locked
Windows Server 2012 R2 as VPN (L2TP IPSec) Server RRS feed

  • Question

  • Hello!

    I have a problem connecting to VPNs server (L2TP IPsec) I am using preshared key for the IPsec policy. If I am connected on the same network I can establish a VPN connection. If I am outside my office and try to establish the VPN it is not available.

    Do you have idea how to solve this issue?

    Thanks in advance!

    Dean

    Monday, November 10, 2014 8:42 PM

Answers

  • Actually now it is working. currently I am at home and I am connected to my workplace.

    So for future reference, checklist for setup VPN Server (RRAS) on Windows Server 2012 R2 Standard:

     - UDP PORT 4500

     - UDP PORT 500

     - TCP PORT RANGE 29152 through 65535

     - http://support.microsoft.com/kb/926179/en-us

    I only need to configure the routing now. I see that my public IP now is the public IP of the VPN Server. I need to configure routing not to route traffic through the VPN Server.

    Steven, thanks for the help!

    • Proposed as answer by Steven_Lee0510 Wednesday, November 12, 2014 9:11 AM
    • Marked as answer by Steven_Lee0510 Monday, November 24, 2014 1:04 PM
    Tuesday, November 11, 2014 6:44 PM

All replies

  • Hi Dean,

    Please check the event log of the VPN server. There should be some information about why the client fails to establish the VPN tunnel.

    Besides, please post the network topology of your VPN deployment. It may give some hints.

    If the VPN server is deployed behind the NAT device, some additional configuration is needed.

    For detailed information, please refer to the link below,

    http://support.microsoft.com/kb/926179/en-us

    Also, UDP port4500 which used by NAT-T should be forwarded by the NAT device.

    Best Regards.



    Steven Lee

    TechNet Community Support

    Tuesday, November 11, 2014 6:39 AM
  • There isn't any log. I think that the request doesn't even come to the server (from WAN). As I said previously while I am on the same network, I am able to establish the connection.

    My server is behind a router, and on this router I have port mapping - UDP 4500, UDP 500 and TCP Port Range: 29152 - 655535 that are forwarded to the server.

    Regarding the link you sent, I already tried that before posting the question.

    I tried to verify that the server is listening on the ports and using "canyouseeme.org" checked if the ports are open

    but is says that it cannot see the service on those ports.

    Ideas? :)

    Tuesday, November 11, 2014 1:19 PM
  • Actually now it is working. currently I am at home and I am connected to my workplace.

    So for future reference, checklist for setup VPN Server (RRAS) on Windows Server 2012 R2 Standard:

     - UDP PORT 4500

     - UDP PORT 500

     - TCP PORT RANGE 29152 through 65535

     - http://support.microsoft.com/kb/926179/en-us

    I only need to configure the routing now. I see that my public IP now is the public IP of the VPN Server. I need to configure routing not to route traffic through the VPN Server.

    Steven, thanks for the help!

    • Proposed as answer by Steven_Lee0510 Wednesday, November 12, 2014 9:11 AM
    • Marked as answer by Steven_Lee0510 Monday, November 24, 2014 1:04 PM
    Tuesday, November 11, 2014 6:44 PM
  • Hi Dean,

    Glad to hear that your issue is resolved and thanks for the sharing!

    Best Regards.



    Steven Lee

    TechNet Community Support

    Wednesday, November 12, 2014 9:13 AM