How to Setup VPN Server on Windows Server 2016 (PPTP).

Last updated on November 9th, 2020

In this tutorial you will find step by instructions to setup a PPTP VPN Server 2016, in order to access your local network resources from anywhere in the world. So, if you have a Windows 2016 server with one network card and you want to setup a VPN connection in order to connect and access server or network files from everywhere, continue reading below…*

Advertisements

* Note: If you want to setup a more secure VPN Server for your network, then read this article: How to Setup L2TP VPN Server 2016 with a Custom Preshared Key for Authentication.

How to Install a PPTP VPN Server 2016 (With only One NIC).

To install and configure the Server 2016 to act as a PPTP VPN access server follow the steps below:

Step 1. Install the Routing and Remote Access Role on Server 2016.
Step 2. Enable the Routing and Remote Access on Server 2016.
Step 3. Configure VPN Server Settings (Security, IP Range, etc.).
Step 4. Allow Routing and Remote Access Inbound Traffic in Windows Firewall.
Step 5. Select the VPN Users.
Step 6. Configure the VPN Server to Allow the Network Access.
Step 7. Configure ISP's Firewall to Allow the PPTP Connections.
Step 8. Setup the PPTP Connection on Clients.

.

 

Step 1. How to Add Remote Access (VPN Access) Role on a Server 2016.

The first step to setup a Windows Server 2016, as a VPN server is to add the Remote Access role to your Server 2016. *

* Info: For this example we're going to setup VPN on a Windows Server 2016 machine, named "Srv1" and with IP Address "192.168.1.8".

1. To install VPN role on Windows Server 2016, open 'Server Manager' and click on Add Roles and Features.

Setup VPN Server 2016

 

2. At the first screen of 'Add Roles and Features wizard', leave the Role-based or feature-based installation option and click Next.

clip_image008

 

3. At the next screen, leave the default option "Select server from the server pool" and click Next.

image

 

4. Then select the Remote Access role and click Next.

install VPN Server 2016

 

5. At 'Features' screen leave the default settings and click Next.

image

 

6. At 'Remote Access' information screen, click Next.

clip_image016

 

7. At 'Remote Services', choose the Direct Access and VPN (RAS) role services and then click Next.

clip_image020

 

8. Then click Add Features.

image

 

9. Click Next again.

image

 

10. Leave the default settings and click Next (twice) at 'Web Server Role (IIS)' and 'Role Services' screens.

image

 

11. At 'Confirmation' screen, select Restart the destination server automatically (if required) and click Install.

clip_image022

 

 

12. At the final screen, ensure that the installation of the Remote Access role is successful and Close the wizard.

clip_image024

 

13. Then (from Server Manager) Tools menu, click on Remote Access Management.
14.
Select Direct Access and VPN on the left and then click to Run the Getting Started Wizard.

image

 

15. Then click Deploy VPN only.

image

16. Continue to step-2 below to configure Routing and Remote Access.

 

Step 2. How to Configure and Enable Routing and Remote Access on Server 2016.

The next step is to enable and configure the VPN access on our Server 2016. To do that:

1. Right click on the Server's name and select Configure and Enable Routing and Remote Access. *

* Note: You can also launch Routing and Remote Access settings, by using the following way:

1. Open Server Manager and from Tools menu, select Computer Management.
2. Expand Services and Applications
3. Right click on Routing and Remote Access and select Configure and Enable Routing and Remote Access.

Configure PPTP VPN Server 2016

 

2. Click Next at 'Routing and Remote Access Server Setup Wizard'.

Advertisements

image

3. Choose Custom configuration and click Next.

clip_image030

 

4. Select VPN access only in this case and click Next.

clip_image032

 

5. Finally click Finish. *

* Note: If you receive an error says " Remote Access Service in unable to enable Routing and Remote Access ports in Windows Firewall…", ignore it and click OK to continue.

How to Setup VPN Server on Windows Server 2016

 

6. When prompted to Start the service click Start.

image

 

Step 3. Configure VPN Server Settings (Security, IP Range, etc.)

1. At Routing and Remote access panel, right click on your server's name and select Properties.

image

2a. At 'Security' tab, select the Windows Authentication as the Authentication Provider. and then click the Authentication Methods button.

Configure PPTP VPN Server Authentication Methods

2b. Make sure that the Microsoft encrypted authentication version 2 (MS-CHAP v2) is selected and then click OK.

image

3a. Now select the IPv4 tab, choose the Static address pool option and click Add.

image

3b. Now type the IP Address Range that will be assigned to VPN clients and click OK twice to close all windows.

e.g. For this example we're going to use the IP address range: 192.168.1.200 – 192.168.1.209.

image

Step 4. Allow Routing and Remote Access Inbound Traffic in Windows Firewall

1. Go To Control Panel > All Control Panel Items > Windows Firewall.
2. Click Advanced settings on the left.

Allow PPTP in Windows Firewall

3. Select Inbound Rules on the left left.
4a. At the right pane, double click at Routing and Remote Access (PPTP-In)

Allow PPTP Connections in Windows Firewall

4b. At 'General' tab, choose Enabled, Allow the connection and click OK.

image

5a. Then double click at Routing and Remote Access (GRE-In).

image

5b. At General tab, choose Enabled, Allow the connection and click OK.

image

6. Close the Firewall settings and restart your server.

Step 5. How to Select which users will have VPN Access.

Now it's time to specify which users will be able to connect to the VPN server (Dial-IN permissions).

1. Open Server Manager.
2. From Tools menu, select Active Directory Users and Computers. *

* Note: If your server doesn't belong to a domain, then go to Computer Management -> Local Users and Groups.

Transfer Operation Masters Role to Server 2016.

 

3. Select Users and double click on the user that you want to allow the VPN Access.
4. Select the Dial-in tab and select Allow access. Then click OK.

image

 

 

Step 6. How to Configure the Network Policy Server to Allow the Network Access.

In order to allow the VPN users to access the network through the VPN connection, proceed and modify the Network Policy Server as follows:

 

image

2. Under the NPS (Local) select Network Policies on the left.

3a. Double click at Connections to Microsoft Routing and Remote Access server policy.

image

 

3b. At the 'Overview' tab, select the following settings and click OK:

    • Grant access: If the connection request matches this policy.
    • Remote Access Server (VPN-Dial up)

image

 

4a. Now open the Connections to other access servers policy, select the same settings and click OK.

    • Grant access: If the connection request matches this
      policy.
    • Remote Access Server (VPN-Dial
      up)

 

image

 

5. Close the Network Policy Server settings.

image

 

 

Step 7. How to Configure Firewall to Allow PPTP VPN Access (Port Forwarding).

The next step is allow the PPTP VPN connections on your ISP's Router/Firewall.

1. At the top of our browser type your router's IP address: (e.g. "http://192.168.1.1" in this example) and login to router's web interface.

2. Inside the Router configuration setup, forward the port 1723 to the IP address of the VPN Server. (See your Router's manual on how to configure Port Forward). *

  • For example, if your VPN Server has the IP address "192.168.1.8" then you have to forward the port 1723 to the IP "192.168.1.8".

image

 

 

Step 8. How to Setup the PPTP VPN Connection on CLIENTS *

* Notes & Additional Help:
1. In order to be able to connect to your VPN server from a distance you have to know the public IP Address of the VPN server. To find the pubic IP Address navigate to this link: http://www.whatismyip.com/ (from VPN Server 2016).
2. To ensure that you can always connect to your VPN server it is better to have a Static Public IP Address. To obtain a Static Public IP Address you must contact your internet service provider. If you don't want to pay for a static IP Address, then you can setup a free Dynamic DNS service (e.g. no-ip.) on your router's (VPN Server) side.

 

To setup a PPTP VPN Connection on Windows 10:

1. From Settings image click Network and Internet, OR, right click at the Network icon on the taskbar and choose Open Network & Internet settings.

 

vpn client setup windows 10

 

2. Click VPN on the left and then click + to Add a VPN connection.

How to Setup a VPN Connection Windows 10

3. At the next screen, fill out the following information and click Save:

 

a. VPN provider: Select Windows (built-in).

b. Connection name: Type a friendly name for the VPN connection. (e.g.. "VPN_OFFICE")

c. Server name or address: Type the VPN's server host name or the public IP address or the VPN server.

d. VPN Type: Use the drop down arrow to select the type of the VPN connection that your company uses. {e.g. "Point to Point Tunneling Protocol (PPTP)"}.

e. Type of sign-in info: Use the drop down arrow and select the authentication type for the VPN connection. (e.g. "User name and password").

f. User Name: Type the VPN user name.

g. Password: Type the VPN password.

h. Check the "Remember my sign-in info" checkbox, if you want to save your sign-in credentials for the VPN connection and then click Save

vpn setup windows 10

 

4. Under Related settings, choose Change adapter options.

vpn connection settings windows 10

 

5. Right click on the VPN connection and choose Properties.

vpn properties windows 10

 

6. At Security Tab, select Allow these protocols, and check the following protocols:

    • Challenge Handshake Authentication Protocol (CHAP)
    • Microsoft CHAP Version 2 (MS-SHAP v2)

image

 

7. At Networking tab, select the Internet Protocol Version 4 (TCP/IPv4) and click Properties.

vpn networking properties

 

7a. Click Advanced.

use default gateway on local network

7b. Uncheck the "Use default gateway on remote network" and click OK three (3) times to apply changes and close all windows.

use default gateway on remote network

 

8. Now you're ready to connect to your VPN Server 2016.

windows 10 vpn setup

 

 

That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.

 

 

 

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free: