ITGeeksHub

login/sign up
Menu
{{ search }}
login/sign up
December 5, 2024

How to configure VPN on Windows Server

“In a world where data breaches are common, using a VPN isn’t just an option; it’s a necessity.”

VPN Configuration on Windows Server 2019

How to Configure VPN on Windows Server 2019

Configuring a VPN (Virtual Private Network) on Windows Server 2019 allows users to securely connect to your organization’s network from remote locations. Here’s a step-by-step guide on how to set up a VPN using the Routing and Remote Access Service (RRAS) on a Windows Server 2019 machine.

Prerequisites

  1. Windows Server 2019: Ensure you have a Windows Server 2019 machine prepared.
  2. Administrator Privileges: You need administrative access to configure RRAS.
  3. Public IP Address: For external access, your server should have a public IP address (or be correctly configured behind a router).
  4. Firewall Configuration: Ensure necessary ports are opened (PPTP: 1723, L2TP: 500, 1701, 4500, SSTP: 443, IKEv2: 500, 4500).

Step 1: Install Remote Access Role

  1. Open Server Manager:

    Click on the Start menu and select Server Manager.

  2. Add Roles and Features:

    In the Server Manager dashboard, click on Add Roles and Features. Click Next on the “Before you begin” page.

  3. Select Installation Type:

    Choose Role-based or feature-based installation and click Next.

  4. Select Destination Server:

    Choose the local server and click Next.

  5. Select Server Roles:

    Scroll down and check the box for Remote Access. Click Next through the feature selection until you reach the confirmation page. Review your selections and click Install.

  6. Complete Installation:

    Once the installation completes, click Close.

Step 2: Configure RRAS

  1. Open Routing and Remote Access:

    Back in the Server Manager, click on Tools and select Routing and Remote Access.

  2. Enable Routing and Remote Access:

    In the RRAS console, right-click on your server name and select Configure and Enable Routing and Remote Access.

  3. Configuration Wizard:

    Click Next to proceed with the wizard. Choose Custom configuration and click Next. Select the options depending on your needs: For VPN, check VPN and click Next. Click Finish to complete the configuration.

  4. Start the service:

    Right-click on your server name and select Start.

Step 3: Configure VPN Ports

  1. Ports Configuration:

    In RRAS, expand your server name and go to Ports. Right-click on Ports, select Properties. Configure the ports according to the protocol you want to enable (PPTP, L2TP, SSTP, etc.). Ensure enough ports are available as needed.

Step 4: Configure IP Address Assignment

  1. Configure IP Address Assignment:

    Go to your RRAS properties by right-clicking the server name in the RRAS console and selecting Properties. Navigate to the IPv4 tab. Choose either Automatically, via DHCP or Static address pool. If using a static pool, enter the IP range.

Step 5: Configure User Access

  1. Create User Accounts (if you haven’t already):

    Open Active Directory Users and Computers or Computer Management. Create or use existing user accounts that will be allowed to connect to the VPN.

  2. Set Dial-in Permissions:

    Right-click on the user account and select Properties. Go to the Dial-in tab. Set the Network Access Permission to Allow access.

Step 6: Configure Firewall Settings

  1. Windows Firewall:

    Open Windows Defender Firewall with Advanced Security. Create inbound rules to allow traffic on the VPN ports you configured.

  2. Router Configuration (if applicable):

    If your Windows server is behind a router, you need to configure port forwarding for the VPN ports to your server’s IP address.

Step 7: Test the VPN Connection

  1. Client Configuration:

    On the client machine, go to Settings > Network & Internet > VPN. Click on Add a VPN connection. Fill in the connection details, including the VPN provider, connection name, server name, and sign-in information.

  2. Connect to the VPN:

    Attempt to connect to the VPN. Troubleshoot any issues using the RRAS event logs and Windows logs if the connection fails.

Step 8: Optional – Configure Certificate for SSTP

If you choose to use SSTP as your VPN type, you will need to configure an SSL certificate. This usually involves obtaining a certificate from a trusted CA or creating a self-signed certificate (not recommended for production).

Final Notes

  1. Always make sure your Windows Server is fully updated.
  2. Regularly monitor your VPN connections for any unauthorized access.
  3. Consider implementing additional security measures, such as strong authentication methods.

This guide should help you successfully set up a VPN on Windows Server 2019. If you encounter issues, review each configuration setting carefully.

Leave a Reply