Thursday, 9 September 2010

How to configure Windows VPN in less than 5 minutes!

There are many software and hardware solutions out there that allow VPN connections in to your home network. Some of these solutions are free and lightweight, however (perhaps foolishly), I have just never trusted them as they usually go via a third party service.

I have always wanted to have proper VPN access to my home network but have just never got around to it for one reason or another, however, I have a machine doing nothing here and I thought it was about time... and it is seriously so easy to do, I wish I had done it sooner!

With this guide, you should be able to get a full Windows VPN tunnel set up in less than 5 minutes!

For Windows Server 2003 Server go to 2b.
For Windows Server 2008, read below.

1. To start, In Windows 2008, you have to go to server manager and install the following roles:

[ ] Network Policy and Access Services [NPAS]
[ ] Network Policy Server [NPAS-Policy-Server]
[ ] Routing and Remote Access Services [NPAS-RRAS-Services]
[ ] Remote Access Service [NPAS-RRAS]

2 a). Next, Go to computer Management and expand Services and Applications.

2 b). (For Windows Server 2003) Go to "Administration tools" > "Routing and Remote Access"

2 c). Right click and choose "Configure and Enable Routing and Remote Access"

3. The predefined VPN templates require two network cards and if you only have one, it will come up with an error. I am unsure why as it is not actually required. To continue, choose the "Custom Configuration" option.

4. Select the "VPN access" option.
5. Confirm your selection and finish the wizard

6. By default, Routing and Remote Access will pass DHCP requests through, however, I have encountered mixed results through this option (I think due to gateway settings), and prefer selecting the "Static Address Pool" option which I also think is a lot faster at connecting.

You can configure this by right clicking on the computer (where you clicked above in stage 2c) but this time choose properties, and go to the IP tab.

Assign as many IPs as concurrent VPN connections you want - make sure they are working IPs within your current subnet. If they are covered by your current router (or DHCP server) and you are not able to setup exclusions, you can simply make DHCP reservations for fictional MAC addresses and that will keep them unregistered by DHCP clients.

7. Go to Computer Management > Users and groups and create a new user. Make sure that you allow remote access in the "Dial in" tab.

8. At your firewall/router, make sure that UDP port 500 (IPsec) and TCP port 1723 (PPTP) are forwarded to the server.

And that's it! Done!

If you are not sure how to create a VPN connection to the server in Windows, follow this guide (For Windows 7/2008):

Go to "Network and Sharing center" and choose "Setup a new connection or network" option.

Simply type the ip address of your server, and the username and password that you set up (leave domain blank) and you are done!

Under the quick connections menu on the taskbar, you will be able to easily connect to the VPN whenever you want (and when outgoing ports are not blocked!)

I did a quick speed test when out and about and was able to reach a download speed of my home upload speed! It works very well and is satisfying to see my own IP address on IP checking sites!

FYI - I love everything I have seen about DirectAccess - it is a far superior solution, but I simply do not have the infrastructure at home to support it. Hopefully in the future, I will be able to deploy it and write a similar guide (although I think it will be more than 5 minutes work!)

*Windows Server 2008 Web edition is not supported, It requires the Remote Access role to be installed.


  1. Thanks for this tutorial! I came here from you SuperUser profile (that went to a Twitter link and now I'm here), and as a coincidence I was looking exactly for something like this! Keep up the good work here and at the SuperUser (I've read some of your answers as well). Thanks!

  2. @Anonymous - Whoever you are, cool! Glad I could help you! Hope your VPN is working well!

  3. I also tried this like Anonymous did and it work out really great. Thank you very much.

  4. hi This was very helpfull!
    a month after i folow your how to i get 20171 error.
    any point were to look for help or an advice :)
    Thanks any way for the Guide

  5. Is there a way to change the DNS of VPN connection? I usually use Google's public DNS.

  6. Wow, this is so helpful, and thanks so much, William. Your step 6) above directly helped resolve the problem I'd been having for weeks:

    It instantly works for me if I selected "Static Address Pool" option as you suggested, DHCP options didn't work for me for unknown reason when I tried to VPN from the internet.

  7. I have a windows 2008 r2 server, motorola nvg510 router from ATT (ADSL 6Mbps up and 540Kbps down)
    - no firewall
    - AD, DC, DNS and DHCP configured
    - 2 NICs
    - Router has private IP addresses for intranet and 5 public IP addresses for internet

    Objective: Setup VPN services on this server

    1. Best setup for router to pass VPN services
    2. Best setup for server VPN services using one or two NICs


  8. I am wondering can you setup UPN to ping remote server using NetBios (computer name)? Would be there some additional configurations?
    If yes, is it possible to enlighten us.

  9. that is simple pptp vpn ,., but that did not access to internet ,..
    for internet access ,, make first (DHCP , SERVER) .(DNS SERVER) (WINS SERVER)
    that 3 server will make forwrding internet access...

    i have see alot of tuterials but not shoing next optstion.. how to configure DHCP . DNS OR WINS SERVER ...


  10. thank you for taking the time to do this tutorial. it helped me alot.

  11. Thanks, your tutorial is very helpful.

  12. Hi, that's for PPTP and IPSEC, how about L2TP? my firewall supports VPN passthrough? but it seems like Win2008R2 doesn't, any ideas?

  13. Hi, Thanks for this tuts.

    Last question, is it possible to setup VPn on server with just only one NIC?


  14. Am unable to connect from my client

  15. Thanks for post. very simple config.

  16. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point.

    You obviously know what youre talking about, why throw away your intelligence on just posting videos to your blog when you
    could be giving us something enlightening to read?

    Also visit my homepage - seo tips