Thursday, January 26, 2023

How To Configure VPN In Windows 10

Don't Miss

Prerequisites For This Tutorial

How to Install & Setup OpenVPN on Windows 10
  • Internal Unifi Controller, I myself am using a UDM-PRO for that function.
  • You can use a Cloud Hosted Unifi Controller but you will need to open radius ports on your firewalls wan. Your network firewall should be configured to only allow incoming traffic from your Unifi Hosted Controllers IP address to access the Radius ports.
  • Your Unifi equipment should be assigned static IP addresses outside your DHCP Scope. Once done write down the IP addresses alongside their model or unique name.
  • Stand up a new physical or virtual server with Windows Server 2019.
  • I called my new virtual server HDN-RADIUS. 1vcpu 4GBram 60GB HDD
  • Install all updates on new Radius server
  • Assign static IP address.
  • Join new Radius server to the domain.
  • At this point create a Backup or a Virtual Snapshot before moving forward with the tutorial.
  • I am a firm believer on keeping AD\DC server clean. So do not configure these roles on that server.
  • Manually Create A Template Connection Profile

    In this step, you use Protected Extensible Authentication Protocol to secure communication between the client and the server. Unlike a simple user name and password, this connection requires a unique EAPConfiguration section in the VPN profile to work.

    Instead of describing how to create the XML markup from scratch, you use Settings in Windows to create a template VPN profile. After creating the template VPN profile, you use Windows PowerShell to consume the EAPConfiguration portion from that template to create the final ProfileXML that you deploy later in the deployment.

    Create A VPN Connection

    If your workplace uses a special VPN client app, the network administrator or the IT department must provide you with the specific instructions for that app.

    However, if you connect straight to the VPN service from Windows 10, you need information about your companys VPN. Depending on your companys setup, you may need to know the following details to connect with VPN:

    • The VPN server name or address
    • The sign-in details
    • The VPN type

    If your company uses Windows to create a VPN connection to the workplace network, heres what you need to do to connect to its VPN service:

    - Click the Notifications icon on the right side of the taskbar.The Action Center appears.- Click VPN.The Settings window appears.- Click Add a VPN Connection.
     - Type the name that you want to use for the connection and the other required details .
     - When you finish, click Save. The VPN connection is now added to your list of VPN connections.

    Establish a VPN connectionIf youre connected to a network thats away from work and you have access to the Internet, you can try to connect to your companys private network using VPN. After you create the VPN connection in Windows 10, heres how to use the connection:

    The Action Center appears.

    Windows 10 starts the VPN connection using the credentials you entered.

    • Once the connection is established, you receive a confirmation from Windows 10.

    • Close the Settings window.

    The Settings window appears, where you can manage and create VPN connections.

    Read Also: How To Use Opera VPN

    How To Manually Configure A VPN On Windows 10

    The beauty of the best VPN services is that they have an intuitive Windows 10 app that makes setting up a connection as easy as clicking a big green button that says “connect.” However, if you’re running Windows 10 in S mode and can’t install apps from outside the Store, or you’re using a VPN without a client, you can still configure a VPN manually. This is especially important as many people continue working from home and require a VPN. Here’s everything you need to know.

    Lets Open Up The Firewall Ports Needed

    How to Set up a VPN in Windows 10

    Here we are going to open up the firewall ports that we need for RADIUS to work with the Unifi Controller.

  • From the RADIUS server search for Advanced in the task bar search menu and select Windows Defender Firewall with Advanced Security.
  • Locate Inbound Rules> Right Click Inbound Rules > Select New Rule
  • Select Port and click Next.
  • Select UDP and provide the Specific Local Ports you want opened which is Port 1812 and then click Next.
  • Select Allow the connection and click Next.
  • Check mark: Domain, Private and Public. Afterwards click Next.
  • Give your Rule a name, I used Radius UDP 1812. Afterwards click Finish.
  • Also Check: How To Setup VPN On Att Uverse Router

    What Do You Need To Set Up A VPN On Windows Manually

    If you prefer to install a VPN manually, you will need to obtain a few things from your VPN provider first, including:

    • Your login credentials

    • A VPN server name & address

      We recommend that you opt for L2TP/IPsec, IKEv2, or OpenVPN. For more info, check out our guide to VPN encryption.

    • VPN config files

    Once you have the above, you’re ready to start following the steps below.

    How To Add And Connect To A VPN On Windows 10

  • Choose a VPN for Windows 10 and subscribe .
  • Download and install the VPN app from ExpressVPNs official website.
  • Open the app and log in to your ExpressVPN account.
  • Connect to a server location of your choice.
  • Thats it, you have successfully set up and added a VPN on Windows 10.
  • 30 Day Money-back Guarantee

    Recommended Reading: VPN Setting For At& t

    Lets Create A Group Policy In Your Ad/dc Server

    Now this may vary from everyone AD configuration. I always have an OU where my users and computers would reside in and not within the default locations.

  • Log into your AD/DC server and open up Group Policy Management. Right click on the OU where your domain users reside in and from the menu select New GPO. Afterwards Name that GPO with an identifiable name. I will be using Radius. then click the OK button.
  • Locate and select your new Radius Policy. Under Security Filtering select the Add button and add Domain Users.
  • Right click and Edit your new Radius Policy. Drill down this path Computer Configuration> Policies> Windows Settings> Security Settings> Public Key Policies.
  • Within Public Key Policies locate Certificate Services Client Auto-enrollment. Right click the policy and click Properties.
  • In the Certificate Services Client Auto-enrollment Properties window change the Configuration Model to Enabled form the dropdown window. Afterwards check both boxes and click the OK button.
  • Drill down this path Computer Configuration> Windows Settings> Security Settings> Public Key Policies. Locate the folder Automatic Certificate Request Settings. Right click it > find New > select Automatic Certificate Requests.
  • You will be prompted to start the Wizard, just click Next.
  • Select Computer and then click Next.
  • Now click Finish. We have now completed the GPO for domain desktop and laptops to properly obtain a security certificate when they connect to the Unifi Wireless SSID.
  • How To Allow VPN Connections Through Firewall

    How To Setup a VPN in Windows 10 | How to manually configure VPN on Windows 10

    While configuring the Incoming Connection feature on Windows 10 should automatically open the necessary Windows Firewall ports, you want to make sure the firewall is properly configured.

    To allow VPN connections through the firewall on Windows 10, use these steps:

  • Open Start on Windows 10.

  • Search for Allow an app through Windows Firewall, and click the top result to open the experience.

  • Click the Change settings button.

  • Scroll down and make sure Routing and Remote Access is allowed on Private and Public.

  • Click the OK button.

  • After you complete the steps, the Windows 10 VPN server will now be able to receive connections remotely from other computers.

    You May Like: How Do I Disable My VPN

    Surfshark Unlimited VPN Connections For Windows 10

    • Compatible with Windows 7, 8, and 10
    • 3200+ servers in 65 countries
    • Infinite simultaneous connections
    • 75.12 Mbps speed on a 100 Mbps connection
    • 30-day money-back guarantee
    • Unblocks Netflix, Hulu, BBC iPlayer, Amazon Prime Video, HBO Max, Disney+ and more
    • Also works with macOS, iOS, Android, Windows, Linux, routers, browsers, and more

    Surfshark allows unlimited VPN connections for Windows 10 available for only $2.49/mo . Another great thing is that you can connect unlimited devices simultaneously with a single Surfshark subscription. This way you can use it on your Windows 10 PC, and other devices.

    Surfsharks Windows 10 app is sleek and easy to use, with all the latest security features. It is an ideal choice for beginners because you can easily set it up on your Windows 10 PC and get started.

    Surfshark offers 3200+ servers in 65 countries. These are optimized for streaming, gaming, and torrenting. It also offers a feature that allows you to connect to the fastest server available.

    We tested Surfshark with Netflix, BBC iPlayer, Hulu, and Disney+ and it worked perfectly well as we did not encounter the proxy error not even once.

    Surfshark offers tons of features that are not available on other VPNs. Some of these notable features include CleanWeb , WhiteLister , and Multi-Hop . It also covers the basics with 256-bit encryption, kill switch, and DNS leak protection.

    If you face any issues during configuration, there is also 24/7 customer support available via live chat.

    How To Configure L2tp VPN On Windows 10

  • How to configure L2TP VPN on Windows 10?
  • See the necessary steps in order to connect to VPN with the L2TP protocol:

    1. Find and open up the Network and Internet settings on your Windows 10 computer.

    2. Press VPN.

    3. Press Add a VPN Connection.

    4. Fill in the fields with the following settings:

    1) VPN provider Windows .

    2) Connection name name your VPN connection.

    3) Server name or address type your server name or IP address you want to connect. You can find this information in your Client Area.

    4) VPN type select L2TP/IPSec with pre-shared key.

    5) Pre-shared key Hostens.

    6) Type of sign-in info select User name and password.

    7) User name enter your username seen in the Client Area.

    8) Password enter your password seen in the Client Area.

    Make sure you use your VPN username and password and NOT the Client Area credentials. Check all selected data once again and press Save.

    5. You will see that your VPN connection was created. Now you need to set up your Key for Authentication. Right-Click on the monitor or Wi-Fi icon on the bottom right-hand corner. Then Click on Open Network and Internet Settings.

    6. Click Change adapter options.

    7. Right-click on your created VPN connection and go to Properties.

    8. Select Security tab and in the line Data encryption select Require encryption .

    9. Then in Allow these protocols check:

    Microsoft CHAP Version 2

    Challenge Handshake Authentication Protocol

    Also Check: Why Should I Use VPN On My Iphone

    How To Change Protocols On A Manual VPN Setup

    If you have set up your VPN manually, you cannot simply change the protocol. Instead you must set up another manual connection using the config information obtained from your VPN provider . To do this, ask your VPN for the connection settings information you require and follow the steps above to set up a VPN connection to a server using a different protocol.

    If you set up your VPN by downloading the official Windows app, you can change the protocol by following these steps:

  • Run the VPN client for Windows.

  • Click on Encryption Options or Protocol Settings.

    This may be called something different in your VPN software but should be something similar

    We recommend that you opt for OpenVPN UDP, OpenVPN TCP, IKEv2 or L2TP/IPsec because these are the most secure protocols available in 2021

  • Lets Get Started With Installing The Required Windows Server Roles

    Windows 10 Built in VPN Settings what it is all about ...

    We will be starting with the newly created Windows Server 2019 and installing the roles we need for radius to work with your Unifi Controller and its Wifi Access Points.

  • Open your Windows Server Manager > Click Manage > Click Add Roles and Features.
  • Active Directory Certificate Services
  • Network Policy and Access Services
  • Remote Access
  • Once the items are selected and the prerequisites are approved click Next until you reach AD CS / Roles Services.
  • Under Role Services select Certification Authority and click Next.
  • Now within Remote Access and Role Services, select DirectAccess and VPN and click Next.
  • Now click Next all the way through and then Install the Roles and wait until you receive the message that all your roles are installed successfully. Once successful you can close the window.
  • You May Like: What Are The Two Types Of VPN Connections Choose Two

    Adding Your Clients Public Key To The Server

    The easiest way to add your key to your server is through the wg set command.

    ON YOUR SERVER run this command:

    sudo wg set wg0 peer YOUR_CLIENT_PUBLIC_KEY allowed-ips YOUR_CLIENT_VPN_IP


    You can compare my command below to my diagram at the top of my post for exactly what I mean:

    What Is A Virtual Private Network

    A VPN is a private network that uses a public network to connect remote sites or users together.

    Even though VPN was initially used to establish secure remote connections to an organizations network, its now being used by users to conceal their online activities and geographic location. It sometimes poses as a security threat when users are able to access restricted content by using VPN to bypass firewall rules set within an organizations network.

    Recommended Reading: How To Setup VPN On Fios Quantum Router

    What You Need To Get Started

    First, you need to choose and sign up for a VPN service. No, you’re not going to be using its apps, but you still need to access its servers. Ideally, you already have a VPN service that you are signed up for and using on all your other devices, be they PCs, phones, or tablets. But the truth is, PCMag’s research shows that many of you aren’t using a VPN. That’s bad, but there’s no judgment here, because you’re reading this piece because you’re about to start, right? If you do need to choose a VPN service, click the link in the first paragraph of this piece, read a few reviews, and pick the one that sounds right for you. Once that’s done, come back here and continue.

    The second thing you have to do is decide which VPN protocol you want to use. This is the setup that creates the encrypted tunnel. There are four main protocols supported by VPN companies: IKEv2/IPsec, L2TP/IPSec, OpenVPN, and PPTP.

    Our preferred protocol is OpenVPN, which is newer and has a reputation for reliability and speed. IKEv2/IPSec is a solid second option and uses new, secure technology. Many VPN companies warn against L2TP/IPSec, which is not as secure as newer protocols. Generally, it’s supported only for use on older, legacy systems. The same is true for PPTP, which you should avoid using if at all possible.

    Deploy The Profilexml Configuration Script

    How To Setup a VPN in Windows 10
  • In the Configuration Manager console, open Software Library\Application Management\Packages.

  • In Packages, click Windows 10 Always On VPN Profile.

  • On the Programs tab, at the bottom of the details pane, right-click VPN Profile Script, click Properties, and complete the following steps:

    a. On the Advanced tab, in When this program is assigned to a computer, click Once for every user who logs on.

    b. Click OK.

  • On the Summary page, click Next.

  • On the Completion page, click Close.

  • With the ProfileXML configuration script deployed, sign in to a Windows 10 client computer with the user account you selected when you built the user collection. Verify the configuration of the VPN client.


    The script VPN_Profile.ps1 does not work in a Remote Desktop session. Likewise, it does not work in a Hyper-V enhanced session. If you’re testing a Remote Access Always On VPN in virtual machines, disable enhanced session on your client VMs before continuing.

    Don’t Miss: Google Play How To Change Country

    Want To Use A VPN In Windows 10 Here’s The Best Way To Set It Up

    Sure, you could just download your VPN’s app to your Windows 10 machine. But there’s a better way.

    Setting up a VPN on Windows 10 is easy.

    Whether you’re planning to take advantage of Prime Day laptop deals and pick up a new Windows 10 machine, or you’ve been using one for years and are just looking forward to Microsoft’s upcoming big Windows redesign, you may be considering adding a virtual private network to protect your online privacy.

    The easiest way to get your favorite VPN up and running on your Windows 10 device is to simply download your VPN’s app from the Microsoft Store and install it, just as you did on your previous device or version of Windows. Using a VPN’s app is also the best way to use that VPN’s bonus features — from ad-blocking to automatically selecting the fastest connections.

    But for the tech-curious, another option is to test drive Windows 10’s built-in VPN client. It may sound tricky, but the process takes about 15 to 20 minutes and can be broken down into two main components: Creating a VPN profile, and then connecting to the VPN. Here’s the step-by-step guide for setting up your VPN on Windows 10.

    How To Create A Network Profile For The Non Domain Join Client Computer

    • From the Server Management open the Network Policy Server
    • Right click in the Network Policies — New
    • Type the policy name and select Remote Access Server . Click Next
    • Click Add and go down to select NAS Port type. Click in VPN. Click OK and OK
    • Click Add once again. Select the User Groups. Click Add and find out the User Group that you have already create in the Active Directory for the users which will connect through VPN. Click OK and OK
    • Click Next
    • Leave the Access granted. Click Next
    • Clear all the tick from the Less Secure Authentication methods.
    • On the EAP Types remove the Microsoft Protected EAP and select the Secure Password
    • These are optional settings. Take a time to explore it if you want. For example you can disconnect idle sessions after period of time. Click Next
    • Select Encryption and leave with tick only the Strong and Strongest encryption. Click Next

    You May Like: Make My Own VPN Server

    More articles

    Popular Articles