How to Set Up a VPN Server on Windows Server 2022

How to Set Up a VPN Server on Windows Server 2022

With the increasing threats to network security and privacy, bolstering servers with competent security mechanisms becomes very important. A VPN allows you to establish a private network that can be used to tunnel the data from a local computer to a remote server. In this tutorial, we will be configuring a VPN server in Windows Server 2022 which will help you make your processes much more available and secure.

We will be leveraging Remote and Remote Access Services (RRAS) to configure a VPN server. RRAS offers a seamless and easy-to-use interface to set up networking features such as VPN, NAT, Dial-Up Access server, Lan Routing, etc.

Here are the prerequisites of setting up a VPN server on Windows Server 2022:

  • A Dedicated Server with Windows Server 2022 installed or a Cloud VPS
  • You must be logged into the system as an administrative user via Remote Desktop Protocol

Explore Our Best VPS Hosting Options for Windows

ProviderUser RatingBest for 
4.8PerformanceVisit Kamatera
4.4SecurityVisit InterServer
4.9Unlimited bandwidthVisit Ultahost

Step 1: Update your Windows System

Go to the start menu and search for Windows Powershell. Right-click on the Windows Powershell result, and hit Open as Administrator.

screenshot of Windows Powershell window

Now, we will be installing the Windows update module for Powershell for updating the system. Updating the system ensures that you steer clear of any issues or vulnerabilities while setting up a VPN server on Windows server 2022. Enter the following command to install the Windows update module for Powershell:

Install-Module PSWindowsUpdate

The Powershell might prompt you for confirmation. Press Y, and enter to confirm.

Now, enter the following command to get the list of the latest updates:

Get-WindowsUpdate

Finally, install all the latest updates by running the following command:

Install-WindowsUpdate

screenshot of Windows Powershell window

Now that your Windows 2022 Server is up-to-date, you will be asked to Restart the system, Press Y or restart the system by entering the following command

Restart-Computer

Step 2: Install Remote Access Role in Your Windows Server 2022

Launch a new Windows Powershell window in the administrative mode and enter the following commands to install the following:

  • Remote Access feature
  • Direct Access and VPN (RAS)
  • Routing along with management tools.
Install-WindowsFeature RemoteAccess
Install-WindowsFeature DirectAccess-VPN -IncludeManagementTools
Install-WindowsFeature Routing -IncludeManagementTools

screenshot of Windows Powershell window

Step 3: Set Up Routing and Remote Access

Open the Windows Server Manager through the start menu.

Go to Routing and Remote access from the Tools dropdown menu in navigation.

screenshot of Server manager window with highlighted Routing and Remote Access

Right-click on your local server in the left pane and hit the “Configure and Enable Routing and Remote Access” option. The Routing and Remote Access Server Setup Wizard will open.

screenshot of Routing and Remote Access Server Setup Wizard

In the Routing and Remote Access Server Setup Wizard, select the “Custom Configuration” radio button. We do this since we are going to configure the routing and access manually. Hit Next.

Now, check the “VPN Access” and “NAT”  boxes when the wizard asks for the services you want to enable on the server. Click on the Next Button to see the summary of your selection.

screenshot of Routing and Remote Access Server Setup Wizard (configuring)

Lastly, after you click the Finish button, you will see a prompt that shows, “The Routing and Remote Access service is ready to use.” Run the service by clicking on the Start Service button.

screenshot of Routing and Remote Access Server Setup Wizard (finishing)

Before setting up routing and remote access, ensure your hosting environment supports these configurations. While Windows Server 2022 is our focus, many Linux Hosting providers also offer options for VPN server configurations.

Step 4: Configure the VPN Properties

Your VPN server will be running on your system after Step 3. It is now time to configure it. Right-click on your local server, under the left pane of the Routing and Remote Access window, and navigate to “Properties”.

screenshot of Routing and Remote Access Server (configuring security things)

Go to the Security tab and check the “Allow custom IPSec policy for L2TP/IKEv2 connection” box. Enter a very long PSK(Pre-shared key) under it. You can generate a random key using any tool. You can also use Google Cloud Random key generator.

Note
Note: Make sure to store the PSK securely with your as it will be needed when a user wants to connect to your VPN server.

Thereon, navigate to the IPv4 tab and select static address pool under IPv4 address assignment. Then, hit the “Add” button and you will get a pop-up window to enter IP address ranges. In the pop-up window, enter the starting address and ending address of the IP address range you want the users to assign to.

screenshot of Routing and Remote Access Server (configuring IPv4)

Click on the OK button to save the IP address ranges and finally click on the OK button on the Properties window. You may see a message that you need to restart the Routing and Remote Access service to apply changes successfully. You can ignore it and click on OK as we’re going to restart the service after the next step anyway.

Still searching for a reliable host? Check out our list of the Best Windows VPS Hosting Providers

Step 5: Configuring NAT Properties

Your local server is listed on the left pane of the Routing and Remote Access window. Expand it by clicking on the arrow aside it or double-clicking. Similarly, expand IPv4 listed under your local server. You will find the NAT object there. Right-click on NAT and select the “New Interface” option.

Choose “Ethernet” and hit OK to proceed. On the NAT tab, go with the “Public interface connected to Internet” radio button and check the “Enable NAT on this interface” box.

screenshot of Ethernet 2 Properties window

Further, navigate to the “Services and Ports” tab and check the “VPN Gateway(L2TP/IPSec – running on this server)” box. You will see a new interface for editing the settings of the service.

Now, change the private address from 0.0.0.0 to 127.0.0.1 and save by hitting OK.

Finally, save the configuration of the NAT interface by clicking OK.

Step 6: Restart Routing and Remote Access

Right-click on your local server under the left-pane of the Routing and Remote Access window. Click on “Restart” under “All Tasks”.

screenshot of Routing and Remote Access Server (restarting all tasks)

This will restart all services and tasks under the Routing and Remote Access service. This will also ensure that our changes and configurations have been applied.

Step 7: Configure Windows Firewall

Open the Windows Defender Firewall through the start menu and navigate to “Inbound Rules”.

screenshot of Windows Defender Firewall and Advanced Security window

On the “Inbound Rules” in the left pane and select “New Rule” on the right pane. The New Inbound Rule Wizard will open.

Windows Server 2022 already has predefined rules for running the VPN server. We just need to enable them. In the New Inbound Rule Wizard, select the “Predefined” radio button and select the ”Routing and Remote Access” option from the drop-down menu.

screenshot of New Inbound Rule Wizard (selecting types of rule)

In the “Predefined Rules” section, check the “Routing and Remote Access(L2TP-In)” box and hit Next.

screenshot of New Inbound Rule Wizard (selecting rules to create)

In the “Action” section, select the “Allow the connection” option and click Finish.

We have successfully configured the Windows Firewall to allow inbound traffic on UDP port 1701.

Step 8: Create VPN User

Open “Computer Management” from the start menu. You will see “Local Users and Groups” in the left pane of the Computer Management window. Expand it and right-click on “Users”. Click on “New Users” to create a new user.

screenshot of Computer management window with highlighted New User button

A New User prompt will open. Enter a username, full name, and strong password in the New User prompt. Unselect the “User must change the password on next login” checkbox. Hit Create to create a new user.

screenshot of Computer Management window (adding a new user)

You will find the newly created user listed in the Computer Management window. Right-click on the user and click the on the Properties option.

Go to the Dial-in tab of the VPN user’s properties. Select the Allow Access radio button for the Network Access Permissions setting. Hit OK to save properties.

screenshot of Computer Management window (properties menu)

You have successfully set up an L2TP/IPSec VPN server on Windows Server 2022 and it is now ready to accept connections.

Step 9: Connecting VPN Clients

Once your VPN server is successfully set up, you can now easily connect to the remote VPN server with other devices. All you need to do is to share the PSK and Windows credentials with the users who wish to connect to the VPN server.

Step 10: Monitor your VPN Server

Open the Remote Access Management Console by searching for it in the start menu. In the console, you should be able to see the status of your VPN server in the dashboard. If you have installed the VPN server on your Windows Server 2022 successfully by following the tutorial, you will see a green check on all the services. The Remote Access Management Console can also be used to see the details of connected clients.

screenshot of Remote Access Management Console (remote access dashboard)

Conclusion

There we go! We have successfully set up a VPN server on Windows Server 2022 in 10 easy and simple steps. You will now be able to use this freshly configured L2TP/IPSec VPN server to securely connect to the other connected devices. The installed VPN server can also be used as a proxy server to access the internet securely.

Having set up your VPN on Windows Server 2022, using a reliable hosting provider will ensure optimal performance and security. Check out our top picks for both Windows Hosting and Linux Hosting

How To Set up a VSFTPD Server on a CentOS 7 VPS or Dedicated Server

Brief Description FTP is usually insecure exposing clear-text passwords, userna
2 min read
Avi Ilinsky
Avi Ilinsky
Hosting Expert

How To Set up a VSFTPD Server on an Ubuntu 16.04 VPS or Dedicated Server

Brief Description FTP data is usually insecure since information (usernames, pa
2 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to use phpMyAdmin to develop a website (without MySQL experience)

Brief description A web developer who is not well versed into coding websites f
2 min read
Idan Cohen
Idan Cohen
Marketing Expert

How to Install MySQL on a Windows Web Server Running Apache

This tutorial will show you how to install the MySQL database on a Windows serve
3 min read
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top