With the increasing threats to network security and privacy, bolstering servers with competent security mechanisms becomes very important. A VPN allows you to establish a private network that can be used to tunnel the data from a local computer to a remote server. In this tutorial, we will be configuring a VPN server in Windows Server 2022 which will help you make your processes much more available and secure.
In this tutorial, we will be leveraging Remote and Remote Access Services (RRAS) to configure a VPN server. RRAS offers a seamless and easy-to-use interface to set up networking features such as VPN, NAT, Dial-Up Access server, Lan Routing, etc.
Here are the prerequisites of setting up a VPN server on Windows Server 2022:
- A Dedicated Server with Windows Server 2022 installed or a Cloud VPS
- You must be logged into the system as an administrative user via Remote Desktop Protocol
Step 1: Update your Windows System
Go to the start menu and search for Windows Powershell. Right-click on the Windows Powershell result, and hit Open as Administrator.
Now, we will be installing the Windows update module for Powershell for updating the system. Updating the system ensures that you steer clear of any issues or vulnerabilities while setting up a VPN server on Windows server 2022. Enter the following command to install the Windows update module for Powershell:
The Powershell might prompt you for confirmation. Press Y, and enter to confirm.
Now, enter the following command to get the list of the latest updates:
Finally, install all the latest updates by running the following command:
Now that your Windows 2022 Server is up-to-date, you will be asked to Restart the system, Press Y or restart the system by entering the following command
Step 2: Install Remote Access Role in Your Windows Server 2022
Launch a new Windows Powershell window in the administrative mode and enter the following commands to install the following:
- Remote Access feature
- Direct Access and VPN (RAS)
- Routing along with management tools.
Install-WindowsFeature RemoteAccess Install-WindowsFeature DirectAccess-VPN -IncludeManagementTools Install-WindowsFeature Routing -IncludeManagementTools
Step 3: Set Up Routing and Remote Access
Open the Windows Server Manager through the start menu.
Go to Routing and Remote access from the Tools dropdown menu in navigation.
Right-click on your local server in the left pane and hit the “Configure and Enable Routing and Remote Access” option. The Routing and Remote Access Server Setup Wizard will open.
In the Routing and Remote Access Server Setup Wizard, select the “Custom Configuration” radio button. We do this since we are going to configure the routing and access manually. Hit Next.
Now, check the “VPN Access” and “NAT” boxes when the wizard asks for the services you want to enable on the server. Click on the Next Button to see the summary of your selection.
Lastly, after you click the Finish button, you will see a prompt that shows, “The Routing and Remote Access service is ready to use.” Run the service by clicking on the Start Service button.
Step 4: Configure the VPN Properties
Your VPN server will be running on your system after Step 3. It is now time to configure it. Right-click on your local server, under the left pane of the Routing and Remote Access window, and navigate to “Properties”.
Go to the Security tab and check the “Allow custom IPSec policy for L2TP/IKEv2 connection” box. Enter a very long PSK(Pre-shared key) under it. You can generate a random key using any tool. You can also use Google Cloud Random key generator.
Thereon, navigate to the IPv4 tab and select static address pool under IPv4 address assignment. Then, hit the “Add” button and you will get a pop-up window to enter IP address ranges. In the pop-up window, enter the starting address and ending address of the IP address range you want the users to assign to.
Click on the OK button to save the IP address ranges and finally click on the OK button on the Properties window. You may see a message that you need to restart the Routing and Remote Access service to apply changes successfully. You can ignore it and click on OK as we’re going to restart the service after the next step anyway.
Step 5: Configuring NAT Properties
Your local server is listed on the left pane of the Routing and Remote Access window. Expand it by clicking on the arrow aside it or double-clicking. Similarly, expand IPv4 listed under your local server. You will find the NAT object there. Right-click on NAT and select the “New Interface” option.
Choose “Ethernet” and hit OK to proceed. On the NAT tab, go with the “Public interface connected to Internet” radio button and check the “Enable NAT on this interface” box.
Further, navigate to the “Services and Ports” tab and check the “VPN Gateway(L2TP/IPSec – running on this server)” box. You will see a new interface for editing the settings of the service.
Now, change the private address from 0.0.0.0 to 127.0.0.1 and save by hitting OK.
Finally, save the configuration of the NAT interface by clicking OK.
Step 6: Restart Routing and Remote Access
Right-click on your local server under the left-pane of the Routing and Remote Access window. Click on “Restart” under “All Tasks”.
This will restart all services and tasks under the Routing and Remote Access service. This will also ensure that our changes and configurations have been applied.
Step 7: Configure Windows Firewall
Open the Windows Defender Firewall through the start menu and navigate to “Inbound Rules”.
On the “Inbound Rules” in the left pane and select “New Rule” on the right pane. The New Inbound Rule Wizard will open.
Windows Server 2022 already has predefined rules for running the VPN server. We just need to enable them. In the New Inbound Rule Wizard, select the “Predefined” radio button and select the ”Routing and Remote Access” option from the drop-down menu.
In the “Predefined Rules” section, check the “Routing and Remote Access(L2TP-In)” box and hit Next.
In the “Action” section, select the “Allow the connection” option and click Finish.
We have successfully configured the Windows Firewall to allow inbound traffic on UDP port 1701.
Step 8: Create VPN User
Open “Computer Management” from the start menu. You will see “Local Users and Groups” in the left pane of the Computer Management window. Expand it and right-click on “Users”. Click on “New Users” to create a new user.
A New User prompt will open. Enter a username, full name, and strong password in the New User prompt. Unselect the “User must change the password on next login” checkbox. Hit Create to create a new user.
You will find the newly created user listed in the Computer Management window. Right-click on the user and click the on the Properties option.
Go to the Dial-in tab of the VPN user’s properties. Select the Allow Access radio button for the Network Access Permissions setting. Hit OK to save properties.
You have successfully set up an L2TP/IPSec VPN server on Windows Server 2022 and it is now ready to accept connections.
Step 9: Connecting VPN Clients
Once your VPN server is successfully set up, you can now easily connect to the remote VPN server with other devices. All you need to do is to share the PSK and Windows credentials with the users who wish to connect to the VPN server.
Step 10: Monitor your VPN Server
Open the Remote Access Management Console by searching for it in the start menu. In the console, you should be able to see the status of your VPN server in the dashboard. If you have installed the VPN server on your Windows Server 2022 successfully by following the tutorial, you will see a green check on all the services. The Remote Access Management Console can also be used to see the details of connected clients.
There we go! We have successfully set up a VPN server on Windows Server 2022 in 10 easy and simple steps. You will now be able to use this freshly configured L2TP/IPSec VPN server to securely connect to the other connected devices. The installed VPN server can also be used as a proxy server to access the internet securely.