I'm using a Windows Server 2012 R2 server with RRAS to setup a L2TP/IPsec VPN. In my lab it works perfectly. But in production I can connect to the VPN but I cannot ping the server or anything on the network nor can I access any of the services on the network.
I've setup RRAS as with a VPN and Lan Routing, DHCP relay, set a PSK and setup port forwarding on the firewall/router (TP-Link TL-WR940N V2). I setup my lab the same way except the firewall is a very nice Barracuda NG Firewall.
On the LAN the server is accessible and it works great -- it just won't transmit any traffic through the VPN. I've tried:
1. Reinstalling RRAS
2. Messing with NAP (although I didn't have to with my lab setup and I've returned NAP to the original settings)
3. Played around with additional port forward settings
4. Disabled the SPI firewall on the TP-Link router
5. Connected the server directly into the router, was connected before into an unmanaged D-Link switch
6. Enabled/Disabled L2TP and IPSEC passthrough on the firewall
7. Tried multiple different user credentials
The LAN is on a different subnet than the client device is on (Windows 7 laptop and an Android 5.1 phone) . The routing table looks good and about the only thing I haven't done is make sure the the firewall isn't SNAT'ing (which I believe I setup the NG Firewall not to do) and make sure that the MTU of the WAN port isn't something randomly small. Other devices are able to access services behind the firewall without issue i.e. security camera app on a cellphone. I'ved looked a little through the RRAS logs but I'll admit I don't know what I'm looking for. This is my first time setting up a VPN on a Windows Server -- well second :).