[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Windows 2008 RRAS VPN L2TP with Preshared Key IPsec creation

Published on
27,845 Points
1 Endorsement
Last Modified:
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wireless card to connect to the Internet and when he did he was not able to VPN into our network.  When I looked at this connection, it showed that the Virgin Broadband Wireless card connects via PPP.  This type of connection canceled out the PPTP protocol on his client, and since he was on Windows XP, there were only two types of protocols to choose from while using the Windows client.  Those two protocols are PPTP and L2TP IPsec.

This article will show the proper way in creating the L2TP IPsec protocol in Windows 2008 RRAS Server and a Windows 7 and/or Windows XP SP2 client.  

In the RRAS Server, right click on the name of your VPN server and go to properties.
Click on the Security tab and check “Allow custom IPsec policy for L2TP connection”. Create a Preshared Key, be sure to remember it, and then hit OK.  

Setting up the L2TP on the server end
Restart the RRAS server by right clicking on the name of the RRAS server again and clicking All Tasks and Restart.

Using Windows 7 VPN client, go to the properties and select the Security tab.  On Type of VPN, select Layer 2 Tunneling Protocol with IPsec and then select the Advanced Settings tab.  Check Use Preshared Key For Authentication and type in the password you set on the server side then hit OK.

Windows 7 L2TP settings
Using Windows XP VPN client, select Properties and go to the Networking tab.  In Type of VPN, select L2TP IPsec VPN.  Click on the Security tab next and on the bottom select IPSec Settings. Check Use pre-shared Key For Authentication and enter in the key set on the server.  

 Windows XP L2TP IPSec settings
There’s one more step that you’ll need to do on either the Windows 7 box and/or the Windows XP box.  You’ll have to configure your registry if the RRAS server is behind a NAT device.  Once you make the configuration you‘ll restart your computer and the L2TP connection will work.  Microsoft has a well detailed article on the registry settings you will need to make below.


That's it.  Your L2TP connection should now be established after you reboot your computer.

Expert Comment

Excelent!!!! Works Perfectly. I had problem with PPTP because linksys devices blocked it. This solved my problem.

Expert Comment

Not only is PPTP a bad idea because of issues mentioned in the article a much bigger issue is that with PPTP you are basically using an unencrypted tunnel these days. This is not something that should be taken lightly, PPTP was cracked back in 1998 and today there are online tools that will crack it for you in minutes:



So please do not use PPTP unless you are okay with your traffic and passwords going over the internet in clear text.

Featured Post

Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Join & Write a Comment

After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month