Windows Server 2019 Add Remote Access Role

How to install VPN on Windows Server 2019

This blog post is a step by step guide how to install and configure VPN on Windows Server 2019. The blog post shows you how you can easily setup a VPN server for a small environment, branch office or for a hosted server scenario. This VPN (Virtual Private Network) server allows you to connect from remote clients or firewalls to the Windows Server.

I already did a similar post for other versions of Windows

To install VPN access to a Windows Server 2019, simply follow this step by step guide:

Install Remote Access Role

First install the “Remote Access” via Server Manager or PowerShell.

Open Server Manager and select Add Roles and Features

Windows Server Add Roles and Features

Select the Remote Access Role and click next though the wizard.

Windows Server 2019 Add Remote Access Role

On the step Role Services, select the DirectAccess and VPN (RAS)

Select DirectAccess and VPN RAS Remote Access role services

On the final step, select install to install the Remote Access role.

Install the Remote Access Feature on Windows Server 2019

This might requires a reboot of the server.

Install and Configure VPN on Windows Server 2019

After you have successfully installed, now you can start the wizard to install and configure the VPN server in Windows Server 2019.

After the features are installed, which can take a while to finish you see the link for the Getting Started Wizard. Click on “Open the Getting Started Wizard“.

Installation Windows Server 2019 VPN

This opens a new wizard which will help you to configure the server. On the first screen select “Deploy VPN only“.

Configure Remote Access DirectAccess and VPN

This opens the Routing and Remote Access Management Console

Configure and Enable Routing and Remote Access

Right click on the Server name and click on “Configure and Enable Routing and Remote Access“.

Configure and Enable Routing and Remote Access VPN

On the new wizard select “Custom configuration“.

Custom Configuration VPN

Select “VPN Access“.

VPN Access

After you have click finish you can now start the Routing and Remote Access service.

Start the service Routing and Remote Access

Configure VPN Access Users and Network

If you have an other firewall between the internet and your Windows Server you have to open the following Firewall port sand forward them to your Windows Server:

For PPTP: 1723 TCP and Protocol 47 GRE (also known as PPTP Pass-through)
For L2TP over IPSEC: 1701 TCP and 500 UDP
For SSTP: 443 TCP

After the installation Users have to be enabled for Remote Access to connect to your VPN Server. On a standalone server this can be done in the Computer Management MMC, in a domain environment this can be done in the user properties of an Active Directory user.

VPN user allow access

If you don’t have a DHCP Server in your environment you have to add a static IP address pool. This is often needed if you have a single server hosted at a service provider. In the properties of your VPN server you can click on the IPv4 tab and enable and configure the “Static address pool”.

VPN IPv4 Adress Range

You now have to add a IP address from the same subnet as your static address pool to the network interface of your server, so users can access the server.

I hope this helps you to setup a VPN server in a small environment, lab or hosted server.