L2TP/IPSEC Server Certificate Configuration on Windows Server 2019 RRAS

Gerald 21 Reputation points
2022-10-24T13:20:30.017+00:00

Greetings,

I'm having some issues with certificates and L2TP/IPSEC.

I’m trying to deploy L2TP/IPSEC VPN using a certificate for server validation (only), as opposed to using a pre-shared key.

As an aside, the setup works flawlessly when I connect using PSK.

And I say “server validation (only)” because users will authenticate via MS-Chap-V2 against AD/domain, as opposed to issuing a certificate for every user (ie. User certificate authentication). Thus we are only dealing with a single certificate to distribute to client stations.
![1]:/answers/storage/attachments/253518-202210240002.png
![1]:/answers/storage/attachments/253591-202210240001.png
Here’s my setup:
RRAS on Windows Server 2019
NPS on Windows Server 2012 R2

I actually just have a pretty basic question: where do you go to configure the server certificate for IPSEC on Windows Server 2019?

There are tons of documents online for configuring SSTP with certificates but none for IPSEC, and the only for IPSEC I’ve come across only covers certificates for user authentication (where you’re issuing 1 certificate per user instead of server authentication where its only 1 certificate to validate server identity so I can get rid of PSK), or any documentation that touches on IPSEC server certificate is dated circa Windows 2000.

In RRAS I see the part about “SSL Certificate Binding” for SSTP protocol, but this is not for IPSEC, although I configured it anyway to see if it would work to no avail:
![253591-202210240001.png][1]

Once I switch from PSK to Certificate on the client all I get is client hanging on “Connecting”
![253518-202210240002.png][1]

If more data is needed on my configuration I'll reply immediately with anything you may need to make any reccomendations.

Thank you for reading.

Best regards,
-gs

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,834 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
544 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.