The Windows 2008 R2 (SBS) machine was earlier setup to run a PPTP VPN server. Due to security concerns I do want to replace the PPTP by L2TP/IPsec VPN server.
The server is behind a NAT router where 3 forward rules to the Windows Server are created:
- protocol 50 (ESP)
- port UDP 500 (IKE)
- port UDP 4500 (NAT traversal)
I am at the point where I can see the packets arriving at the Windows Server and being blocked by the Windows Firewall Filtering. The Windows Event viewer shows entries with Event ID 5152 (The Windows Filtering Platform blocked a packet.) for target port 500 and protocol 17 (UDP).
What additional steps need to be taken to get the L2TP-VPN-Server up and running on Windows Server 2008 R2 for Mac OS X clients?
Best Answer
1. Check L2TP ports existence
First check whether there are actually L2TP port configured in Routing and Remote Access (RRAS).
2. Check RAS pre-shared key
Make sure that a RAS pre-shared key is configured. Checking the RAS pre-shared key security is also done in Routing and Remote Access MMC.
3. Add Windows Firewall rules
Strangely Windows 2008 R2 contains default Windows Firewall rules in the Routing and RAS (RRAS) group for L2TP (UDP 1701 twice) and GRE (for PPTP) thought Microsoft has forgotten (?) to create default firewall rules for ESP, IKE and NAT-T. As these Windows Firewall rules are missing, you have to create those yourselves.