2: Windows Firewall
It is likely that you will need to configure the firewall manually. Please continue if this is the case
Open Windows Firewall with Advanced Security and go to Incoming Rules > New Rule and select Predefined: Routing and Remote Access
Check the box according to the type of connection you will use. We will check all three types of connection in this case as we will have many clients who will need all of them. But you can restrict it depending on your usage to make it more secure.
Select Allow Connection and Exit to complete the firewall setup.
Step 3: Configure the IP range
We will now configure the IP range that the server will assign to the upcoming VPN clients.
Open Routing and Remote Access in Server Manager > Tools > Routing and Remote Access and right click on your server name and go to properties.
Go to the IPv4 tab and select Static Address Pool as the IPv4 Address Assignment Type.
Add the range according to your needs. Each client will need its own IPv4 address. We will add a local domain containing 249 addresses. And click OK and OK to close the configuration
Step 4: Activate NAT
Configure NAT to give VPN clients access to the Internet from the VPN. This is important if you want your users to be able to connect to the web. Right click on NAT and add new interface
Select your main external interface. This is the interface connected to the outgoing network.
Check the following boxes to enable your customers to send and receive data using this interface.
Go to the “Service and Ports” tab and select the following services. These services are required for NAT to function.
Beware every time you select a service, a popup will appear. Fill in the address field “127.0.0.1” and continue. This is the IPv4 address of your local network.
You want to configure this as this will enable your customers to use your VPN as a gateway.
Step 5: Configure Access
You will need to give access to the local user(s) so that VPN users can use that account for authentication.
Open Computer Management and go to Local Users and Groups. Right click > “Your User” and go to properties.
Go to the Request tab and select “Allow access”
Step 6: Test
You can check if the configuration is working inside the server and by testing it.
Open the remote access console management control panel to see if all processes are running. You should see green icons next to the processes. Server Manager Tools and Remote Access Management> Dashboard
Connect to the VPN using your local device. In this case, we will connect using a Windows 10 device.
Go to Settings > Network & Internet > VPN > Add VPN Connection and fill out the form
Save it then select the connection and click Connect and done. You can proceed by adding a VPN connection to your client device.
After following all these steps, your Windows Server should now be set up for VPN connections. As mentioned in the introduction, a VPN is suitable for smaller network deployments. Now you should have everything you need to use your VPN!