Cadzow Knowledgebase


Welcome
Contact Us
Professional
Services

Consulting
Knowledgebase/
Site Search

Remote Support

Print Friendly

Windows Server: Creating L2TP VPN Connections

To configure Windows to use L2TP/IPsec connections:

Server Configuration

  1. Ensure the services IKE and AuthIP IPsec Keying Modules and IPsec Policy Agent are running, and set to Automatic start:

    sc config IKEEXT start= auto
    sc config PolicyAgent start= auto
    net start IKEEXT
    net start PolicyAgent

  2. In Routing and Remote Access, right-click the server and choose Properties. In the Security tab, enable Allow custom IPSec policy for L2TP connection. Then enter the Preshared Key, which should be a secure random password.

  3. Right-click Ports, and choose Properties. Under Devices, click WAN Miniport (L2TP), choose Configure. Enable Remote access connections (inbound only) and change the Maximum Ports as required.

  4. In Windows Firewall with Advanced Security, add a rule to allow inbound connections on ports 500 and 4500 for UDP, and a rule to allow inbound connections on protocol 50. (Further Reading.)

    Ensure the default rule Routing and Remote Access (L2TP-In) is enabled.

  5. On the network edge (router), allow inbound UDP traffic on ports 500, 4500 and 1701.

  6. If the server or clients are behind a NAT device, which is quite common due to the use of network edge devices such as routers, open an elevated command prompt and enter:

    reg add HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /d 2 /t REG_DWORD /f

    Then reboot.

    Without this setting, clients will report “Error 809: The network connection between your computer and the VPN server could not be established because the remote server is not responding”.

  7. Ensure inbound and outbound filters set appropriately under Routing and Remote Access → <Server> → IPv4GeneralProperties.

Client Configuration

  1. Add the AssumeUDPEncapsulationContextOnSendRule setting as above.

  2. Change the Type of VPN to Layer 2 Tunneling Protocol with IPsec and enter the preshared key under Advanced Settings.

Copyright © 1996-2023 Cadzow TECH Pty. Ltd. All rights reserved.
Information and prices contained in this website may change without notice. Terms of use.


Question/comment about this page? Please email webguru@cadzow.com.au