by
Windows Server Essentials is a great option for your home network. I'm using it mostly for DNS, DHCP, client backups, storage and VPN but, really, you can do anything with it. The built-in Connector for Windows clients makes accessing your home network from anywhere charmingly easy, and Microsoft gives you a free *.remotewebaccess.com domain with dynamic DNS and automatic configuration on top of that. External clients connect via Microsoft's DirectAccess back home. In case you haven't heard of it, it's basically Windows-only proprietary VPN.
Before upgrading to Server 2016, I've used VPN extensively on my iPhone & iPad to access my home network. I chose to use L2PT with a PreSharedKey for connecting my iOS devices. Where I could simply use the GUI in Server 2012 R2, Server 2016 is less cooperative:
If you're not fluent in German, the Routing & RAS app tells me that I can't use the GUI for configuration since legacy mode is disabled. And I can't enable it. That's bad, but since Microsoft ❤️ PowerShell, there are commandlets for everything! Just make sure to have the Remote Access Tools for Windows Powershell feature installed (it comes automatically with the Essentials role).
User mazo22 at HomeServerShow nicely explained the command to set a PreSharedKey:
Set-VpnAuthProtocol -SharedSecret "YourSecretValueHere" -TunnelAuthProtocolsAdvertised PreSharedKey
The PreSharedKey is not persisted during reboots, for security reasons. For convenience reasons, there is Windows Task Scheduler. Create a job, make it run at system start and call C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe as programm and supply the path to your SetPreSharedKey.ps1 as argument.
But, for real: Here's a complete sample script that shows you how to keep the secret safe, even in a script. Don't store the PreSharedKey as plain text in the script!
Connecting your iPhone or iPad to your home server
Simply set up a new VPN connection in your device, use the L2TP type and your regular Active Directory username / password (without the domain specifier). The SharedSecret is what you've just set up.
Happy connecting!