Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2012 VPN using L2TP


  • Please log in to reply
2 replies to this topic

#1 finsfree

finsfree

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 09 September 2017 - 10:11 AM

Hello,

 

I am trying to setup a Windows Remote Access Server for VPN clients. At first I was in a lab environment and everything was working fine. My Windows 7 client connected.

 

Now I want to come in from the WAN side (outside). I have yet to make a connection.

 

What I have done so far:

  • Installed the Remote Access role on a Server 2012
  • Added the server to a domain
  • In active directory users and computers, changed the property settings in Dial in tab to "allow access" to each user.
  • Created the preshared key
  • Opened port 500, 1701, 4500 on my soho firewall

The error I am receiving is, "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."

 

Thanks,

 



BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 17 September 2017 - 12:50 PM

Could be a certificate or pre-shared key error. If you are using PSKs, make sure they are the same on both the client and the server. If you are using certificates, make sure you are using the same cert. Also make sure the machine certificate is trusted, and the Extended Key Usage for the machine cert is set to use Server Authentication.



#3 dlynch121

dlynch121

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted Yesterday, 08:02 AM

Could be the NAT-T issue - I didn't think Windows 7 was affected but I could be wrong as it would make sense considering you can connect from the LAN.  Definitely worth a try.

 

https://support.microsoft.com/en-gb/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows

 

Article specifies Vista/2008 but the keys are all the same.

 

I've had to change this key in the past to get L2TP VPN clients working when the server is behind a NAT device, I know Windows 10 is affected and requires this, possibly 7 does too?


Edited by dlynch121, Yesterday, 08:04 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users