StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

How to install VPN access on Windows Server 2016

  • May 1, 2017
  • 10 min read
IT and Virtualization Consultant. Vladan is the founder, and executive editor of the ESX Virtualization Blog at He is a VMware VCAP-DCA and VCAP-DCD, and has been a vExpert from 2009 to 2023.
IT and Virtualization Consultant. Vladan is the founder, and executive editor of the ESX Virtualization Blog at He is a VMware VCAP-DCA and VCAP-DCD, and has been a vExpert from 2009 to 2023.

I did previously setup during a few occasions, VPN access on Windows Server 2012 R2, but haven’t tested that on the newly released Windows Server 2016.

Remote access role is a VPN which protects the network connection or your remote connection from one side to another and protecting both sides from attacks or data sniffing as VPN protocol uses a tunnel inside of a standard data connection.

Conventional Disaster Recovery options for virtualized IT environments running on Microsoft Windows Server 2016

Learn from this video about:

  • What you should prepare your IT environment for
  • Storage Replica vs. Veeam Backup & Replication vs. Hyper-V Replica
  • Demonstrating each disaster recovery site option in use
Free of Charge. No Registration.

Note: You’ll need to open a TCP port 1723 on your firewall as this port is used for the VPN access.

Also, I’d like to point out that this might not be a guide for enterprise deployment as there you’ll perhaps use a hardware VPN from your router or use a Direct Access feature which however relies on Internet Protocol version six (IPv6) technologies to establish client connections.

How to install VPN on Windows Server 2016 – The steps:

Install a Remote access role via the Add Roles and Features Wizard. Open Server Manager either locally on the server that will host the remote access role or on a computer that has Server Manager configured to connect to the server you’re deploying the role.

Then select Add Roles and Features Wizard from the Manage Menu. Click next on the before you begin page if it is displayed. Then select Role-Based or Feature-Based installation and click next.

On the Select Server Role page, scroll down and then select check box Remote Access. And then click next.

Remote Access Role

You’ll need to click two more times to get to the Remote access Role Services, where you’ll have to select Direct Access and VPN.

DirectAccess and VPN

Accept the installation of sub-components, such as IIS… Accept all the defaults.

It will take some time to finish the installation of all components and sub-components.

Then click on the link Open the Getting Started Wizard to open the configuration wizard.

windows server 2016

A new window will appear. You’ll need to click Deploy VPN only which will configure VPN by using the Routing and Remote Access console.

Deploy VPN Wizard

After you click on that part, you’ll open the Routing and Remote Access console. Right click on the Server name and click on Configure and Enable Routing and Remote Access.

Note: You can also launch this console via Control Panel > System and Security > Administrative tools.

Configure and enable Remote Access

Click Next and Select Custom Configuration.

Select Custom Configuration

So far, it’s been very simple. Let’s go and finish the configuration. All we need to do on the next screen is to tick the checkbox VPN access as we only want this feature to be active.

Select the service - VPN Access

You’ll then have only one page which displays the summary of your selections. Confirm by clicking the Finish button.  After few seconds, you’ll see a pop-up window asking you to start the Routing and Remote Access service. Click on Start Service button.

Next Step – Allow some users to connect to your newly configured VPN server

Usually this kind of small environment can be used for system administrators requiring access to remotely installed server, or for a small group of users within an organization. Depending on the architecture, the server can be part of a Microsoft Domain and have a central management of users through an Active Directory (AD) or it can be a standalone server which is just outside of any domain.

For the sake of simplicity, we consider this case, but in both cases, you’ll need to configure at least one user to access through the VPN and we’ll show you how.

So if you’re in “Workgroup” environment you can use a Computer Management Console (MMC), and if you’re in a domain environment this can be done in the user properties of an Active Directory user.

Allow access to the users

Usually, there is a DHCP server within a company environment. If that’s not the case, you’ll have to add a static address pool.

You can find the settings in the properties of your VPN server, where you can click on the IPv4 tab and enable and configure the Static address pool. Make sure to use the same subnet as your static address of your server.

Add a static address pool if you don't have DHCP

Well, this is about.

From the client’s perspective. The client has to configure a VPN connection from the client’s end. So, depending on the Operating system the client is using, the setup might differ.

But basically, you’ll should set up new VPN connection.

Configure VPN windows server 2016 on the client side

And then

Setup VPN connection - client side

This will create a new connection within the network connection window there.

New VPN connection

To finally get this screen after connecting and entering your password.

Connection details

Wrap up: Windows Server VPN

This is the simplest way of doing it. It involves, however, opening the TCP 1723 port on the firewall. Note that another solution of remote access exists, but they usually involve installation of third party tools on the server side, and also on the client side.

You may want to avoid installing those tools on company servers and stick to traditional Built-in VPN from Microsoft, for remote administration.

You may also be limited with your budget as those tools usually cost money when used in the enterprise environment on server systems.

Hey! Found Vladan’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!