Creating a VPN Server on a Windows PC

Although the option is slightly hidden, Windows does have the built-in capability to operate as a VPN server using PPTP (point to point tunneling protocol). This article will help you configure a VPN server on Windows.

Configuring a VPN server may be handy to connect your home network to your devices while you’re traveling, securing web browsing when using a public Wi-Fi, or playing LAN games. These are some of the reasons you may want to configure a VPN. The steps described below will work on Windows 7, 8, and 10.

Users that have updated to Windows 10 Creators edition will experience problems when creating a VPN as the server will fail due to the Routing and Remote Access Service failing to start.

Although this issue is known, it has not yet been resolved via updates. If you are however comfortable to edit a few Registry keys, there is a patch that seemingly fixes the problem for most users.

Limits

Although this feature is pretty exciting, configuring a VPN server by using the features built into Windows may not be the ideal solution, as it has some limits:

  • This is more difficult to set and use than many off the shelf software solutions. Most users will probably find it better just to use these options.
  • A port for the VPN server and Windows need to be exposed to the internet directly. From a security viewpoint, this is not ideal, and you’ll have to use strong passwords and use a port other than the default one.
  • You must be able to forward the router’s ports.

How to Create a VPN Server

To start creating a VPN server in Windows, first, go to “Network Connections.” The easiest way to do this is to press the Windows key and then type “ncpa.cpl.” Click on the result or press Enter.

Creating a new Windows VPN server network connection

Once you’re in “Network Connections,” press the Alt key to display full menus and select the “File” menu, followed by the “New Incoming Connection” menu item.

From here, select all user accounts that can connect remotely. For increased security, you may consider creating a different, limited user account and not allow VPN logins from the regular user accounts.

This can be done by clicking on the “Add someone” button. Make sure that the user chosen has a robust password, as it is elementary to crack weak passwords with simple dictionary attacks.

Setting up Windows VPN server users

Once the user has been selected, click on the “Next” button.

Allowing Windows VPN server access from internet

Click on the “Through the Internet” option on the next page. This will allow the VPN connection to be made via the internet. Although this is probably the only option available to you, if dial-up hardware is available and configured, there will be an additional option available to allow incoming connections over the dial-up modem.

Allowing Windows VPN server protocol access

The next step is to select the networking protocols that must be enabled for incoming VPN connections.

If you, for example, don’t want VPN users to be able to access shared printers and files on the local network, the “File and Printer Sharing for Microsoft Networks” option should be disabled.

Once everything has been configured, click on the “Allow Access” button.

Windows will then configure access for user accounts that have been selected. This could take a few seconds.

Your VPN server is now running and will be able to process incoming connection requests. Should you want to disable your new VPN server at any stage, simply go back to the “Network Connections” screen and delete the “Incoming Connections” item.

Setting up Your Router

To connect to the new VPN server over the internet, port forwarding needs to be configured to tell the router where it should send traffic of this type to. This is done by logging into the router’s setup and forwarding port 1723 to the computer’s IP address where your VPN server has been configured.

For improved security, consider creating a port forwarding rule that will forward a random “external port” (for example 9279) to “internal port” 1723 on your computer. This will enable you to connect to your VPN server via port 9279 and will provide protection against malicious software that scans and attempts to connect to VPN servers running on the default port automatically.

Another security measure to consider is using a firewall or router that only allows incoming connections from specific IP addresses.

To make sure you’ll always be able to connect to your VPN server, it’s a good idea to install a dynamic DNS service such as DynDNS on the router.

Connect to the New VPN Server

Connecting to your Windows VPN will require you to use the computer’s public IP address, or if you’ve installed a dynamic DNS service, you’ll need the server’s dynamic DNS address.

In any version of Windows, simply select Start and type “VPN,” and choose the option that is shown. In Windows 10, this will be “Change Virtual Private Networks (VPN),” while Windows 7 and 8 calls it “Set up a virtual private network (VPN) connection.”

When prompted, capture a name for the connection (this can be anything) and its Internet address (use either the IP address or the domain name).

Copyright Windows 8 VPN 2024