What is Always On VPN?
Always On VPN automatically connects users to your corporate network without manual intervention. Perfect for remote workers who need constant access.
Prerequisites
- Windows Server 2016 or later for VPN server
- Windows 10/11 Pro or Enterprise on client devices
- Public IP address or domain name
- SSL certificate for VPN server
Step 1: Install VPN Server Role
On Windows Server:
Install-WindowsFeature -Name RemoteAccess -IncludeManagementTools
Install-WindowsFeature -Name DirectAccess-VPN -IncludeManagementToolsStep 2: Configure Routing and Remote Access
- Open "Routing and Remote Access" console
- Right-click server ? Configure and Enable
- Select "Custom Configuration"
- Check "VPN access" and "NAT"
- Complete wizard and start service
Step 3: Create VPN Profile via Intune/GPO
Deploy VPN profile using Intune or create XML configuration file for deployment.
Step 4: Configure DNS and Routing
Ensure VPN clients can resolve internal DNS:
Set-VpnServerConfiguration -CustomPolicy -EncryptionMethod AES256Client Configuration (PowerShell)
Add-VpnConnection -Name "Company VPN" -ServerAddress "vpn.company.com" -TunnelType IKEv2 -AuthenticationMethod MSChapv2 -EncryptionLevel Required -RememberCredentialEnable Always On
Configure the VPN to connect automatically:
Set-VpnConnection -Name "Company VPN" -SplitTunneling $false -AllUserConnectionSecurity Best Practices
- Use multi-factor authentication
- Enable split tunneling only if necessary
- Monitor VPN connections regularly
- Keep VPN server patched and updated
💬 Comments (0)
💬 Join the conversation!
Login or create a free account to comment and get IT tips delivered to your inbox.