How to Set Up VPN on a Windows Server – A Comprehensive Guide

Setting up a Virtual Private Network (VPN) on a Windows Server can provide you with enhanced security and privacy. VPNs are a vital component in modern networking and having one on your server can bring many benefits such as encrypted connections, access to restricted content, and more.

VPN on a Windows Server
How to Set Up VPN on a Windows Server

In this comprehensive guide by SRVPS, we’re going to walk you through the process of setting up a VPN on a Windows Server step by step. Before we get started, make sure you have a Windows Server up and running. If you don’t have one yet, visit to purchase your own virtual server with the ability to choose from various countries.


To begin, ensure that you have the following:

  1. An active Windows Server. If you need a virtual server, SRVPS offers reliable Windows Virtual Servers.
  2. Administrative access to the server.
  3. A stable Internet connection.

Step 1: Installing the VPN Role on Your Windows Server

  1. Launch the Server Manager: To start, click on the Start button and select Server Manager. This application allows you to manage your server roles and features.
  2. Access the Add Roles and Features Wizard: In the Server Manager dashboard, you’ll find a menu on the top right corner. Click on Manage and from the drop-down list, select Add Roles and Features. This will open the Add Roles and Features Wizard.
  3. Navigate through the Wizard: You’ll be presented with a Before you begin page that offers some information about the wizard. Read through and click Next. Choose Role-based or feature-based installation for installation type and click Next.
  4. Select the Server: In the Server Selection tab, choose the server on which you want to install the VPN role and click Next.
  5. Select the Server Role: In the Server Roles tab, you will see a list of roles that can be installed on your server. Scroll down and locate Remote Access. Check the box next to it. A new window will pop up with additional features that are required for Remote Access. Click Add Features then Next.
  6. Confirm Installation Selections and Install: Finally, you’ll be directed to the Confirmation page where you can review your choices. Once satisfied, click Install to start the process. The installation time may vary depending on your server’s specifications.

Congratulations! You have successfully installed the VPN role on your Windows Server. You can now proceed to the next step which involves configuring the VPN.

Step 2: Configuring the VPN Role on Your Windows Server

  1. Open Routing and Remote Access: To begin, you need to access the Routing and Remote Access tool. From the Server Manager dashboard, find the Tools menu in the upper right corner. Click on it and select Routing and Remote Access from the drop-down list.
  2. Enable Routing and Remote Access: In the new window, you’ll see your server listed in the left pane. Right-click on the server name and select Configure and Enable Routing and Remote Access. This will open up a new wizard that guides you through the configuration process.
  3. Choose Your Configuration: A new wizard window will open. Select Network address translation (NAT) option if your server is connected directly to the Internet. If it isn’t, select Secure connection between two private networks. Click Next.
  4. Select Your Internet-facing Interface: The wizard will now ask you to choose the network interface that is connected to the Internet. Select the appropriate interface from the drop-down list and click Next.
  5. Specify IP Address Assignment: Here, you can either allow the server to automatically assign IP addresses, or you can specify a range of addresses manually. Make your choice and click Next.
  6. Enable RADIUS Server (Optional): If you want to integrate with an existing enterprise-wide authentication system (like a RADIUS server), you can enable it here. If not, just click Next.
  7. Complete the Wizard: Review your settings in the summary page. If everything is correct, click Finish to complete the setup.

You’ve successfully configured the VPN role on your Windows Server. The next step is to configure the necessary policies and access rights to allow VPN connections.

Step 3: Granting Access to Your VPN on Windows Server

  1. Navigate to Network Policy Server: Start by accessing the Network Policy Server (NPS). You can do this by going to your Server Manager, clicking on Tools, and then selecting Network Policy Server from the dropdown menu.
  2. Create a New Network Policy: In the NPS console, in the left pane, navigate to Policies, and then click on Network Policies. In the main pane, right-click in the open area and select New to create a new network policy.
  3. Set Policy Details: A New Network Policy wizard will open. Enter a descriptive policy name, leave the type of network access server as Remote Access Server (VPN-Dial up), and then click Next.
  4. Specify Conditions: In the Specify Conditions page, click Add. In the Select condition dialog box, scroll down and click on Tunnel Type. Select Layer Two Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP), then click OK. Click Next.
  5. Configure Access Permissions: In the Access Permission page, ensure Access granted is selected for the network policy to determine whether to grant the connection request. Click Next.
  6. Configure Authentication Methods: In the Authentication Methods page, select the authentication methods required for the network policy. For VPN connections, select Microsoft Encrypted Authentication version 2 (MS-CHAP-v2) and click Next.
  7. Configure Constraints: In the Configure Constraints page, you can leave the default settings and click Next.
  8. Configure Settings: In the Configure Settings page, leave the default settings and click Next.
  9. Finish Creating Network Policy: Review your settings in the Completing New Network Policy page, then click Finish.

Congratulations! You’ve successfully set up and configured a VPN on your Windows Server. Now you’re ready to start using your VPN to secure and manage your network traffic.