VPN Server with Windows Server: Installation and Configuration

VPN Server Configuration

From the server manager, click the notification icon 1 and then click Open Startup Assistant 2 .

Ouvrir l'assistant de configuration du serveur VPN / Open the VPN Server Configuration Wizard

Click Deploy VPN only 1 , this action will open the Routing and Remote Access console.

Assistant de configuration / Configuration Wizard

Once the console is open, right click on server 1 and click Configure and enable routing and remote access 2 .

Start configuration

A new assistant will launch, click Next 1 .

Wizard configuration

Select Custom Configuration 1 then click Next 2 .

Custom configuration

Select the VPN Access 1 service to configure the VPN server and click Next 2 .

Accès VPN pour configurer un serveur VPN / VPN access to configure a VPN server

Click Finish 1 .

Configuration completed

Click on Start Service 1 .

Démarrer le service pour rendre accessible le serveur VPN / Start the service to make the VPN server accessible

The VPN server is now operational, by default access to the VPN service is granted through the user’s properties in the Active Directory at the Remote Access tab. In a large environment this way of working quickly becomes heavy to administrator, we will now use the Network Policy Server (NPS) features to give the connection rights to an Active Directory group.

Launch the NPS Server Console on the server.

Serveur NPS

Unroll Strategies node 1 then right click on Network Strategies 2 and click on New 3 .

Création d'une stratégie d'accès au serveur VPN / Creating a VPN server access policy

Name the strategy 1 and choose the type Remote Access Server (VPN-Dial-up) 2 then click Next 3 .

Name and type policy

It is here that we will configure the conditions of access to the service, it is possible to add several conditions including access hours. Click the Add button 1 .

Ajouter de conditions d'accès au serveur VPN / Adding access conditions to the VPN server

Choose User Groups 1 and click Add 2 .

Select Users Groups

A new window opens, click on Add 1 to choose the group, once this 2 select click OK 3 .

Sélection du groupe autorisé à se connecter au serveur VPN / Selecting the group allowed to connect to the VPN server

Once conditions are added, click on Next 1 .

Conditions accès au serveur VPN ajoutées / VPN server access conditions added

Configure authorization to see if the policy is a 1 granted access policy or denied and click Next 2 to validate.

Type d'autorisation d'accès au serveur VPN / Type of access authorization to the VPN server

This part of the configuration is important for the future, including the configuration of the VPN client and the security level. The addition of an EAP protocol type is not mandatory but strongly recommended, click on the button Add 1 .

Configuration de l'authentification sur le serveur VPN / Configuring authentication on the VPN server

Select Microsoft: Secure Password (EAP-MSCHAP Version 2) 1 and click OK 2 .

Select EAP

Once you have selected the authentication types and methods, click Next 1 .

Configuration de l'authentification sur le serveur VPN / Configuring authentication on the VPN server

If a message appears about the authentication methods, click No to not open help.

In the strategy, no opposite will be configured, but it is possible to add as hours of access or force a type of VPN (NAS). Click Next 1 .

Configuration des contraintes d'accès au serveur VPN / Configuring access constraints to the VPN server

A summary of the strategy is displayed, click Finish 1 to confirm the creation.

Stratégie configurée pour l'accès au serveur VPN / Policy configured for VPN server access

The strategy has been added 1 . They are treated as on a firewall, they are read from top to bottom. If you have multiple policies, one of which does not apply, check that the traffic does not go into a strategy above.

Stratégies d'accès au serveur VPN / VPN server access policies

Before you can use the VPN server, you must register the NPS server in the Active Directory for access permissions to be processed by it, right-click on NPS (Local) 1 and click Register a server in Active Directory 2 .

Inscription du serveur NPS dans l'AD pour la gestion des accès au serveur VPN / Register the NPS server in the AD for VPN server access management

Click OK on the two confirmation messages that appear.

Before you proceed with the client configuration, look in the Remote Access Management console tools and click on it to open it. This console allows you to view the status of VPN server services and view connections in progress …

Services du serveur VPN / VPN server services