IT Knowledge Base

User Tools

Site Tools


Contact me at for any feedback or suggestions.

My other sites:

Search all my sites:


VPN in Windows Server using RRAS and NPS


Set up RRAS to allow L2TP over IPSec with a Pre-Shared Key

NPS authentication

So you can control access by group membership:

  1. Create the AD group: VPN Access
  2. Add the users you want to have access into this group
  3. NPS>Network Policies>New
  4. Type of network access server = Remote Access Server(VPN-Dial up)
  5. Condition: User Groups = Domain\VPN Access
  6. Access Permission = Access Granted
  7. Authentication Methods = Default (MS-CHAP-v2, MS-CHAP, and for both: User can change password after it has expired)
  8. All other settings as default

Client Configuration

Client configuration:


  1. Network and sharing center
  2. Set up new connection
  3. Connect to a workplace (VPN)
  4. Use my Internet connection (VPN)
  5. Internet address = <public ip address of the RRAS server>
  6. Destination name = VPN
  7. Click Create
  8. Change Adapter Settings
  9. Right click on Cloud Server, properties
  10. Security tab
  11. Type of VPN = Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)
  12. Advanced Settings
  13. Use Pre-shared key: <the PSK entered in RRAS>
  14. OK
  15. Connect to the VPN and enter your Windows logon and password when prompted


  1. System Preferences > Network
  2. Create new connection with the + icon
  3. Interface = VPN
  4. VPN Type = L2TP over IPSec
  5. Service Name = VPN
  6. Server address: <public ip address of the RRAS server>
  7. Account Name = Your Windows username
  8. Authentication Settings
  9. Password = Your Windows Password
  10. Shared secret = <the PSK entered in RRAS>
  11. OK > Apply > Connect
vpn_in_windows_server_using_rras_and_nps.txt · Last modified: 2018/04/09 09:56 (external edit)