L2TP/IPSEC Server Certificate Configuration on Windows Server 2019 RRAS
Greetings,
I'm having some issues with certificates and L2TP/IPSEC.
I’m trying to deploy L2TP/IPSEC VPN using a certificate for server validation (only), as opposed to using a pre-shared key.
As an aside, the setup works flawlessly when I connect using PSK.
And I say “server validation (only)” because users will authenticate via MS-Chap-V2 against AD/domain, as opposed to issuing a certificate for every user (ie. User certificate authentication). Thus we are only dealing with a single certificate to distribute to client stations.
![1]:/answers/storage/attachments/253518-202210240002.png
![1]:/answers/storage/attachments/253591-202210240001.png
Here’s my setup:
RRAS on Windows Server 2019
NPS on Windows Server 2012 R2
I actually just have a pretty basic question: where do you go to configure the server certificate for IPSEC on Windows Server 2019?
There are tons of documents online for configuring SSTP with certificates but none for IPSEC, and the only for IPSEC I’ve come across only covers certificates for user authentication (where you’re issuing 1 certificate per user instead of server authentication where its only 1 certificate to validate server identity so I can get rid of PSK), or any documentation that touches on IPSEC server certificate is dated circa Windows 2000.
In RRAS I see the part about “SSL Certificate Binding” for SSTP protocol, but this is not for IPSEC, although I configured it anyway to see if it would work to no avail:
![253591-202210240001.png][1]
Once I switch from PSK to Certificate on the client all I get is client hanging on “Connecting”
![253518-202210240002.png][1]
If more data is needed on my configuration I'll reply immediately with anything you may need to make any reccomendations.
Thank you for reading.
Best regards,
-gs