locked
Setting up Windows Server 2008 R2 as a VPN Host RRS feed

  • Question

  • I've used Server Manager to install and configure RRAS on a Windows Server 2008 R2 machine, and it appears to be running. I'm intending to use it as an L2TP/IPSec PSK host. However, VPN clients are unable to connect. I've ensured that Routing and Remote Access is checked on the Exceptions tab of Windows Firewall, but when I use PortQryV2 from another computer on the LAN on the same side of the perimeter hardware firewall as the server to send an L2TP query to UDP port 1701, I get a FILTERED response. In short, it looks like it's running, but it acts like it's not.

    Have I missed something?

    Thursday, August 6, 2015 8:51 PM

Answers

  • Hi Matt,

    I am not and Windows VPN expert, but I would start with some basics:

    -Disable windows firewall and test connecting internally. If that works then move onto your hardware firewall.

    -If not start troubleshooting windows services and client configurations.

    • Proposed as answer by Leo Han Monday, August 17, 2015 7:42 AM
    • Marked as answer by Leo Han Tuesday, August 18, 2015 8:38 AM
    Thursday, August 6, 2015 8:58 PM

All replies

  • Hi Matt,

    I am not and Windows VPN expert, but I would start with some basics:

    -Disable windows firewall and test connecting internally. If that works then move onto your hardware firewall.

    -If not start troubleshooting windows services and client configurations.

    • Proposed as answer by Leo Han Monday, August 17, 2015 7:42 AM
    • Marked as answer by Leo Han Tuesday, August 18, 2015 8:38 AM
    Thursday, August 6, 2015 8:58 PM
  • Hi!

    Same results with Windows Firewall disabled.

    For Services, I see the following displaying a 'Started' status:

    • IPSec Policy Agent
    • IKE and AuthIP IPSec Keying Modules
    • Remote Access Connection Manager
    • Routing and Remote Access

    I believe that's everything that should be running related to L2TP/IPSec, but that's one of the things I'm unclear on.

    As far as client configurations, with PortQry just being a command line tool, there's not much of a configuration to check - pointed at the right IP and UDP port, it should get a L2TP response.

    Thanks for your help.



    Thursday, August 6, 2015 9:12 PM
  • Hi Matt,

    Are there any events of RRAS and NPS? They would help to analyze the problem.

    L2TP/IPsec VPN needs to configure certificates on both VPN server and client.

    Besides, here is the guide for configuring ports for VPN:
    Configure a Firewall for VPN Traffic:
    https://technet.microsoft.com/en-us/library/dd458955(v=ws.10).aspx

    Best Regards,

    Leo


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, August 7, 2015 9:53 AM