L2TP/IPSec client setup on Windows

20 October, 2006

Setting up an L2TP / IPSec VPN connection.

NOTE : In order to be able to use iNODE as an IPSec/L2TP VPN Server you must have a valid VPN Server License (IN-VPNS-UXX). The client must be a Microsoft Windows XP professional machine with the XP Service Pack 2 installed.

PART I: iNODE configuration

From the Menu Select "Configuration -> VPN Service -> IPSec Configuration"

Both L2TP Server and IPSec VPN Server must be enable if they are not click on the enable button next to their status.

Next, select from the menu the "Local IPSec Keys" option.

Press the "New Local Key" button to create a new preshared key that will be used for the IPSec / L2TP VPN connection :

Enter a name that describes the key, and from the "Authentication type" dropdown select "Preshared Key". Now in the "Preshared Key" and "Repeat Key" fields fill in the preshared key or password to be used for the ipsec part authentication.

Check the ANYONE checkbox, unless the remote VPN client has a static IP and you want to restrict access to the VPN Server based on the client IP.

Click on the "Add Local Key" button and you should have a connection that looks like this:

Next, click on the "IPSec connections" options from the menu to your left.

Press the "Create New Connection" button.

First, select the Connection Type from the dropdown. Choose "Road-Warrior IPSec Connection", unless the remote VPN client has a static IP and you want to create a connection exclusively for that IP.

Next, fill in the conection settings as in the example below :

Specify a connection name and a short description and select these options :

Authentication:

Preshared Secret Key (PSK)

Tunnel Type:

Transport

IP Compression :

NO

PFS :

NO

DHCP:

NO

L2TP/IPSEC :

YES

Tunnel Activation :

Automatic

Dead Peer Detection :

NO

Now you should have an IPSec connection as shown above. The server is now ready to accept IPSec / L2TP connections from authorized clients.

PART 2 : Configuring the VPN Client

From the control panel open "Network connections". In case you use the category view, open "Network and Internet connections" first.

Click on the "Create a new connection" link from the options listed on the left frame.

The New Connection Wizard will start up. Click the "Next" button.

From the list of network connection types select "Connect to the network at my workplace" as shown below and press the "Next" button.

Select "Virtual Private Network connection" and press "Next".

Type a unique name for the VPN Connection and click on the "Next button".

If you want to automatically dial another connection (internet connection) just before connecting to the VPN, select your internet dial-up connection from the list, otherwise select the "Do not dial the initial connection".

Next, enter the IP or hostname of the VPN server. If you don’t have a static IP, use the dynamic DNS hostname of iNODE which is displayed on the "Internet Connection Status" page (Monitoring->Network->Internet Connection Status).

Click on "Next" and finally click on the "Finish" button to complete the Wizard.

Now, before you connect, click on the "Properties" button and select the "Networking" Tab. From the "Type of VPN" dropdown select "L2TP IPSec VPN".

Next, select the "Security" Tab and click on the "IPSec Settings…" button.

Check the "Use pre-shared key for authentication" options and type the key that was specified in the Local IPSec Keys settings of iNODE.

Click on OK and finally fill in your username and password, in order to connect. You should be able to connect now without problems.