How to setup L2TP IPsec VPN server on Windows Server 2008 R2?

1. Check L2TP ports existence

First check whether there are actually L2TP port configured in Routing and Remote Access (RRAS).

• Click Start, click Administrative Tools, and then click Routing and Remote Access.
• Expand your server, and then expand ports.
• In case there are no entries for WAN Miniport (L2TP)..., add them by right clicking ports.

2. Check RAS pre-shared key

Make sure that a RAS pre-shared key is configured. Checking the RAS pre-shared key security is also done in Routing and Remote Access MMC.

• Open the properties of your server via the server its context menu (right clicking on your server name).
• Then open tab security.
• Check the box "Allow custom IPsec policy for L2TP connection".
• And fill in a Pre-shared Key.

3. Add Windows Firewall rules

Strangely Windows 2008 R2 contains default Windows Firewall rules in the Routing and RAS (RRAS) group for L2TP (UDP 1701 twice) and GRE (for PPTP) thought Microsoft has forgotten (?) to create default firewall rules for ESP, IKE and NAT-T. As these Windows Firewall rules are missing, you have to create those yourselves.

• Click Start, click Administrative Tools, and then click Windows Firewall with advanced security.
• In the left pane right click Rules for incoming connections, and then choose New rule from the menu
• For UDP 500 and 4500 the Port based Rule type can be chosen, for ESP (protocol 50) choose Custom to create that rule.