How to setup L2TP / IPSec VPN on Windows Server 2016
👨💻
an introduction
A VPN extends a private network across a public network so that you can safely access your data remotely over the public network. You can also use a VPN to secure your internet activity by using the VPN server as a proxy server.
This article will show you how you can setup L2TP/IPsec VPN on Windows Server 2016 Standard with step by step screenshots. A VPN can be used to access your business network.
We will configure the VPN with the built-in feature (Routing and Remote Access RRAS) provided by Microsoft in Windows Server 2016. This feature can be enabled in the Add Roles and Features Wizard.
Basic requirements
- A server with Windows Server 2016 Standard installed. If you don’t have a server, you can order one at Snel.com
- Access your Windows Server with Administrator or a user with Administrator permissions
Step 1 – Login with RDP
You must be logged in via RDP as an administrator or a user with admin permission. Please see this article for instructions if you do not know how to connect.
Step 2 – Update Windows
All Windows updates must be installed before starting to install and configure L2TP/IPsec. This is necessary to keep the server up to date with all security patches.
to open Start in Windows Menu and click Settings
Go to Update & Security
Click Check for updates to check if there are any updates for your server.
Download and install all updates if they are available.
Step 3 – Install Dependencies
to open Start in Windows Menu and click Server Manager
Click Manage -> Add Roles and Features
A new screen will open and click Next
Select Role or Feature Based Installation and click Next
Select Select a server from the server pool and click Next
Select Remote Access and click Next
Click Next
Click Next
Select Direct Access, VPN (RAS), and Routing. Once selected, a popup will appear and click Add Features
Click Next
Click Next
Click Next
Select to restart the destination server automatically if necessary
Once selected, a popup will appear and click Yes to allow the system to restart if necessary.
The last step is to click install.
The installation is pending.
Installation completed.
Step 4 – Routing and Remote Access
to open routing and remote Access In Server Manager -> Tools -> Routing and Remote Access.
A new screen will open. Right click on the server name and click on Configure Routing and Remote Access.
A new setting screen will open routing access server and click Next
we use custom configuration because Access to a Virtual Private Network (VPN) and NAT Requires two or more network interfaces.
Select Custom Configuration and click Next
Select VPN and NAT access and click Next
Complete the wizard by clicking Finish
After the wizard is complete, a popup will appear with the question if you want to Begins the Routing and remote access service. Click Start Service
Step 5 – Configure Routing and Remote Access
Right click On the server name (VPN) and click on Properties
Go to the Security tab and select Allow custom IPsec policy for L2TP / IKev2 connection. In the screenshot section we have a pre-shared key but you have to fill in this with a strong password.
You can use a password. Passphrase generator to generate a pre-shared key. Generate a strong pre-shared key of at least 32 characters.
Go to IPv4. In our setup, we don’t have a DHCP server, so, we have to select the static address pool option and click Add to enter your IP address range.
We used the following range:
Starting IP: 10.10.10.1 Final IP: 10.10.10.254 Number of addresses: 254
Click OK to save the IPv4 domain.
Click OK to apply the changes we made in the properties of the Routing and Remote Access service. You should get a warning popup with information to restart the service, click OK.
Step 6 – Configure NAT
Right click on NAT by going to Routing and Remote Access -> VPN (Server Name) -> IPv4 -> NAT and click on New Interface…
A new screen will open, select Ethernet and click OK.
Select the public interface connected to the Internet and select Enable NAT on this interface
Open the Services and Ports tab, select a VPN gateway (L2TP / IPsec – running on this server) from the list.
A new screen will open. Edit the private address variable from 0.0.0.0 to 127.0.0.1 and click OK
Click OK
Step 7 – Restart Routing and Remote Access
Right click on the server name (VPN) and go to all tasks and click restart
Step 8 – Windows Firewall
to open Start in Windows Menu and click Control Panel
Open System and Security
Open Windows Firewall
Click Advanced Settings in the left menu
A new screen will open and incoming rules will open
Create a new rule by clicking New Rule… in the left-hand menu.
A new screen will open. Select Predefined: Routing and Remote Access and click Next
Select Routing and Remote Access (L2TP-In) and click Next
Click Finish
Check rule creation
Step 9 – Configure the user(s)
Before the user(s) can start using the VPN, we have to give them permission to connect.
Right-click on the Windows icon and click Computer Management
Open Local Users and Groups from the left menu and click Users
You should see a list of your server users. Right click on the user you want to enable VPN and click Properties
In our article we enable VPN for our admin user. We recommend creating/using separate users for VPN purposes with Limited permissions.
A new screen will open with user properties. In our example is Director. Open Dial-Intab and select Allow access
Click OK and Close Computer management. User Administrator now has permission to connect to server via L2TP/IPsec VPN connection.
Step 10 – Manage Remote Access
to open Windows starts menu and click Server Manager.
Go to Tools -> Remote Access Management. A new screen will open with the remote access dashboard. You can see in our overview that the services work without warnings.
More information about remote access management It can be found here.
Step 11 – Restart the server
to open Start in Windows List
Right click on a file Energy icon and click on Restart
Step 12 – Customer Contact
conclusion
Congratulations, you have now configured L2TP/IPsec VPN on Windows Server 2016 Standard. If you need more help or assistance configuring Windows Server 2016 Standard, contact our support.
[ad_1]
Don’t forget to share this post with friends !