How to Install VPN on Windows Server 2019: Step-By-Step Guide

Virtual Private Networks are a must-have tool for Windows Server operators. A VPN allows network operators to ensure maximum security and privacy for their systems.

If you need an up-to-date guide of how to install and configure a VPN on the latest version of the server OS, Windows Server 2019, we’ve got you covered. Without further ado, let’s get started:

Follow These Simple Steps

Setting up the VPN will be a two-stage process… In stage 1, we will set up a remote access point (or a remote access role) that can access this network from outside.

Stage 1: Installing Role for Remote Access

We start by installing Remote Access:

  1. Open up Server Manager.
Add Roles and Features

Add Roles and Features

 

  1. Select Manage.
  2. Click on the option Add Roles and Features Wizard.
Remote Access Server Role

Remote Access Server Role

 

 

  1. Check the Remote Access check box.
  2. Click Next.
Direct Access and VPN Role Services

Direct Access and VPN Role Services

  1. On the step of Role Services, check the Direct Access and VPN (RAS) check box.
  2. Click Next.
Install Remote Access Role

Install Remote Access Role

  1. On the last step Confirmation, press the Install button. This will install the Remote Access Role and will reboot the system as well.

That’s it, stage 1 is complete.

Once rebooted, we move on to the next and final stage of the installation.

Stage 2: Setting up VPN

Setting up the VPN requires us first to install the VPN and then configure it. Windows Server 2019 has a dedicated wizard for the job.

1.      Installation

Now, after installing Remote Access Role, we can begin with the VPN installation.

‘Getting Started’ Wizard

‘Getting Started’ Wizard

After the installation of the Remote Access Role is finished (it may take some time), the link for opening the “Getting Started Wizard” will appear.

  1. Click on Open Getting Started Wizard. This opens up another wizard (Getting Started Wizard for VPN).
Configure Remote Access

Configure Remote Access

  1. Here select the option Deploy VPN Only on the first window. This will take you to Routing and Remote Access Management Console.
Routing and Remote Access

Routing and Remote Access

  1. Select the name of the server, given on the left side of the panel on the Routing and Remote Access Management Console by using right-click, and then click on Configure and Enable Routing and Remote Access.
Configure and Enable Routing and Remote Access

Configure and Enable Routing and Remote Access

  1. This will open up a new wizard: Routing and Remote Access Server Setup Wizard.
Customer Configuration

Customer Configuration

  1. Here, select Custom Configuration.
  2. Click Next.
VPN Access

VPN Access

  1. Here on the next step, select VPN Access.
Start Service

Start Service

On the next step, clicking Finish will show a dialog box asking you to start the service. Click on Start service.

This finishes up the installation process and we are now ready for the configuration part.

Configuration

Now that we are done with installing the VPN, we can now open the firewall and direct the ports towards our Windows Server so that traffic generated by this server can pass through the firewall and is not blocked.

You can also picture this as connecting a VPN user to your newly created private network.

For this, first you need to set up the following ports depending upon which protocol is being used.

  • For SSTP: 443 TCP
  • For L2TP over IPSEC: 500 UDP and 1701 TCP
  • For PPTP: 1723 TCP and Protocol 47 GRE (PPTP Pass-through)
Allow Remote Access

Allow Remote Access

Once the installation is done, you need to check whether the users you want connecting with the VPN have Remote Access enabled.

You can enable the users…

  • In a standalone server through the Computer Management MMC,

OR

  • Active Directory user’s User Properties in a domain environment.

Check to see if there is a DHCP server available. If not, then you need to configure a static IP address pool.

To add a static IP address pool…

  1. Go to the properties of the newly installed VPN server.
Static IP Address Subnet

Static IP Address Subnet

  1. Select the IPv4
  2. Select the static address pool radio button. Press Add.
  3. In the new window of IPv4 Address Range, add an IP address. Make sure that the static address pool and the subnet the IP address belongs to are the same. This will enable the users to reach the server without being shut out.
  4. Click OK, then Apply and you are done with the configuration.

And there you have it! You can now operate Windows Server 2019 with a VPN.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.