It is very common now to work remotely, so know how to set up a VPN Server is essential for many businesses. In this blog post, we will learn how to set up VPN Server in Windows Server 2016.

  1. Go to Windows Server 2016 Server Manager and click Add roles and features.
  2. Before you begin page, click the Next button.
  3. Select installation type page, select Role-based or feature-based installation.
  4. Select destination server page, select the server you want to set up VPN server which is normally current server and one record only.
  5. Select server roles page, check the Remote Access role.
  6. Select features page, click Next button without change anything.
  7. Remote Access page, click Next button.
  8. Select role services page, check the DirectAccess and VPN (RAS) only, leave Routing and Web Application Proxy uncheck.
  9. Confirm installation selections page, click Install button and then the installation will begin. It will take a while to complete depends on your server speed.
  10. Installation progress page, wait until the process is finished and don't close the screen. Once installed, click the Open the Getting Started Wizard link.
  11. A new Configure Remote Access will pop up, click Deploy VPN only.
  12. Go to Windows Start menu, open the Routing and Remote Access desktop app (you can open it via the Server Manager > Tool menu also). In the window, right-click the server name and click Configure and Enable Routing and Remote Access menu.
  13. Routing and Remote Access Server Setup Wizard will popup, select Custom configuration.
  14. Custom Configuration page, check VPN access.
  15. Completing the Routing and Remote Access Server Setup Wizard page, click the Finish button to complete the wizard.
  16. A Routing and Remote Access popup will popup shortly, click Start service button to turn on the VPN Server.
  17. After that, you might want to set the range of IPv4 for the VPN clients if you don't have a DHCP server. In the same Routing and Remote Access, right-click the server name and click the Properties menu. In the IPv4 tab, click Static address pool, and then click Add button to configure the range, it is normally within your LAN IP address range.
  18. Lastly, to enable remote access for a user, just go to the Active Directory user account, click the Dial-in tab, Network Access Permission > Allow access.

Besides the steps above, do remember you still need to do port forwarding so the VPN clients can reach the server located inside LAN. For PPTP, it is TCP Port 1723.

One last reminder, it is very important to tighten the security to secure your environment, for example, strong password policy for every user, password expire period policy, disable/remove unused users, automatically lockout after three fail login attempts and etc.


This free site is ad-supported. Learn more