Set up an L2TP VPN Server on Windows Server 2012

Set up an L2TP VPN Server on Windows Server 2012

Configuring Windows Server 2012 R2 (VPN Server configuration)

Configuring Windows Server 2012 R2 (VPN Server configuration)

This step will allow us to configure the server to accept incoming connections. During the installation, add also the roles/features/Role Services that are proposed after selecting the ones in the instructions below.

  1. In Server Administrator, open the Add Roles and Features Wizard.
  2. Select Remote Access role.
    • remote-access-role-windows-server-2012-r2
  3. Add Remote Access Management Tools feature. Enable Remote Server Administration Tools it not installed.
    • add-feature-remote-access-management-tools-windows-server-2012-r2
  4. Add DirectAccess and VPN (RAS) role service.
    • directaccess-and-vpnras-role-service
  5. The installation will take a few minutes. Once completed, click Open the Getting Started Wizard.
    • post-deployment-configuration-open-getting-started-wizard-windows-server-2012
  6. Configure Remote Access will appear. Select Deploy VPN only.
    • configure-remote-access-wizard-deploy-vpn-only-windows-server-2012-r2
  7. Routing and Remote Access should start, if it doesn’t, go in Server Administrator > Tools > Routing and Remote Access.
  8. Right click on the server name and select Configure and Enable Routing and Remote Access.
    • routing-and-remote-acces-configure-and-enable-routin-and-remote-access
  9. The setup Wizard will start. Click Next.
    • routing-and-remote-acces-setup-wizard-start
  10. Select Custom configuration and click Next.
    • routing-and-remote-acces-setup-wizard-custom-configuration
  11. Select VPN Access and NAT.
    • routing-and-remote-acces-setup-wizard-vpn-access-nat
  12. Click Finish.
    • routing-and-remote-acces-setup-wizard-summary
  13. After clicking finish you might receive a warning message telling you that the Wizard is unable to make any change on the Firewall. Don’t worry about this, we’ll configure the firewall later on.
  14. Click Start service.
    • routing-and-remote-acces-setup-wizard-start-service
  15. Right click again on the server name and select Properties.
    • routing-and-remote-acces-right-click-server
  16. In General, leave everything by default.
    • routing-and-remote-acces-properties-generalpng
  17. In the Security tab, click Allow custom IPsec policy for L2TP/IKEv2 connection and type your preshared key. In the example below the key is MyKEY. Make sure you use something a bit more complex than that. 🙂
    • routing-and-remote-acces-properties-security
  18. In IPv4 tab, make sure Enable IPv4 Forwarding is enabled and select a Static address pool (or use the DHCP option if you have DHCP enabled). Then click Add in order to add a scope (in the screenshot below I’m using a range of 3 addresses, from 192.168.10.100 to 102).
    • routing-and-remote-acces-properties-ipv4
    • routing-and-remote-acces-properties-ipv4-range
  19. The other tabs are left to their default values/selections.
  20. Click Apply, you will be asked to restart Routing and Remote Access service, go ahead with it.
    • routing-and-remote-acces-restart-service
  21. The configuration is nearly completed, right click on Ports and select Properties.
    • routing-and-remote-acces-right-click-ports
  22. You will see a list of devices and their protocol. Double click on PPTP and deselect everything in order to disable this protocol (you may leave the Max ports to 128). Then, if you want, double click on the others as per my screenshot reduce the number of ports associated to them. I put them down to 5, you will need to do decrease or increase the number based on the number of connections you will be accepting.
    • routing-and-remote-acces-list-devices-protocols
    • routing-and-remote-acces-configure-device-disable-pptp
  23. Last step for the VPN setup: restart the Routing and Remote Access service. You can do it by right clicking on the server name > All TasksRestart.
    • routing-and-remote-acces-all-tasks

IT Droplets

IT Droplets