{"id":2427,"date":"2018-01-05T20:04:07","date_gmt":"2018-01-05T20:04:07","guid":{"rendered":"http:\/\/microsoftgeek.com\/?p=2427"},"modified":"2018-01-05T20:04:07","modified_gmt":"2018-01-05T20:04:07","slug":"how-to-install-vpn-access-on-windows-server-2016","status":"publish","type":"post","link":"https:\/\/microsoftgeek.com\/?p=2427","title":{"rendered":"How to install VPN access on Windows Server 2016"},"content":{"rendered":"

Remote access role is a VPN which protects the network connection or your remote connection from one side to another and protecting both sides from attacks or data sniffing as VPN protocol uses a tunnel inside of a standard data connection.<\/p>\n

Note:<\/strong>\u00a0You\u2019ll need to open a TCP port 1723 on your firewall as this port is used for the VPN access.<\/p>\n

Also, I\u2019d like to point out that this might not be a guide for enterprise deployment as there you\u2019ll perhaps use a hardware VPN from your router or use a Direct Access feature which however relies on Internet Protocol version six (IPv6) technologies to establish client connections.<\/p>\n

How to install VPN on Windows Server 2016 \u2013 The steps:<\/span><\/h2>\n

Install a Remote access role via the\u00a0Add Roles and Features Wizard<\/strong>. Open\u00a0Server Manager<\/strong>\u00a0either locally on the server that will host the remote access role or on a computer that has Server Manager configured to connect to the server you\u2019re deploying the role.<\/p>\n

Then select\u00a0Add Roles and Features Wizard<\/strong>\u00a0from the\u00a0Manage Menu<\/strong>. Click next on the before you begin page if it is displayed. Then select Role-Based or Feature-Based installation and click next.<\/p>\n

On the Select Server Role page, scroll down and then select check box\u00a0Remote Access<\/strong>. And then click next.<\/p>\n

\"Remote<\/p>\n

You\u2019ll need to click two more times to get to the Remote access Role Services, where you\u2019ll have to select\u00a0Direct Access and VPN<\/strong>.<\/p>\n

\"DirectAccess<\/p>\n

Accept the installation of sub-components, such as IIS\u2026 Accept all the defaults.<\/p>\n

It will take some time to finish the installation of all components and sub-components.<\/p>\n

Then click on the link Open the Getting Started Wizard to open the configuration wizard.<\/p>\n

\"Open<\/p>\n

A new window will appear. You\u2019ll need to click Deploy VPN only which will configure VPN by using the Routing and Remote Access console.<\/p>\n

\"Deploy<\/p>\n

After you click on that part, you\u2019ll open the Routing and Remote Access console. Right click on the Server name and click on\u00a0Configure and Enable Routing and Remote Access<\/strong>.<\/p>\n

Note: You can also launch this console via\u00a0Control Panel > System and Security > Administrative tools<\/strong>.<\/p>\n

\"Configure<\/p>\n

Click Next and Select\u00a0Custom Configuration<\/strong>.<\/p>\n

\"Select<\/p>\n

So far, it\u2019s been very simple. Let\u2019s go and finish the configuration. All we need to do on the next screen is to tick the checkbox\u00a0VPN access<\/strong>\u00a0as we only want this feature to be active.<\/p>\n

\"Select<\/p>\n

You\u2019ll then have only one page which displays the summary of your selections. Confirm by clicking the Finish button.\u00a0 After few seconds, you\u2019ll see a pop-up window asking you to start the Routing and Remote Access service. Click on\u00a0Start Service<\/strong>\u00a0button.<\/p>\n

Next Step \u2013 Allow some users to connect to your newly configured VPN server<\/h2>\n

Usually this kind of small environment can be used for system administrators requiring access to remotely installed server, or for a small group of users within an organization. Depending on the architecture, the server can be part of a Microsoft Domain and have a central management of users through an\u00a0Active Directory\u00a0(AD) or it can be a standalone server which is just outside of any domain.<\/p>\n

For the sake of simplicity, we consider this case, but in both cases, you\u2019ll need to configure at least one user to access through the VPN and we\u2019ll show you how.<\/p>\n

So if you\u2019re in \u201cWorkgroup\u201d environment you can use a Computer Management Console (MMC), and if you\u2019re in a domain environment this can be done in the user properties of an Active Directory user.<\/p>\n

\"Allow<\/p>\n

Usually, there is a DHCP server within a company environment. If that\u2019s not the case, you\u2019ll have to add a static address pool.<\/p>\n

You can find the settings in the properties of your VPN server, where you can click on the IPv4 tab and enable and configure the\u00a0Static address pool<\/strong>. Make sure to use the same subnet as your static address of your server.<\/p>\n

\"Add<\/p>\n

Well, this is about.<\/p>\n

From the client\u2019s perspective. The client has to configure a VPN connection from the client\u2019s end. So, depending on the\u00a0Operating system\u00a0the client is using, the setup might differ.<\/p>\n

But basically, you\u2019ll should set up new VPN connection.<\/p>\n

\"Configure<\/p>\n

And then<\/p>\n

\"Setup<\/p>\n

This will create a new connection within the\u00a0network\u00a0connection window there.<\/p>\n

\"New<\/p>\n

To finally get this screen after connecting and entering your password.<\/p>\n

\"Connection<\/p>\n

Wrap up:<\/h2>\n

This is the simplest way of doing it. It involves, however, opening the TCP 1723 port on the firewall. Note that another solution of remote access exists, but they usually involve installation of third party tools on the\u00a0server side, and also on the client side.<\/p>\n

You may want to avoid installing those tools on company servers and stick to traditional Built-in VPN from\u00a0Microsoft, for remote administration.<\/p>\n","protected":false},"excerpt":{"rendered":"

Remote access role is a VPN which protects the network connection or your remote connection from one side to another and protecting both sides from attacks or data sniffing as VPN protocol uses a tunnel inside of a standard data connection. Note:\u00a0You\u2019ll need to open a TCP port 1723 on your firewall as this port […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,63],"tags":[],"class_list":["post-2427","post","type-post","status-publish","format-standard","hentry","category-vpn","category-server-2016-2016"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2427"}],"version-history":[{"count":1,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2427\/revisions"}],"predecessor-version":[{"id":2428,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/2427\/revisions\/2428"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}