Start a new topic

L2TP VPN Using Microsoft RRAS

Using Microsoft RRAS to setup a VPN server for PPTP is quite common; however, administrators have had a tough time configuring their RRAS Servers to enable L2TP VPN for their users. But the setup is actually quite easy once you know the exact steps to follow:



1. The ports needed to be open on your router and the Server's firewall for the L2TP protocol to work are as follows:


  • UDP 500
  • UDP 4500
  • TCP 1701
  • GRE (This is protocol 47 and not the port 47; Your router should have the configuration for this and so does Windows Firewall)


2. Be sure to use a different public IP address for your L2TP traffic as the primary WAN IP cannot be used for this purpose. This is mainly because if you do have VPN tunnels active on your router, the ports 500 and 4500 will be prioritized for the tunnels and won't be available to use for the L2TP traffic. So configure a secondary WAN address for all L2TP related connections.


3. You will need to add a registry key on your Server where you have configured your RRAS:


  • Login to the PC as Administrator or an user who is a member of the Administrator Group.
  • Click Start | Run or Start | All Programs | Accessories | Run and type regedit.
  • Locate the entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent.
  • Create a new DWORD (32-bit) value (Edit | New).
  • Add AssumeUDPEncapsulationContextOnSendRule and save.
  • Modify the new entry and change Value Data from 0 to 2.
  • Reboot the computer.


4. Login to your Server and open RRAS management console:


  • Right click on the RRAS Server on the left and choose Properties
  • Click on the Security tab and check the box that reads "Allow custom IPsec policy for L2TP connection"
  • Enter a Preshared secret in the box below; you will need to share this Preshared secret with your users to configure the client connection on their side
  • Press OK to apply the new settings and restart the RRAS service by right clicking the RRAS Server and choosing restart


5. Configure your client side VPN configuration by choosing the VPN type as L2TP/IPsec and be sure to enter the Preshared secret in the step above


If you follow the above steps exactly as described, you should now be able to connect to your RRAS Server using L2TP protocol. You should also be able to have your PPTP connection working with the same RRAS server as well without any problems.


Good Luck

Login or Signup to post a comment