Windows includes a built-in VPN server feature that can create direct connections:
# On Host Machine (server):
1. Open "Network Connections" (ncpa.cpl)
2. Click "File" > "New Incoming Connection"
3. Select users who can connect
4. Choose "Through the Internet"
5. Set network software to "Internet Protocol Version 4 (TCP/IPv4)"
6. Allow callers to access your local network
# On Client Machine:
1. Create new VPN connection in Network Settings
2. Enter server's public IP or hostname
3. Use credentials from step 3 aboveFor simpler setup with NAT traversal:
1. Install ZeroTier on both machines:
choco install zerotier-one (or download from website)
2. Create network at my.zerotier.com
3. Join network on both clients:
zerotier-cli join [NETWORK_ID]
4. Authorize devices in web panel
5. Machines will get 192.168.196.* addressesFor low-latency connections:
# Sample wireguard config (wg0.conf on both ends):
[Interface]
PrivateKey = [LOCAL_PRIVATE_KEY]
Address = 10.0.0.1/24 (machine 1), 10.0.0.2/24 (machine 2)
ListenPort = 51820
[Peer]
PublicKey = [REMOTE_PUBLIC_KEY]
AllowedIPs = 10.0.0.0/24
Endpoint = [PUBLIC_IP]:51820
PersistentKeepalive = 25After setup, verify the tunnel:
ping 10.0.0.2 (or other machine's VPN IP)
tracert 10.0.0.2
net use Z: \\10.0.0.2\sharedfolderIf behind NAT, forward these ports:
- PPTP: TCP 1723
- L2TP: UDP 500, 4500
- WireGuard: UDP 51820 (or custom)
When creating a VPN between Windows machines, we're essentially establishing a secure tunnel that mimics local network behavior. The key requirements typically include:
- Encrypted communication channel
- Automatic reconnection capabilities
- LAN-like IP addressing
- Low latency for real-time applications
- Minimal configuration overhead
The most straightforward free method uses Windows' built-in SSTP VPN capabilities. Here's how to set it up:
# On the server machine (host):
1. Open Server Manager → Add Roles and Features
2. Select "Remote Access" role → Next until reaching Role Services
3. Check "DirectAccess and VPN (RAS)" and "Routing" → Complete installation
4. Run "Configure and Enable Routing and Remote Access"
5. Choose "Custom configuration" → VPN access → Finish
# On client machine:
1. Open Network & Internet settings → VPN → Add a VPN connection
2. Enter server IP, connection name, and select SSTP protocol
3. Set VPN type to "Secure Socket Tunneling Protocol (SSTP)"
4. Save and connect using valid credentials
For more flexibility, OpenVPN provides excellent cross-platform support. Here's a basic configuration example:
# Server config (server.ovpn):
dev tun
proto udp
port 1194
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server 10.8.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
# Client config (client.ovpn):
client
dev tun
proto udp
remote your-server-ip 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-256-CBC
verb 3
For system administrators, here's a PowerShell script to automate VPN creation:
# Create VPN connection
Add-VpnConnection -Name "OfficeVPN" -ServerAddress "vpn.example.com" -TunnelType "Sstp" -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -SplitTunneling $true -RememberCredential $true
# Set DNS suffix
Set-VpnConnection -Name "OfficeVPN" -DnsSuffix "internal.company.com"
# Configure automatic connection
Set-VpnConnectionTrigger -Name "OfficeVPN" -ApplicationID "C:\Program Files\Internal App\app.exe" -DnsSuffix "internal.company.com" -TriggerOnNetwork $true
After setup, verify connectivity with these commands:
ping 10.8.0.1 (or your VPN server IP)
tracert 10.8.0.1
Test-NetConnection -ComputerName 10.8.0.1 -Port 1194
Get-VpnConnection -Name "YourVPNName" | Format-List *
Common issues include firewall blocking (ensure UDP 1194 or relevant ports are open), certificate mismatches, and MTU size problems which can be resolved with:
netsh interface ipv4 set subinterface "Ethernet" mtu=1400 store=persistent