Routing and Remote Access in Windows Server 2016 (Part 3): Configure VPN

Photo of author

By Victor Ashiedu

Published

Introduction

This is part 3 of a 4-part “Routing and Remote Access” series. This part covers how to configure VPN in Windows Server 2016.

VPN in Windows Server 2016 allows external users to dial-in or connect through a secure Virtual Private Network (VPN).

Setup Requirements for VPN in Windows Server 2016

  1. A Domain Controller
  2. An AD member server with Routing, DirectAccess and VPN (RAS) Role Services installed
  3. 2 network interface cards on the RAS server. 1, connected to the internet. 2, the second with access to the internal network
  4. A DHCP server with scope configured to issue IP to the internal network
  5. A DNS Server for Name Resolution
Setup of DNS and DHCP servers are not included in this guide nor in the series.

To install Remote Access, read part 1 of this series.

Steps to Enable and Setup VPN in Windows Server 2016

The steps to enable and setup VPN are:

  • Enable VPN
  • Configure DHCP Relay Agent (to support relaying of DHCP messages from remote clients)
  • Add the VPN Server to the RAS and IAS Servers Active Directory security group

Configure VPN in Windows Server 2016: Enable Virtual Private Network (VPN)

Enable Virtual Private Network (VPN)

To enable VPN in Server 2016:

  • Log on to the member server with Remote Access role installed. Then open Server Manager.
  • At Server Manager, click Tools and select Routing and Remote Access.
Steps to Enable and Setup VPN in Windows Server 2016
  • When Routing and Remote Access settings opens, right-click the server. Then select Configure and Enable Routing and Remote Access.
Steps to Enable and Setup VPN in Windows Server 2016
  • When the wizard opens, click Next.
  • On the Configuration page, select Remote access (dial-up or VPN). Then click Next.
  • On the Remote Access page, check VPN and click Next.
  • Select the network interface that connects the server to the internet. Then click Next.
vpn windows server 2016
  • On the Network Selection page, select the interface that VPN clients will connect to (internal network). In this example, I selected the interface for internal networks. Then click Next.
vpn windows server 2016
  • On the IP Address Assignment screen, select Automatically then click Next. If you have a working DHCP server, it will issue IP addresses to the VPN clients. Otherwise, the RRAS server will issue IP addresses.
  • On this page, accept the default selection and click Next. If you have a RADIUS server your VPN server can send authentication requests to it. In that case, select option 2…
  • To enable VPN in Windows Server 2016, click Finish.
  • If you receive this message, click OK. There is a section dedicated to this task in this guide.
vpn windows server 2016
  • Note this information and click OK. The next section covers the steps to configure DHCP Relay agent.
vpn windows server 2016
  • Finally, your Server will initialize and start the service. When the RRAS service is started, your server will change to green (See the second image below)
vpn windows server 2016
vpn windows server 2016

Configure VPN in Windows Server 2016: Setup DHCP Relay Agent

Configure VPN in Windows Server 2016: Setup DHCP Relay Agent

A DHCP Relay Agent configuration is required in VPN setup to support relaying of DHCP messages from remote clients.

Here are the steps to enable DHCP Relay Agent on the VPN server:

  • Open Routing and Remote Access setup. Expand the server. Then expand IPv4
  • Beneath IPv4, right-click General and select New Routing Protocol…
  • On the Routing protocols: list, click DHCP Relay Agent. Then click OK. The protocol will be added. See the second image below.
  • Right-click DHCP Relay Agent and select New Interface...
  • In the interfaces list, select the interface for your internal network. Then click OK. When the properties of the new interface pops up, click OK (second image below). The interface will be added (third image)
  • Finally, right-click DHCP Relay Agent and click Properties.
  • Beneath Server address:, add the IP address of your DHCP server. Then click Add.
  • To save your changes, click OK.

This part of the VPN setup is complete. Here is the final bit…

Add the VPN Server to the RAS and IAS Servers AD Security Group

Add the VPN Server to the RAS and IAS Servers AD Security group

The last bit in the setup of VPN in Windows Server 2016 is to add your VPN server to the RAS and IAS Servers Active Directory security group.

Here are the steps:

  • Login to a Domain Controller and open Server Manager.
  • When Server Manager opens, click Tools. Then select Active Directory Users and Computers.
  • When AD Users and Computers opens, right-click your domain and click Find.
  • At the search bar, type RAS and click Find Now. Then double-click RAS and IAS Servers group.
vpn windows server 2016
  • Click Members tab. Then click Add.
vpn windows server 2016
  • Click Object types. Then check the box beside Computers and click OK (Second image below).
vpn windows server 2016
vpn windows server 2016
  • When you return to Select this object type:, type the name of your VPN server in the box, then click Check Names. The name of the server will then be underlined indicating that AD found the object. To add the server as a member of this group, click OK.
vpn windows server 2016
  • The server is now a member of the RAS and IAS Servers AD security group. To save your changes, click OK.

Conclusion

Configuring VPN in Windows Server 2016 is this simple (well, reasonably so!). I hope you found this guide useful.

If you did, please share your experience with our forum at [discourse_topic_url]. Moreover, if you also have any questions regarding the guide or if the steps didn’t fix your problem, you can post them at [discourse_topic_url].

Our team and other community members will respond to your questions as soon as possible.

If you have any questions or comments, use the “Leave a Reply” form at the end of this page.

To read part 3 of this series click Routing and Remote Access in Windows Server 2016 (Part 4): Configure Web Application proxy.

Want more Windows Server guides? Visit our Windows Server Fix page.

We go the extra mile to deliver the highest quality content for our readers. Read our Content Writing, Content Review, and Anti-Plagiarism policies to learn more.

About the Author

Photo of author

Victor Ashiedu

Victor is the founder of InfoPress Media, publishers of Ilifeguides and Itechguides. With 20+ years of experience in IT infrastructure, his expertise spans Windows, Linux, and DevOps. Explore his contributions on Itechguides.com for insightful how-to guides and product reviews.

Related Articles

Get in Touch

If this article does not meet your expectations, kindly let us know. We have various ways you can get in touch with us:

  1. Respond to "Was this page helpful?" above
  2. Leave a comment with the "Leave a Comment" form below
  3. Email us at [email protected] or via the Contact Us page.

Leave a comment

Send this to a friend