question

Travis-9307 avatar image
0 Votes"
Travis-9307 asked Travis-9307 commented

Windows Server RAS VPN - Cannot Connect

My VPN will not connect outside my company LAN.


I'm Running Windows Server 2019 latest patches to this date.

=RAS VPN Setup=

130853-image.png
130827-image.png
130828-image.png
130757-image.png



Notes:

  1. Firewall rule for incoming RAS connections has been created.

  2. Checked the Firewall for the correct ports for IPSec and all required are open

  3. Network policy for RAS clients is set to enable as well.

=Client Configuration=

  1. Added Registry key for Nat translation.

  2. Disabled Firewall

  3. Using Mobile Network Hotspot to simulate out of office WAN environment.

  4. Test Client is domain Joined

  5. Account has Access granted for Dial In

  6. Created new VPN connection

  7. Set to IPsec with presaged key

  8. Using the Public IP of my organization for the VPN conection.

=vpn interface settings=

Security tab
Type of VPN: layer 2 tunneling protocol with L2TP/IPSec
Data Encryption: Chap, MSCHAP v2

Network Tab
IPV4: DNS is set to the IP Address of the VPN Server


Thoughts?










windows-server-2019windows-10-network
image.png (69.5 KiB)
image.png (127.7 KiB)
image.png (80.0 KiB)
image.png (87.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered Travis-9307 commented

Hello @Travis-9307

At first sight everything looks normal with the settings, so I would recommend a more thorough analysis of the connection logs in order to discovery the failure. Please enable RAS tracing to generate the required logs:

From an elevated command prompt:
run the command >netsh ras set tracing enabled
Now reproduce de issue.
To flush the RAS logs by the command> netsh ras set tracing
disabled
Check the logs at %windir%tracing directory (for example path C:\windwos\tracing) .
Some of the useful files are:
PPP.log
RASMAN.log
IASHLPR.log
RASAPI32.log
RASIPCP.log

Also the RRASEtwTracing.etl file, which you will need to convert to txt using the command> netsh trace convert input=RRASEtwTracing.etl out=<output filename>.txt

Hope this helps discovering more details about your issue,
Best regards,

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Alot of the Log files your listed do not exist:

131560-image.png

Furthermore, the command to convert the RRASEtwTracing.etl file to txt is giveing me a "file not found" error.

Attached are some of the relevant log files you listed that are available:
131549-rastapi.log
131672-rasman.log
131644-rasipsec.log


0 Votes 0 ·
image.png (37.4 KiB)
rastapi.log (10.0 KiB)
rasman.log (1.6 KiB)
rasipsec.log (2.1 KiB)