Network Policy Server (NPS) allows you to centrally configure and manage network access authentication, authorization, and client health policies with the following three features:
– RADIUS Server
– RADIUS Proxy
– Network Access Protection (NAP) policy server
Plus with this tutorial we are going to explain how you can configure NPS on Windows Server 2016, if you haven’t installed this role yet, please search on “AvoidErrors” website and you will find a tutorial how you can install NPS.
Configure RADIUS Server for VPN
1. Open “Network Policy” console from your server manager.
2. Click on “Configure VPN or Dial-up”.
3. Just select “Virtual Private Network (VPN) Connections”, and click next and leave the default name as it’s.
4. On the next page of the setting wizard “RADIUS”, click on “Add” to add a RADIUS client.
5. On the New RADIUS Client page, provide a name in the Friendly name box, Then enter the IP address or DNS name of the VPN Server “RADIUS CLIENT”, and click Verify
6. When the verify box appears, click “Resolve” to verify the name or IP address can be resolved, then click “OK”, then click “OK” to return to new “New RADIUS Client” wizard.
7. Select your “RADIUS Client” and press on “Edit” button.
8. In the shared Secret section of the “NEW Radius Client” dialog box, click on “Manual” to type in a manual shared secret, Or you click “Generate” and then generate very long, random shared secret, like the below screenshot, and after you determine which method you will use click “Ok”.
9. On the next page of the installation wizard is called “Configuration Authentication Methods”, select “Microsoft Encrypted Authentication Version 2 (MS-CHAPv2)”, and click “Next”.
10. On the “Specify User Groups” page, Select the security group that should be allowed to connect via VPN, then Click next.
11. On the next page “Specify IP Filters”, you can specify input and output filter for IPV4, IPV6, or both, Do that by choosing a filter template or specify directly.
12. On the next page of the wizard, you will have to the level of encrypting that will be supported, uncheck any Encryption levels you don’t need, and click Next.
13. On the next page “Specify a Realm Name”, you can specify a realm name that an ISP can use to specify which connection should be routed to this server.
14. Click “Next, and then the confirmation of all the selections and click “Finish”.
Now you know how you can configure Network Policy Server “NPS” on windows server 2016, if you face any issue during the configuration please comment here and we shall help you ASAP.