VPN stands for Virtual Private Network that has been used for many years to provide remote connectivity and support. VPN is one of the most popular, secure, and cheap technique to connect remote branch offices and remote users over the Internet. There are various VPN authentication protocols such as PPTP, L2TP, SSTP, and IKEv2 that can be used by an administrator for authenticating remote users. Each VPN authentication protocol supports the different level of security. However, in this post, we will just focus on step by step guide to configure Remote Access VPN Server using Windows Server 2016.
Understanding Remote Access VPN Lab Setup
First of all, understand the lab setup topology we are going to use. Ensure that all the systems are configured with the appropriate TCP/IP settings as mentioned in the topology. Also, ensure that the Windows Firewall is turned off on all the systems to avoid any network connectivity issues.
We will use the following systems to complete this lab exercise:
- Hosts the Remote Access Server role.
- Connected to CLIENT1 using 10.0.0.1/8 IP address.
- Connected to the SERVER2 using 192.168.1.1/24 IP address.
- Acts as VPN Server.
- Acts as an internal (private) client and is connected to ROUTER1 using 192.168.1.2/24 IP address and 192.168.1.1 as the Default gateway.
- Acts as a remote (Public) client and is connected to ROUTER1 using 10.0.0.101/8 IP address and 10.0.0.1 as the Default gateway.
It is recommended that all of your participating systems of this lab exercise should belong either to the same Domain network or should belong to a Workgroup network. Mixed type of network may create some issues to complete the lab exercise. Here, all systems are based on the Workgroup-based network.
Installing Remote Access Service on Windows Server 2016
In order to configure VPN Server on Windows Server 2016, first, you need to install the Remote Access service role. For this, you need to perform the following steps:
- On ROUTER1, launch the Add Roles and Features Wizard.
- Click Next and accept the default selections until the Select server roles page displays.
- Select the Remote Access server role and click Next.
- Click Next until the Select role services page displays.
- Select the DirectAccess and VPN (RAS) and Routing role services and then click Next.
- On the rest of the pages, accept the default selections by clicking Next. Wait until the installation process completes.
Configure Remote Access VPN Server
In order to configure VPN Server on Windows Server 2016, you need to perform the following steps on ROUTER1.
- Open the Routing and Remote Access console by using the Server Manager console.
- Click Tools and selecting the Routing and Remote Access option.
- Select and right-click Server name (ROUTER1) and then select Configure and Enable Routing and Remote Access.
- On the Welcome page, click Next and navigate to the Configuration page. Ensure that the Remote access (dial-up or VPN) option is selected and then click Next.
- On the Remote Access page, select the VPN option and then click Next.
- On the VPN Connections page, select the network adapter that is connected to the Public network (Internet) and proceed to next. In this case, Ethernet0 network adapter is connected to the Public system CLIENT1.
- On the IP Address Assignment page, select the desired option. If your VPN server is also configured as active DHCP server, select Automatically. If you want to assign IP addresses to the VPN clients using the VPN server, select the From a specified range of addresses option and then click Next.
- On the IP Address Assignment page, click New and set the Start and End IP ranges depending on the number of VPN clients your network contains. For example, set the 10.0.0.240 to 10.0.0.245 range for the testing purpose and proceed to Next.
- On the Manage Multiple Remote Access Servers page, select the No option as we will configure RADIUS server in a separate article. Click Next and finish the wizard.
- On the Service message box click OK to start the Remote Access service.
Creating VPN User
In order to connect and authenticate to Remote Access VPN server, VPN clients require user credentials. For this, you need to perform the following steps.
- Execute the following command on VPN server ROUTER1 to create a test user named as VPNUser1. It will be used by remote users to connect to your VPN server.
- Now, type lusrmgr.msc in the Run dialog box and open the Properties of VPNUser1.
- Select the Dial-in tab and then select the Allow access option for the selected user.
Connecting VPN Client to VPN Server
Now, you have successfully configured Remote Access VPN server. The next step is to test your VPN configuration. For this, you need to perform the following steps on VPN client that is CLIENT1.
- Move on to CLIENT1, open the Network and Sharing Center Wizard, and select Set up a new connection or network to create a new VPN connection.
- Select the Connect to a workplace option and then click Next.
- On the How do you connect to VPN page, select Use my Internet Connection (VPN) option and then click Next.
- On the next page, select I’ll setup Internet connection later and then click Next.
- On the Type the Internet address to connect to page, type hostname (if the DNS server is already configured) or simply type the Public IP address of VPN server. In this case, 10.0.0.1 and then click Create.
- Click the network status icon in the Notification Area and select VPN Connection.
- On the NETWORK & INTERNET screen, select VPN Connection and then click Connect.
- On the Sign In screen, type the username and password of VPN server that you have previously created and click OK to connect.
- Ensure that you are successfully connected to VPN server.
- To further verify, type \\192.168.1.2\c$ to test that you are able to access the data of the Private client that is SERVER2.
Note: Use the Administrator user if you are unable to access SERVER2 using VPNUser1.
In this post, we have explained how to configure Remote Access VPN Server on Windows Server 2016. You are always welcome to provide your valuable suggestions and feedback. Please use the comment box to share your views. Stay connected with us for more step by step Windows Server 2016 tutorials.