How to Setup VPN Server on Windows Server 2016 (PPTP). (2024)

In this tutorial you will find step by instructions to setup a PPTP VPN Server 2016, in order to access your local network resources from anywhere in the world. So, if you have a Windows 2016 server with one network card and you want to setup a VPN connection in order to connect and access server or network files from everywhere, continue reading below…*

* Note: If you want to setup a more secure VPN Server for your network, then read this article: How to Setup L2TP VPN Server 2016 with a Custom Preshared Key for Authentication.

How to Install a PPTP VPN Server 2016 (With only One NIC).

To install and configure the Server 2016 to act as a PPTP VPN access server follow the steps below:

Step 1. Install the Routing and Remote Access Role on Server 2016.

Step 2. Enable the Routing and Remote Access on Server 2016.

Step 3. Configure VPN Server Settings (Security, IP Range, etc.).

Step 4. Allow Routing and Remote Access Inbound Traffic in Windows Firewall.

Step 5. Select the VPN Users.

Step 6. Configure the VPN Server to Allow the Network Access.

Step 7. Configure ISP's Firewall to Allow the PPTP Connections.

Step 8. Setup the PPTP Connection on Clients.

.

Step 1. How to Add Remote Access (VPN Access) Role on a Server 2016.

The first step to setup a Windows Server 2016, as a VPN server is to add the Remote Access role to your Server 2016. *

* Info: For this example we're going to setup VPN on a Windows Server 2016 machine, named "Srv1" and with IP Address "192.168.1.8".

1. To install VPN role on Windows Server 2016, open 'Server Manager' and click on Add Roles and Features.

2. At the first screen of 'Add Roles and Features wizard', leave the Role-based or feature-based installation option and click Next.

3. At the next screen, leave the default option "Select server from the server pool" and click Next.

4. Then select the Remote Access role and click Next.

5. At 'Features' screen leave the default settings and click Next.

6. At 'Remote Access' information screen, click Next.

7. At 'Remote Services', choose the Direct Access and VPN (RAS) role services and then click Next.

8. Then click Add Features.

9. Click Next again.

10. Leave the default settings and click Next (twice) at 'Web Server Role (IIS)' and 'Role Services' screens.

11. At 'Confirmation' screen, select Restart the destination server automatically (if required) and click Install.

12. At the final screen, ensure that the installation of the Remote Access role is successful and Close the wizard.

13. Then (from Server Manager) Tools menu, click on Remote Access Management.
14. Select Direct Access and VPN on the left and then click to Run the Getting Started Wizard.

15. Then click Deploy VPN only.

16. Continue to step-2 below to configure Routing and Remote Access.

Step 2. How to Configure and Enable Routing and Remote Access on Server 2016.

The next step is to enable and configure the VPN access on our Server 2016. To do that:

1. Right click on the Server's name and select Configure and Enable Routing and Remote Access. *

* Note: You can also launch Routing and Remote Access settings, by using the following way:

1. Open Server Manager and from Tools menu, select Computer Management.
2. Expand Services and Applications
3. Right click on Routing and Remote Access and select Configure and Enable Routing and Remote Access.

2. Click Next at 'Routing and Remote Access Server Setup Wizard'.

3. Choose Custom configuration and click Next.

4. Select VPN access only in this case and click Next.

5. Finally click Finish. *

* Note: If you receive an error says " Remote Access Service in unable to enable Routing and Remote Access ports in Windows Firewall…", ignore it and click OK to continue.

6. When prompted to Start the service click Start.

Step 3. Configure VPN Server Settings (Security, IP Range, etc.)

1. At Routing and Remote access panel, right click on your server's name and select Properties.

2a. At 'Security' tab, select the Windows Authentication as the Authentication Provider. and then click the Authentication Methods button.

2b. Make sure that the Microsoft encrypted authentication version 2 (MS-CHAP v2) is selected and then click OK.

3a. Now select the IPv4 tab, choose the Static address pool option and click Add.

3b. Now type the IP Address Range that will be assigned to VPN clients and click OK twice to close all windows.

e.g. For this example we're going to use the IP address range: 192.168.1.200 – 192.168.1.209.

Step 4. Allow Routing and Remote Access Inbound Traffic in Windows Firewall

1. Go To Control Panel > All Control Panel Items > Windows Firewall.
2. Click Advanced settings on the left.

3. Select Inbound Rules on the left.
4a. At the right pane, double click at Routing and Remote Access (PPTP-In)

4b. At 'General' tab, choose Enabled, Allow the connection and click OK.

5a. Then double click at Routing and Remote Access (GRE-In).

5b. At General tab, choose Enabled, Allow the connection and click OK.

6. Close the Firewall settings and restart your server.

Step 5. How to Select which users will have VPN Access.

Now it's time to specify which users will be able to connect to the VPN server (Dial-IN permissions).

1. Open Server Manager.
2. From Tools menu, select Active Directory Users and Computers. *

* Note: If your server doesn't belong to a domain, then go to Computer Management -> Local Users and Groups.

3. Select Users and double click on the user that you want to allow the VPN Access.
4. Select the Dial-in tab and select Allow access. Then click OK.

Step 6. How to Configure the Network Policy Server to Allow the Network Access.

In order to allow the VPN users to access the network through the VPN connection, proceed and modify the Network Policy Server as follows:

2. Under the NPS (Local) select Network Policies on the left.

3a. Double click at Connections to Microsoft Routing and Remote Access server policy.

3b. At the 'Overview' tab, select the following settings and click OK:

• • Grant access: If the connection request matches this policy.
  • Remote Access Server (VPN-Dial up)

4a. Now open the Connections to other access servers policy, select the same settings and click OK.

• • Grant access: If the connection request matches this
    policy.
  • Remote Access Server (VPN-Dial
    up)

5. Close the Network Policy Server settings.

Step 7. How to Configure Firewall to Allow PPTP VPN Access (Port Forwarding).

The next step is allow the PPTP VPN connections on your ISP's Router/Firewall.

1. At the top of our browser type your router's IP address: (e.g. "http://192.168.1.1" in this example) and login to router's web interface.

2. Inside the Router configuration setup, forward the port 1723 to the IP address of the VPN Server. (See your Router's manual on how to configure Port Forward). *

• For example, if your VPN Server has the IP address "192.168.1.8" then you have to forward the port 1723 to the IP "192.168.1.8".

Step 8. How to Setup the PPTP VPN Connection on CLIENTS *

* Notes & Additional Help:
1. In order to be able to connect to your VPN server from a distance you have to know the public IP Address of the VPN server. To find the pubic IP Address navigate to this link: http://www.whatismyip.com/ (from VPN Server 2016).
2. To ensure that you can always connect to your VPN server it is better to have a Static Public IP Address. To obtain a Static Public IP Address you must contact your internet service provider. If you don't want to pay for a static IP Address, then you can setup a free Dynamic DNS service (e.g. no-ip.) on your router's (VPN Server) side.

To setup a PPTP VPN Connection on Windows 10:

1. From Settings click Network and Internet, OR, right click at the Network icon on the taskbar and choose Open Network & Internet settings.

2. Click VPN on the left and then click + to Add a VPN connection.

3. At the next screen, fill out the following information and click Save:

a. VPN provider: Select Windows (built-in).

b. Connection name: Type a friendly name for the VPN connection. (e.g.. "VPN_OFFICE")

c. Server name or address: Type the VPN's server host name or the public IP address or the VPN server.

d. VPN Type: Use the drop down arrow to select the type of the VPN connection that your company uses. {e.g. "Point to Point Tunneling Protocol (PPTP)"}.

e. Type of sign-in info: Use the drop down arrow and select the authentication type for the VPN connection. (e.g. "User name and password").

f. User Name: Type the VPN user name.

g. Password: Type the VPN password.

h. Check the "Remember my sign-in info" checkbox, if you want to save your sign-in credentials for the VPN connection and then click Save

4. Under Related settings, choose Change adapter options.

5. Right click on the VPN connection and choose Properties.

6. At Security Tab, select Allow these protocols, and check the following protocols:

• • Challenge Handshake Authentication Protocol (CHAP)
  • Microsoft CHAP Version 2 (MS-SHAP v2)

7. At Networking tab, select the Internet Protocol Version 4 (TCP/IPv4) and click Properties.

7a. Click Advanced.

7b. Uncheck the "Use default gateway on remote network" and click OK three (3) times to apply changes and close all windows.

8. Now you're ready to connect to your VPN Server 2016.

That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free: