Connect with us

Hi, what are you looking for?


How to setup L2TP / IPSec VPN on Windows Server 2016

How to setup L2TP / IPSec VPN on Windows Server 2016


an introduction

A VPN extends a private network across a public network so that you can safely access your data remotely over the public network. You can also use a VPN to secure your internet activity by using the VPN server as a proxy server.

This article will show you how you can setup L2TP/IPsec VPN on Windows Server 2016 Standard with step by step screenshots. A VPN can be used to access your business network.

We will configure the VPN with the built-in feature (Routing and Remote Access RRAS) provided by Microsoft in Windows Server 2016. This feature can be enabled in the Add Roles and Features Wizard.

Basic requirements

  • A server with Windows Server 2016 Standard installed. If you don’t have a server, you can order one at
  • Access your Windows Server with Administrator or a user with Administrator permissions

Step 1 – Login with RDP

You must be logged in via RDP as an administrator or a user with admin permission. Please see this article for instructions if you do not know how to connect.

Step 2 – Update Windows

All Windows updates must be installed before starting to install and configure L2TP/IPsec. This is necessary to keep the server up to date with all security patches.

to open Start in Windows Menu and click Settings

Go to Update & Security

Click Check for updates to check if there are any updates for your server.

Download and install all updates if they are available.

Step 3 – Install Dependencies

to open Start in Windows Menu and click Server Manager

Click Manage -> Add Roles and Features

A new screen will open and click Next

Select Role or Feature Based Installation and click Next

Select Select a server from the server pool and click Next

Select Remote Access and click Next

Click Next

Click Next

Select Direct Access, VPN (RAS), and Routing. Once selected, a popup will appear and click Add Features

Click Next

Click Next

Click Next

Select to restart the destination server automatically if necessary

Once selected, a popup will appear and click Yes to allow the system to restart if necessary.

The last step is to click install.

The installation is pending.

Installation completed.

Step 4 – Routing and Remote Access

to open routing and remote Access In Server Manager -> Tools -> Routing and Remote Access.

A new screen will open. Right click on the server name and click on Configure Routing and Remote Access.

A new setting screen will open routing access server and click Next

we use custom configuration because Access to a Virtual Private Network (VPN) and NAT Requires two or more network interfaces.

Select Custom Configuration and click Next

Select VPN and NAT access and click Next

Complete the wizard by clicking Finish

After the wizard is complete, a popup will appear with the question if you want to Begins the Routing and remote access service. Click Start Service

Step 5 – Configure Routing and Remote Access

Right click On the server name (VPN) and click on Properties

Go to the Security tab and select Allow custom IPsec policy for L2TP / IKev2 connection. In the screenshot section we have a pre-shared key but you have to fill in this with a strong password.

You can use a password. Passphrase generator to generate a pre-shared key. Generate a strong pre-shared key of at least 32 characters.

Go to IPv4. In our setup, we don’t have a DHCP server, so, we have to select the static address pool option and click Add to enter your IP address range.

We used the following range:

Starting IP: Final IP: Number of addresses: 254

Click OK to save the IPv4 domain.

Click OK to apply the changes we made in the properties of the Routing and Remote Access service. You should get a warning popup with information to restart the service, click OK.

Step 6 – Configure NAT

Right click on NAT by going to Routing and Remote Access -> VPN (Server Name) -> IPv4 -> NAT and click on New Interface…

A new screen will open, select Ethernet and click OK.

Select the public interface connected to the Internet and select Enable NAT on this interface

Open the Services and Ports tab, select a VPN gateway (L2TP / IPsec – running on this server) from the list.

A new screen will open. Edit the private address variable from to and click OK

Click OK

Step 7 – Restart Routing and Remote Access

Right click on the server name (VPN) and go to all tasks and click restart

Step 8 – Windows Firewall

to open Start in Windows Menu and click Control Panel

Open System and Security

Open Windows Firewall

Click Advanced Settings in the left menu

A new screen will open and incoming rules will open

Create a new rule by clicking New Rule… in the left-hand menu.

A new screen will open. Select Predefined: Routing and Remote Access and click Next

Select Routing and Remote Access (L2TP-In) and click Next

Click Finish

Check rule creation

Step 9 – Configure the user(s)

Before the user(s) can start using the VPN, we have to give them permission to connect.

Right-click on the Windows icon and click Computer Management

Open Local Users and Groups from the left menu and click Users

You should see a list of your server users. Right click on the user you want to enable VPN and click Properties

In our article we enable VPN for our admin user. We recommend creating/using separate users for VPN purposes with Limited permissions.

A new screen will open with user properties. In our example is Director. Open Dial-Intab and select Allow access

Click OK and Close Computer management. User Administrator now has permission to connect to server via L2TP/IPsec VPN connection.

Step 10 – Manage Remote Access

to open Windows starts menu and click Server Manager.

Go to Tools -> Remote Access Management. A new screen will open with the remote access dashboard. You can see in our overview that the services work without warnings.

More information about remote access management It can be found here.

Step 11 – Restart the server

to open Start in Windows List

Right click on a file Energy icon and click on Restart

Step 12 – Customer Contact


Congratulations, you have now configured L2TP/IPsec VPN on Windows Server 2016 Standard. If you need more help or assistance configuring Windows Server 2016 Standard, contact our support.

Don’t forget to share this post with friends !

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *



AnyConnect: Install a self-signed certificate as a trusted source 👨‍💻 kmgmt-2879-cbs-220-config-security-port objective The goal of this article is to walk you through creating and...


ITProPortal . Portal 👨‍💻 We live in a dynamic moment in terms of technology. Even criminals are becoming more technically savvy and are using...


Top 5 Free AV Packages – 👌 Bitdefender Antivirus Free Edition best interface Positives Works on Windows 7 and 8.1 Very easy to use...


Download antivirus for free. Best antivirus protection 👨‍💻 Protecting your identity, banking information and privacy Cybercriminals want your credit card details, passwords and other...