How to Install VPN using RRAS (Remote and Routing Access)


You must have heard about the VPN. VPN is a Virtual Private Network that provides security and privacy to your private and public networks. It creates a secure connection over public network. You can connect multiple systems to VPN server and use VPN’s bandwidth for public network connection.

There are various VPN protocols for secured communication viz. IPSec, SSL and TLS, PPTP and L2TP. Of which PPTP (Point-to-Pont Tunneling Protocol) is widely used protocol. It is one of the easiest protocol to setup and maintain as compared to other protocols.

A VPN is most efficient and inexpensive way to build a secured private network. Though, it is a most inexpensive, it requires fair amount of technical expertise to implement it successfully.

There are various paid VPN softwares in the market. But, if you are running windows server, you can use RRAS to configure your own VPN server without any additional cost. This article will walk you through to install VPN using Remote & Routing Access and connect to it from your local system (With working Internet Access). (The steps are performed on Windows server 2012 R2 OS)

  1. Login to your server through Remote Desktop in which you want to install VPN.
  2. Open Server Manager and click on Add roles and features.
    Add Role
  3. Follow the steps for the installation wizard. Select ‘Role-based or feature-based installation‘ Installation Type.Installation Type
  4. In server selection field, check ‘Select a server from the server pool‘. You will see your server with computer name in server pool.Server Selection
  5. Select “Remote Access” role in Server roles and click on Next.Remote Access Role
  6. Do not make any changes in Features and click on Next.
    In Role services, select DirectAccess and VPN, Routing services and click on Next.Role Service Selection
  7. Review installation page and click on install once you are ready.
    Once the installation is completed, click ‘Open the Getting Started Wizard‘.Result Wizard
  8. You will see ‘Configure Remote Access‘ wizard. Click on Deploy VPN only.Configure Remote Access
  9. You will see Routing and Remote Access MMC. Right click on your server name and click on ‘Configure and Enable Routing and Remote Access‘.Routing and Remote Access
  10. Now, follow the installation wizard instruction. Click Next on Welcome wizard.RRAS Setup Wizard
  11. In configuration wizard, select ‘Virtual Private Network (VPN) access and NAT‘ and click on Next.Select Service Combination
  12. In VPN Connection, select the network interface which has public IP address with proper Internet connection and click on Next.Network Interface Selection
  13. In IP Address Assignment, select ‘From a specified range of addresses‘ and click on Next.IP Address Assignment
  14. In Address Range Assignment, click on New and add local IP address range (Here make sure that the Start IP address is same as your Internal network’s primary IP address). This will be used to allocate IP address to remote clients who connect to this VPN server. Once you have added IP range, click on Next to proceed.Address Range Assignment
  15. In Managing Multiple Remote Access Server, select ‘No, use Routing and Remote Access to authenticate connection requests‘ and click on Next.Multiple Remote Access Servers
  16. In completing wizard, click on Finish. You will be prompted with a message for DHCP relay agent, simply click on Ok for this message.

Now, you will need to allow your RDP port in NAT services and ports. Follow the below mentioned steps for the same.

  1. In Routing and Remote Access, expand the server → IPV4 → NAT.NAT Configuration
  2. Right click on External Network, go to properties → Services and ports.Services and Ports
  3. Click on Add, enter the description for this service, enter the RDP port and IP address of the VPS and click on Ok.Add Service

NOTE1: If this service is not added then you will not be able to access your server via RDP.

NOTE2: If you have firewall installed on your server, you will need to allow 1723 TCP port for PPTP.

Now, let’s tweak the setting of the user which will be used to make VPN connection from client/remote machine.

  1. Go to Administrative tools → Computer Management → Local Users and Groups → Users.
  2. Right click on the user(which you want to set for VPN connection) and click on properties.
    Computer Management
  3. Go to Dial-in tab, select ‘Allow access‘ in ‘Network Access Permission’ option and click on Apply.User Properties

Your VPN server is ready for client/remote connections.

Now, let’s see how to configure client machine to connect to VPN server.

  1. Open Network and Sharing Center of your local system. Click on  ‘Set up a new Connection or Network‘.
    Network and Sharing Center
  2. Click on Connect to a workplace.Setup Connection or Network
  3. Click on Use my Internet connection (VPN)Connect to Workplace
  4. Enter IP address of VPN server (External network’s Primary/static IP which has Internet connection) and click on next.Connect to Workplace - VPN details
  5. Enter the login details of VPN server and click on Connect.Connect to Wokplace - VPN login access
  6. And your local machine is connected to VPN server. If you check your IP address from any online tool, you will see that your IP address is from VPN server and not from local ISP.Network and Sharing Center

This is all. Now, your client machine will have the internet access via VPN. However, should you find any difficulty, feel free to raise your query here in this blog.

Rahul Vaghasia

Rahul Vaghasia

Rahul is CEO at He shares his web hosting insights at AccuWebHosting blog. He mostly writes on the latest web hosting trends, WordPress, storage technologies, Windows and Linux hosting platforms.
Rahul Vaghasia
(Visited 4,328 times, 16 visits today)
Latest Comments
  1. Hardik V. says:

    I was working on VPN installation from last 25 days with no luck. I was getting partial help from here and there. But, I got my goal of VPN installation (With working Internet) achieved with the help of your blog. Thanks a lot!!!

  2. Muhammad says:

    This is an excellent blog post, really helped me to properly configured VPN on Windows SRV 2012 with NAT so that end user could also access the internet after connecting VPN. Just a quick addition in the above scenario: In case your machine has only one Ethernet card with public IP you need to add a loop-back network adopter as internal network card.

    Thanks for nice efforts!


  3. I am glad that my blog helped you to successfully configure VPN with working Internet.

    I greatly appreciate your comment. Positive comments always encourage us to do better job. Thank you very much. I will surely improvise my blog with your suggestion.

  4. Phil says:

    Good work.Keep it up!! I haven’t seen such detailed and functional VPN steps on the web!

    I couldn’t understand the reason of allowing RDP port in NAT services? any guesses?

    • Rahul V says:

      Phil, Thanks for your appreciation.

      RDP port is added in NAT service to allow remote access of machine when RRAS service is running. If you do not set this, you will not be able to access your machine via RDP when RRAS service is running.

  5. Henry says:

    This post is really helpful for those who want to install and configure working VPN in one shot. Thank you very much for sharing this precious work on the net.

    In “Address Range Assignment”, you have entered 11 IP addresses. Is it required to enter 11 IPs only in this option?

    • Rahul V says:

      You are most welcome Henry! In “Address Range Assignment”, you can enter more IP if required. In our example, we have added 11 IP so 10 concurrent connections can be made to VPN server. If you need more connection then you can add multiple ranges of IP’s or add each IP manually.

  6. Jimmy says:

    Thats a great article but do you have anything to setup VPN with RADIUS server

    • Rahul V says:

      Hey Jimmy, unfortunately, we don’t have any tutorial to setup RADIUS (Remote Authentication Dial-In User Service) server. Though I’ll certainly forward this to our research team.

  7. Eddard Antico says:

    Seeing the screen capture, it looks like Windows Server 2012 OS. I’d like to setup VPS with Windows Server 2016. I guess steps would be same. What’s your opinion on this?

  8. Prasanta Shee says:

    VPN is good but costly. Plus above steps for installing VPN are too technical. Instead, I would recommend using 3rd party easy to use remote access tools like logmein, R-HUB remote support servers etc. They work well.

Leave a Reply

Your email address will not be published. Required fields are marked *

AlphaOmega Captcha Classica  –  Enter Security Code

Sign up for a News Letter Click here to sign up