Set up an L2TP VPN Server on Windows Server 2012

Question

Configuring Windows Server 2012 R2 (VPN Server configuration)

This step will allow us to configure the server to accept incoming connections. During the installation, add also the roles/features/Role Services that are proposed after selecting the ones in the instructions below.

1. In Server Administrator, open the Add Roles and Features Wizard.
2. Select Remote Access role.
   • 
3. Add Remote Access Management Tools feature. Enable Remote Server Administration Tools it not installed.
   • 
4. Add DirectAccess and VPN (RAS) role service.
   • 
5. The installation will take a few minutes. Once completed, click Open the Getting Started Wizard.
   • 
6. Configure Remote Access will appear. Select Deploy VPN only.
   • 
7. Routing and Remote Access should start, if it doesn’t, go in Server Administrator > Tools > Routing and Remote Access.
8. Right click on the server name and select Configure and Enable Routing and Remote Access.
   • 
9. The setup Wizard will start. Click Next.
   • 
10. Select Custom configuration and click Next.
    • 
11. Select VPN Access and NAT.
    • 
12. Click Finish.
    • 
13. After clicking finish you might receive a warning message telling you that the Wizard is unable to make any change on the Firewall. Don’t worry about this, we’ll configure the firewall later on.
14. Click Start service.
    • 
15. Right click again on the server name and select Properties.
    • 
16. In General, leave everything by default.
    • 
17. In the Security tab, click Allow custom IPsec policy for L2TP/IKEv2 connection and type your preshared key. In the example below the key is MyKEY. Make sure you use something a bit more complex than that. 
    • 
18. In IPv4 tab, make sure Enable IPv4 Forwarding is enabled and select a Static address pool(or use the DHCP option if you have DHCP enabled). Then click Add in order to add a scope (in the screenshot below I’m using a range of 3 addresses, from 192.168.10.100 to 102).
    • 
    • 
19. The other tabs are left to their default values/selections.
20. Click Apply, you will be asked to restart Routing and Remote Access service, go ahead with it.
    • 
21. The configuration is nearly completed, right click on Ports and select Properties.
    • 
22. You will see a list of devices and their protocol. Double click on PPTP and deselect everything in order to disable this protocol (you may leave the Max ports to 128). Then, if you want, double click on the others as per my screenshot reduce the number of ports associated to them. I put them down to 5, you will need to do decrease or increase the number based on the number of connections you will be accepting.
    • 
    • 
23. Last step for the VPN setup: restart the Routing and Remote Access service. You can do it by right clicking on the server name > All Tasks > Restart.
    • 

Continue: Allowing a user to connect to the L2TP VPN Server