Join Log in
Score:0
Gerald avatar Server

Windows Server 2019 RRAS: L2TP/IPSEC Certificate Configuration

mz flag
Gerald

This is my first post on any SE related site. You guys have been such a valuable component of my search results that for 20+ years I've always found answers and never had to post, a testament to the quality of the content on SE.

I'm having some issues working with certificates and L2TP/IPSEC on Windows Server OS (2019) that I hope somebody has more experience with than I do and wouldn't mind lending a hand.

I’m trying to deploy L2TP/IPSEC VPN using a certificate for server validation (only), as opposed to using a pre-shared key.

As an aside, the setup works flawlessly when I connect using PSK.

And I say “server validation (only)” because users will authenticate via MS-Chap-V2 against AD/domain, as opposed to issuing a certificate for every user (ie. User certificate authentication). Thus we are only dealing with a single certificate to distribute to client stations.

Here’s my setup: RRAS on Windows Server 2019 NPS on Windows Server 2012 R2

I have a pretty basic question: where do you go to configure the server certificate for IPSEC on Windows Server 2019? There are tons of documents online for configuring SSTP with certificates but none for IPSEC, and the only docs I've come across (that aren't dated circa Windows 2000) for IPSEC covers user certificates for user authentication only (where you’re issuing 1 certificate per user instead of server authentication where its only 1 certificate to validate server identity for all users) so I can get rid of PSK, or any documentation that touches on IPSEC server certificate configuration would be most helpful.

In RRAS I see the part about “SSL Certificate Binding” for SSTP protocol, but this is not for IPSEC, although I configured it anyway to see if it would work to no avail: SS of RRAS settings

Once I switch from PSK to Certificate on the client all I get is client hanging on “Connecting” SS of PSK/CERT and Connecting Endlessly

If more detail is needed I'd be happy to reply with additional diagnostic information but if there's any documentation anyone can share pertaining specifically to configuring the IPSEC/L2TP server certificate on 2019 I'm confident I will be able to follow along.

Thanks all in advance.

Best gs

427
0 + 0
vpn
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.