Set up an L2TP/IPsec VPN on a Windows Server 2016
Login to server and Click on Check Updates
Open Windows Start menu and click on Server Manager
Click on Manage -> Add Roles and Features
Select Role-based or feature-based installation and click on Next
Select a server from the server pool and click on Next
`
Select Remote Access and click on Next
Click on Next
Select DirectAccess and VPN (RAS) and Routing
Click Next
Select Restart the destination server automatically if required , Click Yes
Open Routing and Remote Access in Server Manager -> Tools -> Routing and Remote Access
Right click on the server name and click on Configure Routing and Remote Access
Select Custom configuration and click on Next
Select VPN access and NAT and click on Next
Complete the wizard by clicking on Finish and start service
Configure Routing and Remote Access
Right click on the server name (VPN) and click on Properties
Navigate to Security tab and select Allow custom IPsec policy for L2TP/IKev2 connection
fill this with a strong password. Eg Tafe123$ (remember this password we will use this later in the configuration)
Navigate to IPv4. In our setup we do not have a DHCP server, therefore, we have to select the option Static address pool and click on Addto enter your IP address range.
Configure NAT
Right click on NAT by navigating to Routing and Remote Access -> VPN (server name) -> IPv4 -> NAT and click on New Interface...
A new screen will be opened and select Ethernet and click on OK.
Select Public interface connected to the Internet and select Enable NAT on this Interface
Open Services and Ports tab select VPN Gateway (L2TP/IPsec - running on this server) from the list
A new screen will be opened. Edit Private address variable from 0.0.0.0 to 127.0.0.1 and click on OK
Restart Routing and Remote Access
Right click on server name (VPN) and navigate to All Tasks and click on Restart
Windows Firewall
A new screen will be opened. Select Predefined: Routing and Remote Access and click on Next
Select Routing and Remote Access (L2TP-In) and click on
Configure User(s)
Before user(s) can start using VPN we have to give them permission to connect.
You should see a list of users of your server. Right click on the user you want to enable VPN and click on Properties
A new screen will be opened with User Properties. In our example it’s Administrator. Open Dial-Intab and select Allow access
Navigate to Tools -> Remote Access Management. A new screen will be opened with the Remote Access Dashboard. You can see in our overview that services are running without warnings.
Log in to Windows 10
Configure VPN
Click on Set up a new connection on a network
Select Connect to a workplace and click on
Click Use my Internet connection (VPN)
Enter your IP address in the Internet Address field. 192.168.32.10 ( ignore the one in the picture)
After you have clicked on Create the set up wizard will be closed.
Click Change adapter settings on the left side menu.
You will now see all available interfaces. Open Properties of the VPN connection interface
Open dropdown of Type of VPN and select Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec)
Click on Advanced settings. Select Use preshared key for authentication and fill in the preshared key which you created on the Windows Server. Apply it by clicking on OK.
Return back to the Security tab. Select Allow these protocols and check the following values
Connect to VPN server
You will be asked to enter a User name and Password
Finished
