Introduction
There are two flavors of remote access available in Windows Server 2016. The most common way to implement the Remote Access role is to provide DirectAccess for your Windows 7, 8, and 10 domain-joined client computers and a VPN for the rest. The DA machines are typically your company-owned corporate assets. One of the primary reasons why DirectAccess is usually only for company assets is that the client machines must be joined to your domain because the DA configuration settings are brought down to the client through a GPO. I doubt you want the home and personal computers joining your domain.
VPN is therefore used for down-level clients such as Windows XP or non-domain-joined Windows 7/8/10, and for home and personal devices that want to access the network. Since this is a traditional VPN listener with all regular protocols available such as PPTP, L2TP, and SSTP, it can even work to connect devices such as smartphones and tablets to your network.
There is a third function...