1. Installing VPN-related services
Open Server Manager and select Add roles and features.
On the Server Roles page, choose to install both the network policy and access services and remote access roles.
In the network policy and Access Services role service configuration page, select Install Network Policy server. The network policy server is primarily used for advanced management of dial-in permissions for remote VPN access, and you can configure dial-in permissions directly in the user management of AD if you do not need to maintain the access rights of the group users.
On the Role Service configuration page for remote access, select Install DirectAccess and VPN (RAS) and routing features. The DirectAccess and VPN (RAS) service is used to support access from the client to the server, and the routing service provides address translation and data routing related functionality.
Note that when you select the routing service, the default dependent role service and function will pop up and remain the default.
The dependency configuration of IIS is maintained directly by default.
Next, confirm Ann and wait for the installation process to complete. At this point, the installation process of related services and functions is over.
2. Configure VPN Access Service
From the Server Manager menu, select Open the Routing and Remote Access configuration panel.
Right-click the local server, select Configure and Enable Routing and Remote Access, and start the Configuration Wizard.
In the Configuration Wizard, select Custom configuration for a free combination of features.
Enable all required services. If you do not need to allow remote connections to access the Internet through the local server, you can not enable NAT services.
Expand IPv4, right-click the NAT entry, select New interface, and choose Add Ethernet interface.
In the NAT configuration of the Ethernet interface, select the "public interface links to the Internet" and check "enable NAT on this interface".
Next, continue to configure the internal interface on the NAT.
Keep the default configuration of the internal interface.
Configure local server properties.
Set up an address pool that assigns IP to the remote connection in the IPv4 tab page.
3. Configure VPN access rights
In Server Manager, start the Network Policy server configuration.
In Network Policy, create a new network policy to control VPN access, and select Remote Access server (VPN dialing) in the type of network access server.
In the specified conditions, according to the actual requirements, select the appropriate matching conditions. For example, here I chose the VPN user group in the domain.
Based on the actual requirements, after further setup, the access policy configuration is completed.
The configuration of the VPN server side basically ends here. You can try to connect to a VPN server on a client test, and the client's access status can be monitored directly from the Remote access Management console.