Categories
All Posts Remote Desktop Hosting Windows Server 2016

Windows Server 2016 VPN

Update:  See link here for Setting up the VPN Role on Server 2019- http://www.riptidehosting.com/blog/how-to-install-vpn-server-on-windows-server-2019/

Windows Server 2016 VPN

Using a VPN with RDP is more secure because it provides two steps to access your network.  You could require clients to connect with a VPN first before being able to RDP to the server.  Unless you are using our Dedicated Server Hosting offering where you can have a hardware vpn device, you will need to install a software VPN on the server.  One option is using the free built-in Windows VPN role service. Other software VPN options available have been Hamachi (acquired by LogMeIn), Zerotier which provides software defined networking capabilities, and other options.

WINDOWS SERVER BUILT-IN VPN ROLE:

If you are interested in setting up the built-in VPN role on Windows Server 2016 and then limiting RDP access to private IPs after VPN is connected, contact Riptide Hosting for a post we wrote on how to set this up.  PPTP VPN using Windows Authentication is password based so strong/complex passwords are still very important. Other VPN protocols, certificate authentication, may provide stronger security depending on your needs and environment.  You can use the built-in Windows VPN to setup a L2TP VPN with preshared keys too.

General steps to install the (free) built-in VPN role on Windows Server 2016:

  • Add “Remote Access” server role with “DirectAccess and VPN (RAS)” role service.
  • Open the Getting Started Wizard, select “Deploy VPN only”, “Configure and Enable Routing and Remote Access”, Select “Custom Configuration”, Select “VPN access” only. Start Service.  Reboot
  • Go into “Routing and Remote Access” properties, IPv4 tab to add static IP address pool with private IPs
  • Change Network Adapter settings, IPv4, to add secondary IP from private IP range above
  • Adjust User Properties for each user on the Dial-In tab to Allow “Network Access Permission”
  • Setup VPN Connection on each user PC (may need to uncheck “use default gateway on remote network” if having internet issues on the PC)
  • Adjust Server Firewall rules to disable RDP access on port 3389
  • Test deployment (verify you can’t RDP without using VPN first, etc.)
  • Our steps generally follow the steps in these links with a few additional items noted

https://www.thomasmaurer.ch/2016/10/how-to-install-vpn-on-windows-server-2016/

https://www.starwindsoftware.com/blog/how-to-install-vpn-access-on-windows-server-2016