Using Microsoft RRAS to setup a VPN server for PPTP is quite
common; however, administrators have had a tough time configuring their RRAS
Servers to enable L2TP VPN for their users. But the setup is actually quite
easy once you know the exact steps to follow:
1. The ports needed to be open on your router and the
Server's firewall for the L2TP protocol to work are as follows:
UDP 500
UDP 4500
TCP 1701
GRE (This is protocol 47 and not the port 47; Your router
should have the configuration for this and so does Windows Firewall)
2. Be sure to use a different public IP address for your
L2TP traffic as the primary WAN IP cannot be used for this purpose. This is
mainly because if you do have VPN tunnels active on your router, the ports 500
and 4500 will be prioritized for the tunnels and won't be available to use for
the L2TP traffic. So configure a secondary WAN address for all L2TP related
connections.
3. You will need to add a registry key on your Server where
you have configured your RRAS:
Login to the PC as Administrator or an user who is a member
of the Administrator Group.
Click Start | Run or Start | All Programs | Accessories |
Run and type regedit.
Locate the entry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent.
Create a new DWORD (32-bit) value (Edit | New).
Add AssumeUDPEncapsulationContextOnSendRule and save.
Modify the new entry and change Value Data from 0 to 2.
Reboot the computer.
4. Login to your Server and open RRAS management console:
Right click on the RRAS Server on the left and choose
Properties
Click on the Security tab and check the box that reads
"Allow custom IPsec policy for L2TP connection"
Enter a Preshared secret in the box below; you will need to
share this Preshared secret with your users to configure the client connection
on their side
Press OK to apply the new settings and restart the RRAS
service by right clicking the RRAS Server and choosing restart
5. Configure your client side VPN configuration by choosing
the VPN type as L2TP/IPsec and be sure to enter the Preshared secret in the step
above
If you follow the above steps exactly as described, you
should now be able to connect to your RRAS Server using L2TP protocol. You
should also be able to have your PPTP connection working with the same RRAS
server as well without any problems.
Brian Shad
Using Microsoft RRAS to setup a VPN server for PPTP is quite common; however, administrators have had a tough time configuring their RRAS Servers to enable L2TP VPN for their users. But the setup is actually quite easy once you know the exact steps to follow:
1. The ports needed to be open on your router and the Server's firewall for the L2TP protocol to work are as follows:
2. Be sure to use a different public IP address for your L2TP traffic as the primary WAN IP cannot be used for this purpose. This is mainly because if you do have VPN tunnels active on your router, the ports 500 and 4500 will be prioritized for the tunnels and won't be available to use for the L2TP traffic. So configure a secondary WAN address for all L2TP related connections.
3. You will need to add a registry key on your Server where you have configured your RRAS:
4. Login to your Server and open RRAS management console:
5. Configure your client side VPN configuration by choosing the VPN type as L2TP/IPsec and be sure to enter the Preshared secret in the step above
If you follow the above steps exactly as described, you should now be able to connect to your RRAS Server using L2TP protocol. You should also be able to have your PPTP connection working with the same RRAS server as well without any problems.
Good Luck