Jump to content


Photo

Guide: Setting up a L2TP/IPSec with PSK VPN behind a NAT


  • Please log in to reply
6 replies to this topic

#1 chconline

chconline

    Editor-in-Chief

  • Executive Staff Team
  • 30,868 posts
  • Gender:Male
  • Location:Calgary, Alberta

Posted 03 November 2016 - 09:12 AM

As you guys know, I run a VPN server at home, just so i can keep my data synchronized with my desktop PC at work. I can also bypass any internet restrictions as well as encrypt my traffic in WiFi hotspots.

 

Previously, I ran a PPTP VPN server, which is really easy to set up on any Windows machine. I understand it's not very secure, but it wasn't a huge deal. However, ever since Apple removed PPTP support on iOS, I was already thinking of change. Recently, the university blocked outgoing PPTP connections on LAN, so I decided to set up a better VPN at home. I selected L2TP/IPSec with a pre-shared key.

 

It was a fairly complicated process, due to the way my network is set up. It's similar to most home networks. Anyway, here are some guides to follow in order to get things working. I used a Windows Server 2012 R2 system.

 

Set up RRAS on Windows Server 2012 R2: http://www.thomasmau...server-2012-r2/

 

The port list in the guide above is wrong, so follow this: https://blogs.techne...o-pass-through/

 

 

IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv1 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path

 

Next, after opening ports on your router, you need to configure your client to be able to connect to VPN on a Windows machine. Other OSes (Like iOS) should already work at this point.

 

https://support.micr...en-ca/kb/926179

 

 

Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
Note You can also apply the
AssumeUDPEncapsulationContextOnSendRule
DWORD value to a Microsoft Windows XP Service Pack 2 (SP2)-based VPN client computer. To do this, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
On the Edit menu, point to New, and then click DWORD (32-bit) Value.
Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.

 

Use the value '2' for the DWORD entry.

 

Lastly, allow the MS-CHAP V2 protocol:

 

http://lifeonnetwork...-in-windows-10/


dWqOuEK.png


#2 TL6MT

TL6MT

    I drive an Acura TL SH-AWD 6MT

  • +Subscriber
  • 6,136 posts
  • Gender:Male
  • Location:Los Angeles

Posted 06 November 2016 - 09:04 AM

Thanks for the guide chc - any way to set this up without a Windows server?



#3 chconline

chconline

    Editor-in-Chief

  • Executive Staff Team
  • 30,868 posts
  • Gender:Male
  • Location:Calgary, Alberta

Posted 08 November 2016 - 08:26 AM

You can do something like OpenVPN if you have a QNAP NAS,


dWqOuEK.png


#4 performance_1

performance_1

    APH Premier

  • Members
  • 1,427 posts
  • Gender:Male

Posted 09 November 2016 - 11:20 PM

how does windows know its behind a nat? makes it unnecessarily hard

 

thanks for the guide chc



#5 chconline

chconline

    Editor-in-Chief

  • Executive Staff Team
  • 30,868 posts
  • Gender:Male
  • Location:Calgary, Alberta

Posted 10 November 2016 - 08:25 PM

It just does lol. I don't know why you need to reconfigure a client for that; it seems like an unnecessary step.


dWqOuEK.png


#6 Big Bang

Big Bang

    APH Extreme

  • +Subscriber
  • 5,090 posts
  • Gender:Male

Posted 13 November 2016 - 08:56 AM

It just does lol. I don't know why you need to reconfigure a client for that; it seems like an unnecessary step.

:P Probably because most People who do this aren't behind a NAT.


Edited by Big Bang, 13 November 2016 - 08:56 AM.

Posted Image
Camaro SS FTW

#7 TL6MT

TL6MT

    I drive an Acura TL SH-AWD 6MT

  • +Subscriber
  • 6,136 posts
  • Gender:Male
  • Location:Los Angeles

Posted 16 November 2016 - 05:55 PM

You can do something like OpenVPN if you have a QNAP NAS,

Works for me - thanks!