How to fix my VPN work for my Active Directory Window Server?

TechQ 236 Reputation points
2023-02-13T02:12:08.4133333+00:00

A2

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2023-02-13T15:38:07.34+00:00

    Do not install the RRAS / VPN role on a domain controller. The multi-homing will always cause no end to grief for active directory DNS. Better to install the role on a dedicated member server.

    https://www.thomasmaurer.ch/2018/05/how-to-install-vpn-on-windows-server-2019/

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  2. Limitless Technology 44,766 Reputation points
    2023-02-14T08:27:02.58+00:00

    Hello TechQ

    You can follow the next steps, but first check if you have disabled antivirus or firewall on both machines.

    1. Ensure that the Required L2TP/IPsec Ports are enabled on VPN Server's side.

    Login to the Router on VPN Server's side, and forward the following UDP ports to VPN Server's IP address: 1701, 50, 500 & 4500

    1. Connect to VPN via another device or network.

    Try connecting to L2TP VPN from another device (e.g. your mobile), or network (e.g. your Mobile's phone network).

    1. Delete and recreate the VPN connection.

    Sometimes VPN connection problems, are resolved after removing and re-adding the VPN Connection.

    If you are using NAT in your network, you will need to add another configuration:

    1.On the Destination server open Regedit

    2.Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Sevices\PolicyAgent

    3.Right click the right pane, and create New –> DWORD (32 bit) Value.

    4.For the new key name type: AssumeUDPEncapsulationContextOnSendRule and press Enter.

    • Note: The value must be entered as shown above and with no space at the end.
    1. Double click at AssumeUDPEncapsulationContextOnSendRule value, type 2 at Value data and click OK.

    6.Close Registry Editor and reboot the machine.

    Last but not least you can check if LCP is enabled for the PPP of the VPN client/server at:

    In Settings, Ethernet, Right-click on the VPN connection and chose Properties.

    At Options tab, click PPP Settings.

    Check Enable LCP extensions and click OK.

    At Security tab, check the following and click OK.

    Allow these protocols

    Challenge Handshake Authentication Protocol (CHAP)

    Microsoft CHAP Version 2 (MS-SHAP v2)

    Try to connect to VPN. The connection should be established now without problems.

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.