Windows Server RAS VPN - Cannot Connect

Travis 1 Reputation point

My VPN will not connect outside my company LAN.

I'm Running Windows Server 2019 latest patches to this date.

=RAS VPN Setup=



  1. Firewall rule for incoming RAS connections has been created.
  2. Checked the Firewall for the correct ports for IPSec and all required are open
  3. Network policy for RAS clients is set to enable as well.

=Client Configuration=

  1. Added Registry key for Nat translation.
  2. Disabled Firewall
  3. Using Mobile Network Hotspot to simulate out of office WAN environment.
  4. Test Client is domain Joined
  5. Account has Access granted for Dial In
  6. Created new VPN connection
  7. Set to IPsec with presaged key
  8. Using the Public IP of my organization for the VPN conection.

=vpn interface settings=

Security tab
Type of VPN: layer 2 tunneling protocol with L2TP/IPSec
Data Encryption: Chap, MSCHAP v2

Network Tab
IPV4: DNS is set to the IP Address of the VPN Server


Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,538 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,293 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,461 Reputation points

    Hello @Travis

    At first sight everything looks normal with the settings, so I would recommend a more thorough analysis of the connection logs in order to discovery the failure. Please enable RAS tracing to generate the required logs:

    From an elevated command prompt:
    run the command >netsh ras set tracing * enabled
    Now reproduce de issue.
    To flush the RAS logs by the command> netsh ras set tracing * disabled
    Check the logs at %windir%tracing directory (for example path C:\windwos\tracing) .
    Some of the useful files are:

    Also the RRASEtwTracing.etl file, which you will need to convert to txt using the command> netsh trace convert input=RRASEtwTracing.etl out=<output filename>.txt

    Hope this helps discovering more details about your issue,
    Best regards,