Windows 2008 RRAS VPN L2TP with Preshared Key IPsec creation

Coolie SheppardSystems Engineer
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wireless card to connect to the Internet and when he did he was not able to VPN into our network.  When I looked at this connection, it showed that the Virgin Broadband Wireless card connects via PPP.  This type of connection canceled out the PPTP protocol on his client, and since he was on Windows XP, there were only two types of protocols to choose from while using the Windows client.  Those two protocols are PPTP and L2TP IPsec.

This article will show the proper way in creating the L2TP IPsec protocol in Windows 2008 RRAS Server and a Windows 7 and/or Windows XP SP2 client.  

In the RRAS Server, right click on the name of your VPN server and go to properties.
Click on the Security tab and check “Allow custom IPsec policy for L2TP connection”. Create a Preshared Key, be sure to remember it, and then hit OK.  

Setting up the L2TP on the server end
Restart the RRAS server by right clicking on the name of the RRAS server again and clicking All Tasks and Restart.

Using Windows 7 VPN client, go to the properties and select the Security tab.  On Type of VPN, select Layer 2 Tunneling Protocol with IPsec and then select the Advanced Settings tab.  Check Use Preshared Key For Authentication and type in the password you set on the server side then hit OK.

Windows 7 L2TP settings
Using Windows XP VPN client, select Properties and go to the Networking tab.  In Type of VPN, select L2TP IPsec VPN.  Click on the Security tab next and on the bottom select IPSec Settings. Check Use pre-shared Key For Authentication and enter in the key set on the server.  

  Windows XP L2TP IPSec settings
There’s one more step that you’ll need to do on either the Windows 7 box and/or the Windows XP box.  You’ll have to configure your registry if the RRAS server is behind a NAT device.  Once you make the configuration you‘ll restart your computer and the L2TP connection will work.  Microsoft has a well detailed article on the registry settings you will need to make below.

That's it.  Your L2TP connection should now be established after you reboot your computer.
Coolie SheppardSystems Engineer

Comments (2)

Excelent!!!! Works Perfectly. I had problem with PPTP because linksys devices blocked it. This solved my problem.
Not only is PPTP a bad idea because of issues mentioned in the article a much bigger issue is that with PPTP you are basically using an unencrypted tunnel these days. This is not something that should be taken lightly, PPTP was cracked back in 1998 and today there are online tools that will crack it for you in minutes:

So please do not use PPTP unless you are okay with your traffic and passwords going over the internet in clear text.

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.