How do I set up a Remote Access VPN on my Windows server?

A VPN creates a secure tunnel between your computer and the remote computer so that they appear to be on the same directly-connected network.

This is convenient for Windows file sharing and allows Windows services, such as Remote Desktop, to be secured to the same address range used by the VPN for added security.

To set up your server as a VPN:

1. Log into your Windows server
2. Open Server Manager
3. Select Add Roles and Features
4. Verify that your administrator account has a strong password, network settings are configured, and that you have installed the latest security updates
5. Click Next
6. Ensure ‘Role-based or featured-based installation’ is ticked
7. Click Next
8. Ensure ‘Select a server from the server pool’ is ticked
9. Ensure that your server is highlighted in the Server Pool
10. Click Next
11. Scroll down through the Roles to Remote Access and check the box next to it
12. Click Next
13. Ensure that the features you want are going to be installed
14. Click Next
15. Read the information about Remote Access
16. Click Next
17. Ensure that ‘DirectAccess and VPN (RAS)’ is checked under Role Services
18. Click Next
19. Ensure that ‘Include management tools (if applicable)’ is checked
20. Click Add Features
21. Ensure that ‘Restart the destination server automatically if required’ is ticked
22. Click Yes on the pop-up window
23. Click Install
24. Wait until the installation completes
25. Click Close
26. Wait for your server to restart

Once your server restarts, you then need to enable and configure Remote Access on your server.

To enable Remote Access:

1. Open your Server Manager
2. Select ‘Open the Getting Started Wizard’
3. Select Deploy VPN only
4. In Routing and Remote Access, right-click on your server and select ‘Configure and Enable Routing and Remote Access’
5. When the Routing and Remote Access Server Setup Wizard opens, click Next
6. Select Custom Configuration
7. Click Next
8. Check VPN access
9. Click Next
10. When the Setup Wizard is complete, click Finish
11. Click OK on the warning about the Firewall
12. Click Start Service
13. Remote Access will now be enabled on your server

To configure Remote Access:

1. Right-click on your server in Routing and Remote Access
2. Select Properties
3. Select the IPv4 tab
4. Ensure that ‘Enable IPv4 Forwarding’ is checked
5. Select ‘Static address pool’
6. Click Add
7. Enter in a private IP address range (not the network range you are on), such as 192.168.0.0 to 192.168.255.255
8. Click OK
9. Right-click on your server in the Routing and Remote Access
10. Select All Tasks
11. Select Restart
12. Wait for the Routing and Remote Access to restart

Once you have Remote Access working, you will need to configure your firewall and set up a new user.

To set up the firewall:

1. Open Windows Firewall with Advanced Security
2. Select Inbound Rules
3. Ensure that the rules for GRE-In and PPTP-IN are both enabled

Then set up your user:

1. Open Computer Management
2. Select System Tools
3. Select Local Users and Groups
4. Select More Actions
5. Select New User
6. Enter in the user’s details, including name and password
7. Select Properties
8. Click on the Dial-In tab
9. Check Allow Access under Network Access Permission
10. Click OK
11. The users is now created

Now that your server is set up for VPN, you now need to set up your PC.

To create your connection to your server:

1. Open Network and Sharing Center
2. Select ‘Set up a new connection or network’
3. Select ‘Connect to a workplace’
4. Select ‘Use my Internet connection (VPN)’
5. Enter in the IP address of the server and a name
6. Check ‘Don’t connect now; just set it up so I can connect later’
7. Click Next
8. Enter in the user name and password that you set up on your server
9. Click Create
10. The connection is now created

Now you need to change your adapter settings for the connection:

1. In Network and Sharing Center, click ‘Change adapter settings’
2. Right-click on your new VPN connection and select ‘Properties’
3. Select the Security tab
4. Change Type of VPN to ‘Point to Point Tunneling Protocol (PPTP)’
5. Click OK
6. Select the Networking tab
7. Select Internet Protocol Version 4 (TCP/IPv4)
8. Click Properties
9. Click Advanced
10. Uncheck ‘Use default gateway on remote network’
11. Click OK until you are back at your Network Connections

Connect to your VPN connection:

1. Right-click on your new VPN connection
2. Select Connect
3. Enter the User Name and the Password
4. Click Connect
5. You are now connected to your VPN

You now need to get the VPN IP address:

1. Open your Connections
2. Select your VPN connection
3. Select Properties
4. Click on the Details tab
5. Write down the Server IPv4 address

Now connect via Remote Desktop

1. Open Remote Desktop Connection
2. Enter in the IPv4 address you wrote down
3. Click Connect
4. On the Set Network Location, choose Work
5. Enter in the server’s Adminstrator user name and password
6. When the identity cannot be verified, click Yes

Now that you are in your server, you can secure the firewall rule for the VPN network range.

To secure the firewall rule:

1. Open Windows Firewall on the server
2. Select Inbound Rules
3. Find the rule for ‘Remote Desktop – User Mode (TCP-IN)’
4. Select that rule and select Properties
5. Select Scope
6. Add the private network range used for your VPN connection

You will now be able to access Windows Shares and other connections.

When you no longer need to be connected, remember to disconnect on your computer.