Windows Server RAS VPN - Cannot Connect

Travis 1 Reputation point
2021-09-09T17:57:35.88+00:00

My VPN will not connect outside my company LAN.

I'm Running Windows Server 2019 latest patches to this date.

=RAS VPN Setup=

130853-image.png
130827-image.png
130828-image.png
130757-image.png

Notes:

  1. Firewall rule for incoming RAS connections has been created.
  2. Checked the Firewall for the correct ports for IPSec and all required are open
  3. Network policy for RAS clients is set to enable as well.

=Client Configuration=

  1. Added Registry key for Nat translation.
  2. Disabled Firewall
  3. Using Mobile Network Hotspot to simulate out of office WAN environment.
  4. Test Client is domain Joined
  5. Account has Access granted for Dial In
  6. Created new VPN connection
  7. Set to IPsec with presaged key
  8. Using the Public IP of my organization for the VPN conection.

=vpn interface settings=

Security tab
Type of VPN: layer 2 tunneling protocol with L2TP/IPSec
Data Encryption: Chap, MSCHAP v2

Network Tab
IPV4: DNS is set to the IP Address of the VPN Server

Thoughts?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,451 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,270 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,351 Reputation points
    2021-09-13T08:08:53.403+00:00

    Hello @Travis

    At first sight everything looks normal with the settings, so I would recommend a more thorough analysis of the connection logs in order to discovery the failure. Please enable RAS tracing to generate the required logs:

    From an elevated command prompt:
    run the command >netsh ras set tracing * enabled
    Now reproduce de issue.
    To flush the RAS logs by the command> netsh ras set tracing * disabled
    Check the logs at %windir%tracing directory (for example path C:\windwos\tracing) .
    Some of the useful files are:
    PPP.log
    RASMAN.log
    IASHLPR.log
    RASAPI32.log
    RASIPCP.log

    Also the RRASEtwTracing.etl file, which you will need to convert to txt using the command> netsh trace convert input=RRASEtwTracing.etl out=<output filename>.txt

    Hope this helps discovering more details about your issue,
    Best regards,