How to set up a VPN on Windows step by step

Informatec Digital » Resources » How to set up a VPN on Windows step by step

Setting up a VPN on Windows might seem complicated at first, but with a good guide, it becomes quite manageable. Whether you want Protect your privacy on public networks For example, if you need to connect to your company's network from home, Windows includes built-in tools to create and use VPN connections without always relying on external programs.

Throughout this article you will see, step by step, How to set up a VPN on Windows 10 and Windows 11How to set up your own VPN server at home, what settings to adjust on your router and firewall, and also how to use commercial VPN services when you're looking to virtually change countries or add extra layers of security and convenience.

What is a VPN and what types can you use on Windows?

A VPN (Virtual Private Network) is, in short, an encrypted tunnel within the Internet This connects your device to another computer or network as if you were physically there. This tunnel protects your data from prying eyes, unsecured Wi-Fi networks, and certain types of tracking.

When you connect to a VPN, Your traffic first goes to the VPN server.The data is encrypted and travels through that secure tunnel. The VPN server communicates with the websites and services you visit, so they only see the server's IP address, not your home router's or the public network you're using.

In the Windows environment, it is important to distinguish between two approaches: use an integrated or corporate VPN (for example, to access your company network or your home network) and use a commercial VPN service (NordVPN, ExpressVPN, AVG Secure VPN, etc.), designed to browse anonymously, bypass geographical restrictions, and enhance your privacy.

With Windows' built-in VPN you can connect to a specific network that you already knowlike your company's or your home's, but your public IP address will still be the one your ISP gives you. With a paid VPN service, however, You use server IPs distributed around the worldThis allows you to simulate being in another country and benefit from IP addresses shared with other users.

A home or business VPN network is usually more focused on the remote access to internal resources (folders, servers, printers, or PCs) and in the encryption of traffic between your device and that specific network. A commercial VPN service is more geared towards the general privacy on the Internet, circumventing blocks and hiding your real IP from websites, advertisers and potential attackers on open networks.

What is the purpose of a home VPN on Windows?

When people talk about VPNs, many only think about "making it appear as if I'm in another country to watch certain content," but setting up your own VPN on Windows has other, different uses. A domestic VPN alone won't make it appear as if you're browsing from another country. If your server is in Spain, websites will still see that you are accessing from Spain, even if they don't see your real home IP address.

The great advantage of setting up your own VPN server is that All your traffic is encrypted from your device to that server.This means that in a cafe, hotel, or airport, anyone trying to spy on the network will see unreadable data because your connection is encapsulated within the VPN tunnel.

Furthermore, by using your VPN server as an intermediary, Websites no longer store your router's IP address or the public network's IP address.but rather the IP address of the VPN server you connect to. This makes it more difficult for apps, advertisers, or other third parties to track your movements between different services and correlate exactly which websites you've visited.

Every time you open a webpage, what actually happens is that your browser sends a request to the server hosting that website. That server responds using your IP address as your "digital postal address." Without a VPN, All websites accumulate your IP address in their logswhich they can then share or sell to advertisers to profile your online activity.

By putting a VPN in between, the one who actually communicates with the web server is the VPN server, not your computer directlyTherefore, websites store the VPN server's IP address, not yours. This is a simple way to reduce your online footprint, especially if you manage the server yourself or fully trust whoever manages it.

Another interesting advantage of having your own VPN server is that you can set up a kind of extended local area networkIn other words, your devices can behave as if they were on the same LAN even when physically in different locations, making it easier to share internal resources, access a home PC from work, or avoid some physical cabling if everything is on the same logical network.

How to create and configure a VPN profile in Windows 10 and Windows 11

Before you can connect to a VPN on Windows, you need have a VPN connection profile createdThis profile includes the VPN type, server address, authentication system, and, if necessary, username and password.

If the VPN is for work, it's usually your company provide you with all the connection details or even a proprietary application. In that case, it's usually a good idea to access the corporate intranet or speak with the IT department for precise instructions, as each company has its own. security policy.

If you want to use a third-party VPN service for your personal use, you can First, search for their app in the Microsoft Store or on their official website.They almost always offer a Windows client that configures everything automatically. If you prefer to do it manually, their help page usually lists the server addresses, supported protocols, and other parameters.

Once you have your VPN details (whether for work, home, or a third-party provider), it's time to create the profile in Windows. In Windows 11, you can open the Settings app and go to Network & Internet > VPN > Add VPNIn Windows 10 the path is very similar, also going into Settings, then Network & Internet and looking for the VPN section.

In the “Add a VPN connection” form, in the provider field, you must select “Windows (integrated)” If you're going to use the system's native functionality, then enter a connection name you'll easily recognize (for example, "Home VPN" or "Business VPN") and note the server or address in the server or address field. VPN server IP address or DNS name that you are going to use.

In the VPN type section, you'll need to choose the protocol or connection method used by your server or the service you've subscribed to. Windows supports several types, so this is crucial. know what type of VPN the other party supportsIf you're unsure, check your company's or VPN provider's documentation.

In “Login information type” you can select whether you will use username and password, certificate, one-time token or smart cardFor corporate connections, certificates or strong authentication methods are often used. If you need to enter a username and password, you can save them directly in the available fields or leave them blank so you are prompted for them each time.

Once you have everything set up, save the profile, and if you need to review or adjust anything later, you can return to the VPN section in Settings. Select the connection and enter Advanced OptionsFrom there you can change settings, configure proxy, or delete the profile if you no longer need it.

Once the profile is created, connecting is very simple: at the far right of the taskbar, above the Network icon (WiFi or Ethernet), you will see the list of available VPN connectionsChoose the one you want, click on Connect, enter your credentials if prompted, and if everything is okay, the status will change to "Connected".

While you're connected to a recognized VPN, it usually appears a small blue shield or similar indicator In the network settings, on the VPN configuration page, you'll see the text "Connected" under the connection name. This lets you quickly check if the VPN tunnel is active.

How to set up your own VPN server on Windows 10 or 11

If you want to go one step further, Windows allows set up your own VPN server without installing third-party softwareIt's not as convenient as using a commercial service, but it gives you more control over who manages your data and how your home network is accessed.

The process is based on the old incoming connections tool in the Control Panel. To begin, go to the Windows Settings, then Network & InternetFrom there, in Windows 10 go to "Status" and click on "Change adapter options". In Windows 11, go to "Advanced network settings" and select "More network adapter options".

The classic Control Panel window will open, displaying your network adapters (Ethernet, WiFi, etc.). In that window, press the key Press Alt or F10 to display the classic menu If it doesn't appear, go to "File" and select "New Incoming Connection." This option allows you to prepare Windows to accept connections from other computers over the internet.

A screen will appear with the system's user accounts. You can Mark existing users or create a new one This is the username that will be used when connecting to the VPN. For security reasons, it's highly recommended to create a specific VPN user account with a strong username and password, which you will then use from your client devices.

On the next screen, Windows will ask you how these users will connect. Make sure to leave the box checked. “Through the Internet”, since it is what allows the VPN connection to be established from outside your local network, passing through the Internet to your server computer.

A list of the network protocols and components for the incoming connection will appear later. It is important to select the appropriate option here. “Internet Protocol version 4 (TCP/IPv4)” and click on “Properties”. This window is used to decide which IP addresses will be assigned to VPN clients once they are connected.

By default, Windows may try to assign IPs automatically, but it's better to tell it that Reserve a specific IP address range for the VPNSelect the option that allows you to specify IP addresses and define a range within your local subnet. This sounds more technical than it is, but it can be solved by knowing your gateway IP address.

To find out, open the "Command Prompt" application and run the command ipconfigAmong the displayed data, you will see a line with "Default Gateway," which will almost always be something like 192.168.0.1 or 192.168.1.1. This is your router's IP address.

In the VPN server's IPv4 properties, the The first three numerical sections of your assigned IP addresses must match that of the router.For example, if the gateway is 192.168.1.1, you can reserve a range of 192.168.1.20 to 192.168.1.30 for the VPN. This way, any client connecting to your VPN server will receive an IP address within that range.

Once the range is defined, accept the changes and return to the network software screen. Everything is now ready, so simply click on “Allow access” This allows Windows to create the incoming connection and activate the VPN server. From then on, your computer will be ready to receive external VPN connections, provided your router and firewall aren't blocking the traffic.

Open the port on the router and configure the Windows firewall

In order for devices outside your home or office to reach the VPN server, you need to Open the corresponding port on your router and tell the Windows firewall to allow that traffic. Otherwise, any connection attempt from the internet will be blocked before reaching the server.

In most home setups, routers use the gateway IP address we mentioned earlier (something like 192.168.1.1 or 192.168.0.1). If you type that address into your browser's address bar, you'll be able to access the router's web interfaceThe initial username and password are usually found on a sticker on the device itself, although for security reasons it is highly recommended to change them.

Once inside the router, you need to look for the section related to “Port forwarding”, “Port forwarding” or “NAT”The terminology varies depending on the manufacturer, but the idea is always the same: define a rule that opens an external port and directs it to the internal IP address of the computer where your VPN server is running.

The standard port for this type of connection in Windows is the 1723You will need to create a new rule specifying that TCP traffic to port 1723 should be sent to your server computer's private IP address (not the router's). If you don't know that IP address, use the ipconfig command again and look at the "IPv4 Address" line corresponding to your active network adapter.

In parallel, you need to adjust the Windows firewall so that it doesn't block remote access functionality. Go to Control Panel, then to System and Security > Windows Defender Firewall and, in the left column, click on “Allow an app or feature through Windows Defender Firewall”.

Within that window, click on “Change settings” to modify the list. Then, in alphabetical order, find the entry called “Routing and remote access” Check both the private network and public network boxes. By doing so, you'll be authorizing that service to receive traffic through the firewall on both types of networks. Save the changes by clicking OK. If you want more tools to manage firewall security, you can review options for Manage the Windows firewall.

Some more advanced guides also recommend Review the network profile using PowerShellBy running as administrator and using commands like Get-NetConnectionProfile and Set-NetConnectionProfile, you can ensure that your local network is marked as “Private”, which reduces firewall conflicts and prevents unnecessary blocking.

If you want your VPN server to be available as soon as you turn on your computer, it's a good idea to go into the Windows "Services" tool and locate the service. “Routing and remote access”Open its properties and set the startup type to "Automatic (delayed startup)." This will ensure Windows starts the VPN service reliably every time it boots.

Manage dynamic IP and domain for your VPN server

There is a practical detail that is often overlooked: the Your router's public IP address is usually dynamic.In other words, your operator can change it at any time (by restarting the router, for example), which would make the address you point to to connect to your VPN no longer valid.

One simple way to solve this is to use a dynamic DNS service, such as No-IP or similarThese services allow you to register a domain name (for example, “tuvpn.no-ip.org”) that will always point to your router's current public IP address, even when it changes.

The procedure is usually similar in all cases: first you register on the website, choose the domain name you want, and then You install a small client on the PC that acts as a VPN server.This client is responsible for notifying No-IP every time the public IP changes, so that the domain is updated automatically.

Within your account panel for the dynamic DNS service, you will need to ensure that The domain you created is marked and associated to the client installed on your computer. From then on, even if you restart the router and your public IP address changes, the client will update the information and you can always connect by typing the same domain name in the VPN settings.

This is very useful because it saves you from having to check and share the new IP address every time it changes. In practical terms, your devices only need to know that fixed domain, the username and the password that you defined for the VPN.

Connect to your VPN from Windows and other devices

Once you have the server up and running, the ports open, the firewall configured, and (if you want) the dynamic domain set up, comes the most rewarding part: connect to your VPN from other devices, both with Windows and from Android or iOS mobiles.

On a PC running Windows 10 or 11, the process is very similar to that of any other VPN. Go to Settings, then to Network and Internet > VPN and click on “Add a VPN connection”. Under Provider, choose “Windows (built-in)”, give the connection a name, and in “Server name or address”, enter your router's IP address or domain name (or the IPv4 IP address of your server if you are on the same local network).

In the authentication fields, enter the username and password that you created specifically for the incoming connection From the VPN. Save the profile and then select the connection to click "Connect". If everything is configured correctly, in a few seconds you will see the status change to connected and your computer will begin using the VPN tunnel.

It's a good practice to then review the advanced VPN connection settings by accessing its properties through the Control Panel, in the "Network and Sharing Center" section, and then "Change adapter settings." There you can adjust the security and network sectionDisabling IPv6 if you don't need it, making sure IPv4 is enabled, and, if appropriate, going into "Advanced Options" to decide whether you want to use the VPN server's default gateway or not.

In the security section of that same window, it's advisable to verify that the VPN type and encryption methods These settings match what you've configured on the server to avoid authentication or protocol errors. Once everything matches, simply click "OK" and test the connection again.

On Android and iOS phones, the process is similar, although the interface differs. Each system has its own "VPN" section in the network settings, where you can create a new profile by entering the server address, VPN type, username and passwordThe key remains the same: point to the correct IP or domain and use the credentials you created on your Windows computer.

Use a provider's VPN service instead of setting up your own

If all this talk about setting up a server, opening ports, and tweaking the firewall sounds too complicated, you have another option: Use a commercial VPN through a Windows applicationIn this case, you are not responsible for maintaining the servers yourself, but rather you delegate this task to a specialized provider.

The market is highly competitive, with numerous services such as NordVPN, CyberGhost, ExpressVPN, AVG Secure VPN, and many others. The basic idea is always similar: You register, install the official application, log in, and choose a server in the country you want.The app is responsible for creating the tunnel, managing protocols, reconnections, and additional options such as the kill switch.

When choosing a supplier, it's advisable to focus on three key points: the privacy policy and no activity log, the type and level of encryption they use (to avoid weak services) and the company's overall reputation, including the jurisdiction in which it operates and the technical support options it offers.

In practice, you simply need to download it from their website or from the Microsoft Store. Windows-specific version of the applicationRun the installer and follow the wizard. Many times they include free trial versions so you can test them out. speedstability and ease of use before paying for a full subscription.

Once the app is installed, you choose a server (or let the VPN automatically select the fastest available one), activate the connection, and that's it. At that moment, all your internet traffic will be protected. It is channeled through the commercial VPNAnd you can change virtual countries with a couple of clicks if you need to access geographically restricted content.

These applications typically integrate advanced features such as kill switch (cut off internet if VPN fails)Support for various protocols (OpenVPN, WireGuard, etc.), automatic connection on open WiFi networks, and additional options to prevent DNS leaks or IPv6. All of this reduces the risk of data leaks that you might have if you configure the VPN manually and make a mistake.

On the other hand, you are completely dependent on that supplier: All your traffic passes through their servers.So you should choose one with a good reputation and clear no-logs policies. Free VPNs, in particular, are often funded by exploiting usage data or injecting advertising, so they're not the best idea if true privacy is your priority.

In short, setting up your own VPN on Windows or using a commercial service are two different paths to achieve similar goals: having a A more secure, encrypted connection with better control over your information.The choice depends on whether you prefer absolute control and a bit more technical work, or convenience and a turnkey solution in exchange for relying on a third party.