Set up an L2TP VPN Server on Windows Server 2012

Intro

This article will describe how to set up an L2TP VPN Server on Windows Server 2012 R2 start to finish and step by step including Firewall configuration and port forwarding. The way I’m going to set it up includes the NAT service as well that will allow you to not only connect to the L2TP VPN but also to access the internal LAN you’re connecting to. One of the reasons why I tried this  was due security (I never did it before). I didn’t want to use Windows 10’s “Incoming connection” as that will set up an insecure VPN server using the PPTP protocol.

If you’ve already set up the VPN bit and are having issues with reaching anything within the LAN you’re connected to (even the VPN server itself), then you might have missed the NAT service.

This article might look lengthy but trust me, the actual configuration is pretty fast, I’m just adding literally every single step.

The step by step guide was performed on a clean Windows Server 2012 R2 Virtual Machine running in Hyper-V (Windows 10 Pro is the Hypervisor sharing its only network card). The steps apply also when you’re performing this on a physical Server.

internet-wirelessrouter-hyper-v-server-vm

The above represent more or less what the network behind the router looks like. In my specific case I have other plain switches between the wireless router and the Hypervisor (which, again, it’s not a Server but a Windows 10 desktop).

TIP: If the server you’re installing this on is a virtual machine, take a snapshot before and after every major step so that you can revert to it in case of issues without starting from scratch. Make sure you remove them once you’re happy. 🙂

In order to facilitate reading, I have split the article into different sub-pages.

4 thoughts on “Set up an L2TP VPN Server on Windows Server 2012

  1. hi
    i do all these same as you say except page 5…

    here is my situation :

    i have vmware work station and windows server 2k16..

    and in vmware i add 2 network adapter :

    1.microsoft km-test loopback adapter that its ip is static (in my lan) with ip 217.218.5.10
    2.default network adapter of vmware that is my lan network : ip 192.168.2.1

    but i have no router (in my vmware) to configure it..

    i want to just test my l2tp vpn server is ok and connect to myself…
    (i gave these range for ipv4 range : 192.168.2.20 – 192.168.2.25)

    but when i trying to connect with ip 217.218.5.10 it gave this error :
    789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

    with pptp tunnel its work fine but with l2tp…..

    any help appreciated…

    thank you

  2. Hi both,
    I’m afraid I would need to double check that. I think it may be a MS limitation with these being behind a NAT, but I have had no time to replicate and confirm. I’ve only used it once in a lab environment and I thought it was a cool thing to share.
    I hope to have some time soon to check it out.

    Question: are you able to connect whilst using a phone on an LTE connection?

Leave a Reply

Your email address will not be published. Required fields are marked *