Windows has the built-in ability to function as VPN server using the point-to-point tunneling protocol (PPTP), although this option is somewhat hidden. Here’s how to find it and set up your VPN server.
Setting up a VPN server could be useful for connecting to your home network on the road, playing LAN games with someone, or securing your web browsing on a public Wi-Fi connection – a few of the many reasons you might want to use a VPN. This trick works on Windows 7, 8, and 10. The server uses the point-to-point tunneling protocol (PPTP.)
Note: Some people who have updated to the Windows 10 Creators Update have a problem where creating a VPN server fails because the Routing and Remote Access Service fails to start. This is a known issue that has not yet been fixed through updates. However, if you’re comfortable editing a couple of Registry keys, there is a workaround that seems to fix the problem for most people. We’ll keep this post up to date if the issue gets formally fixed.
While this is a pretty interesting feature, setting up a VPN server this way may not be the ideal choice for you. It does have some limitations:
- You will need the ability to forward ports from your router.
- You have to expose Windows and a port for the PPTP VPN server directly to the Internet, which is not ideal from a security standpoint. You should use a strong password and consider using a port that isn’t the default port.
- This isn’t as easy to set up and use as software like LogMeIn Hamachi and TeamViewer. Most people will probably be better off with a more complete software package like those offer.
Creating a VPN Server
To create a VPN server in Windows, you’ll first need to open the “Network Connections” window. The quickest way to do this is to hit Start, type “ncpa.cpl,” and then click the result (or hit Enter).
In the “Network Connections” window, press the Alt key to show the full menus, open the “File” menu, and then select the “New Incoming Connection” option.
Next, select the user accounts that can connect remotely. To increase security, you may want to create a new, limited user account rather than allow VPN logins from your primary user account. You can do that by clicking the “Add someone” button. Whatever user account you choose, ensure that it has a very strong password, since a weak password could be cracked by a simple dictionary attack.
When you’ve got your user selected, click the “Next” button.
On the next page, select the “Through the Internet” option to allow VPN connections over the Internet. That’s likely the only option you’ll see here, but you could also allow incoming connections over a dial-up modem if you have the dial-up hardware.
Next, you can select the networking protocols that should be enabled for incoming connections. For example, if you don’t want people connected to the VPN to have access to shared files and printers on your local network, you can disable the “File and Printer Sharing for Microsoft Networks” option.
When you’ve got things set up, click the “Allow Access” button.
Windows then configures access for the user accounts you chose—which can take a few seconds.
And at this point, your VPN server is up and running, ready to take incoming connection requests. If you want to disable the VPN server in the future, you can simply return to the “Network Connections” window and delete the “Incoming Connections” item.
If you’re connecting to your new VPN server over the Internet, you’ll need to set up port forwarding so that your router knows to send traffic of that type to the right PC. Log into your router’s setup page and forward port 1723 to the IP address of the computer where you set up the VPN server. For more instructions, check out our guide on how to forward ports on your router.
For maximum security, you may want to create a port forwarding rule that forwards a random “external port”—such as 23243—to “internal port” 1723 on your computer. This will allow you to connect to the VPN server using port 23243, and will protect you from malicious programs that scan and attempt to automatically connect to VPN servers running on the default port.
You can also consider using a router or firewall to only allow incoming connections from specific IP addresses.
To ensure you can always connect to the VPN server, you also may want to set up a dynamic DNS service like DynDNS on your router.
Connecting to Your VPN Server
To connect to the VPN server, you will need your computer’s public IP address (your network’s IP address on the Internet) or its dynamic DNS address, if you set up a dynamic DNS service.
In whatever version of Windows you’re using on the machine doing the connecting, you can just hit Start, type “vpn,” and then select the option that appears. In Windows 10, it will be named “Change Virtual Private Networks (VPN).” In Windows 7, it’s named “Set up a virtual private network (VPN) connection.
When asked, provide a name for the connection (anything will do) and the Internet address (this can be a domain name or IP address).
For more instructions on connecting—including some of the advanced options you can choose—check out our full guide on how to connect to a VPN on Windows.