How To Configure Remote Access VPN Server In Windows Server 2016

VPN stands for Virtual Private Network that has been used for many years to provide remote connectivity and support. VPN is one of the most popular, secure, and cheap technique to connect remote branch offices and remote users over the Internet. There are various VPN authentication protocols such as PPTP, L2TP, SSTP, and IKEv2 that can be used by an administrator for authenticating remote users. Each VPN authentication protocol supports the different level of security. However, in this post, we will just focus on step by step guide to configure Remote Access VPN Server using Windows Server 2016.

Understanding Remote Access VPN Lab Setup

First of all, understand the lab setup topology we are going to use. Ensure that all the systems are configured with the appropriate TCP/IP settings as mentioned in the topology. Also, ensure that the Windows Firewall is turned off on all the systems to avoid any network connectivity issues.

We will use the following systems to complete this lab exercise:

ROUTER1

  • Hosts the Remote Access Server role.
  • Connected to CLIENT1 using 10.0.0.1/8 IP address.
  • Connected to the SERVER2 using 192.168.1.1/24 IP address.
  • Acts as VPN Server.

SERVER2

  • Acts as an internal (private) client and is connected to ROUTER1 using 192.168.1.2/24 IP address and 192.168.1.1 as the Default gateway.

CLIENT1

  • Acts as a remote (Public) client and is connected to ROUTER1 using 10.0.0.101/8 IP address and 10.0.0.1 as the Default gateway.

It is recommended that all of your participating systems of this lab exercise should belong either to the same Domain network or should belong to a Workgroup network. Mixed type of network may create some issues to complete the lab exercise. Here, all systems are based on the Workgroup-based network.

Installing Remote Access Service on Windows Server 2016

In order to configure VPN Server on Windows Server 2016, first, you need to install the Remote Access service role. For this, you need to perform the following steps:

  1. On ROUTER1, launch the Add Roles and Features Wizard.
  2. Click Next and accept the default selections until the Select server roles page displays.
  3. Select the Remote Access server role and click Next.Installing Remote Access VPN Service
  4. Click Next until the Select role services page displays.
  5. Select the DirectAccess and VPN (RAS) and Routing role services and then click Next.Selecting DirectAccess and VPN servcies
  6. On the rest of the pages, accept the default selections by clicking Next. Wait until the installation process completes.

Configure Remote Access VPN Server

In order to configure VPN Server on Windows Server 2016, you need to perform the following steps on ROUTER1.

  1. Open the Routing and Remote Access console by using the Server Manager console.
  2. Click Tools and selecting the Routing and Remote Access option.Opening Routing and Remote Access Console
  3. Select and right-click Server name (ROUTER1) and then select Configure and Enable Routing and Remote Access.Configure and enable routing and remote access services
  4. On the Welcome page, click Next and navigate to the Configuration page. Ensure that the Remote access (dial-up or VPN) option is selected and then click Next.Configure Remote Access VPN Server
  5. On the Remote Access page, select the VPN option and then click Next.Routing and Remote Access Server Setup Wizard
  6. On the VPN Connections page, select the network adapter that is connected to the Public network (Internet) and proceed to next. In this case, Ethernet0 network adapter is connected to the Public system CLIENT1.Selecting VPN Public Internet Connection
  7. On the IP Address Assignment page, select the desired option. If your VPN server is also configured as active DHCP server, select Automatically. If you want to assign IP addresses to the VPN clients using the VPN server, select the From a specified range of addresses option and then click Next.Specifying IP Address Assignment
  8. On the IP Address Assignment page, click New and set the Start and End IP ranges depending on the number of VPN clients your network contains. For example, set the 10.0.0.240 to 10.0.0.245 range for the testing purpose and proceed to Next.Specifying New VPN IP Range
  9. On the Manage Multiple Remote Access Servers page, select the No option as we will configure RADIUS server in a separate article. Click Next and finish the wizard.Finishing Routing and Remote Access Server Setup Wizard
  10. On the Service message box click OK to start the Remote Access service.

Creating VPN User

In order to connect and authenticate to Remote Access VPN server, VPN clients require user credentials. For this, you need to perform the following steps.

  1. Execute the following command on VPN server ROUTER1 to create a test user named as VPNUser1. It will be used by remote users to connect to your VPN server.Creating VPN Test User
  2. Now, type lusrmgr.msc in the Run dialog box and open the Properties of VPNUser1.
  3. Select the Dial-in tab and then select the Allow access option for the selected user.Allow dial-in VPN access

Connecting VPN Client to VPN Server

Now, you have successfully configured Remote Access VPN server. The next step is to test your VPN configuration. For this, you need to perform the following steps on VPN client that is CLIENT1.

  1. Move on to CLIENT1, open the Network and Sharing Center Wizard, and select Set up a new connection or network to create a new VPN connection.Creating a new VPN connection in Windows 10
  2. Select the Connect to a workplace option and then click Next.Connect to workplace VPN option
  3. On the How do you connect to VPN page, select Use my Internet Connection (VPN) option and then click Next.Using Internet VPN connection
  4. On the next page, select I’ll setup Internet connection later and then click Next.How to connect Windows 10 to VPN server
  5. On the Type the Internet address to connect to page, type hostname (if the DNS server is already configured) or simply type the Public IP address of VPN server. In this case, 10.0.0.1 and then click Create.Specifying VPN Server Address
  6. Click the network status icon in the Notification Area and select VPN Connection.Connecting VPN Connection on Windows 10
  7. On the NETWORK & INTERNET screen, select VPN Connection and then click Connect.Add VPN Connection in Windows 10
  8. On the Sign In screen, type the username and password of VPN server that you have previously created and click OK to connect.Authenticating VPN Server
  9. Ensure that you are successfully connected to VPN server.Verify VPN Connectivity
  10. To further verify, type \\192.168.1.2\c$ to test that you are able to access the data of the Private client that is SERVER2.Accessing data using VPN connection

Note: Use the Administrator user if you are unable to access SERVER2 using VPNUser1.

In this post, we have explained how to configure Remote Access VPN Server on Windows Server 2016. You are always welcome to provide your valuable suggestions and feedback. Please use the comment box to share your views. Stay connected with us for more step by step Windows Server 2016 tutorials.

Posted in Windows 10, Windows Server 2016 Tagged with: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*