Open the Server Manager, Click on Manage, and choose Add roles and features.
Click Next on the “Before you begin” page if you don't skip the page by default.
Choose Role-Based or feature-based installation and click on next.
Select the server which get the new feature and click on next.
Select Network Policy and Access Services to add the features
Click on Next.
Click on Next.
Select Network Policy Server and click on Next
Select Restart if needed ( only when it’s possible to restart ) and click on Install.
Create a new group in the Active Directory named VPN and add users to it.
Open the Server Manager, Click on Tools, then click on Network Policy Server.
Click right on NPS (Local) and select Register server in Active Directory
Click on OK to continue
Click on OK
Click on Radius Clients and Servers > Radius Clients (right click) > New
Add a device with a shared key to connect. And Click on OK
Click on Policies > Network Policies (right click) > New
Name the Policy “VPN Access” and click on Next
Add a new Condition > Select Windows Groups > click on Add
Select the Windows group or groups and click on OK
Click on Next
Select Access Granted and click on Next
On “Configure Authentication Methods”, click on Next.
On “Configure Constraints”, click Next.
On “Configure Settings”, click Next.
Click on finish
Then go to the pfSense VPN Setup.