Setting up vpn l2tp on the client. L2TP connection - what is it? How to set up an L2TP connection. Port numbers of the most common protocols

See the bottom of the page for some important features!

1. Open Notification Center in the lower right corner of the screen:

3. In the window that opens Options in the VPN tab, click on the button Adding a VPN connection:

4. In the window Add a VPN connection fill in the following parameters:

VPN Service Provider: Windows (embedded)

Connection name: VPNki

Connection name or address: website

VPN type: PPTP protocol(or L2TP/IPSec protocol)

Login data type: Username and Password

Username and password: received in the vpnki system (for example userXXX)

7. Right-click on the VPNki adapter and select Properties:

8. Select from the list IP version 4 (TCP/IPv4) and press the button Properties:

9. Leave receiving IP addresses And DNS server addresses automatically and press the button Additionally:

10. In the tab IP parameters Uncheck Use the default gateway to remote networks and press the button OK

Allow the following protocols and leave only Password Authentication Protocol (CHAP)

12. (Only for L2TP) click the button Extra options and select

Use a shared key for authentication and enter the key: vpnki

13. Now the setup is complete, press the button Connect and if connected successfully

state VPNki should change to Connected

14. If you need to connect to a remote home network(for example 192.168.x.x/x), then you need to tell Windows that the addresses of your remote network should be looked for in the VPN tunnel.

This can be done in two ways:

By adding networks 192.168.x.x/x (your remote network) and 172.16.0.0/16 (VPNKI network) to the route table using the route add command

By receiving data from the server via DHCP protocol

Before making a choice, it is highly advisable for you to read this instruction and follow it to the end.

Feature 1

To use an encrypted connection you need in the connection settings:
- use MS-CHAPv2 authorization and specify that encryption will be used(MPPE)

To connect without encryption you need:
- use CHAP authorization and indicate that encryption will not be used.

Be careful,
all other combinations of authorization and encryption methods will result in the connection not working!!!

Feature 2

The PPTP protocol operates using the GRE protocol, with which some Russian Internet providers have technical difficulties. These difficulties will not allow you to use PPTP to build VPN tunnels. Such providers include MGTS (Moscow City Telephone Network), Yota, Megafon. However, this is not the case in all parts of their networks.

For the user, the situation will look like the username and password will not be verified. More precisely, it won’t even get to this point... In the “Security Events” menu item you will see the beginning of a successful connection and the last phrase will be a phrase saying that we are ready to check the name and password, but...

Access granted. No whitelist is set for user. Ready to check username/password.

The absence of a connection and further entries in the log (even though you are firmly confident that the login and password are correct) most likely indicates that GRE is not allowed through your provider. You can Google this.

PS: In order to combat hung sessions, we forcefully disconnect user tunnels with the PPTP, L2TP, L2TP/IPsec protocols 24 hours after the connection is established. At correct setting connections should automatically re-establish.

Our system will work with many types of home and office routers. For more details, see the section on setting up equipment, but it’s better to start setting up with this example.

ADDITIONALLY ON THE TOPIC

• You can read a little more detail about IP addresses on our website.

• About accessing the Internet via VPN and the central office, you can

• You can read about remote access to a computer on our website

• You can read about VPNs and protocols

Welcome to our portal! This instruction We created it in order to help our readers set up a VPN connection using the L2TP protocol over IPsec for the Windows 7 operating system. Thanks to the organization of a VPN channel, you can reliably protect information transmitted through a public network by encrypting it. Even if an attacker manages to gain access to packets transmitted through a VPN session, he will not be able to use the information they contain.

To set up a VPN connection using the L2TP protocol in Windows 7, you will need:

• Operating system Windows 7;
• Internet address of the VPN server to which you need to connect;
• Login and password.

If you have everything listed above, we can begin setting up a VPN connection using the L2TP protocol.

1. Go to the "Start" menu and select "Control Panel"

2. In the upper right corner, find the “View: Small Icons” item and select it, then select the “Network and Sharing Center” menu shared access"

4. In the newly opened “Setting up a connection or network” window, select “Connect to a workstation”, and then click the “Next” button

5. If you have previously configured a VPN connection on your computer, a window will appear on the screen in which you should select “No, create a new connection” and click the “Next” button again. If this is your first attempt to create a VPN connection, you should simply go to step 6

6. In the "Connect to a workplace" window that opens, select "Use my Internet connection (VPN)"

7. In the “Internet address” line, you must enter the address of your VPN server, and in the “Destination name” line, enter the server name. Here you should also check the box next to the item “Do not connect now, just install for connection in the future”, then click the “Next” button

8. In the next window, you must enter the username and password registered on the VPN server. If necessary, you can check the boxes “Display the icons you enter” and “Remember this password” (if you do not want to enter the password every time you connect). Then click the "Create" button

9. In the new window, select “Connect now” and click the “Close” button

10. Now we return again to the “Network and Sharing Center” window, where in the upper left we select the item “Change adapter settings”

11. In the window that opens, select the created connection and right-click on it, then select “Properties”

12. Next, go to the “Security” tab, where in the “VPN Type” menu we select “L2TP IPsec VPN”, and in the “Data Encryption” menu we select the “optional (connect even without encryption)” option, then click the “OK” button

13. Now right-click on the created VPN connection and click “Connect”. If everything is done correctly and the operating system does not generate errors, the VPN channel should work.

By following these short instructions step by step, you can now independently create a VPN connection using the L2TP protocol in the operating room Windows system 7.

Today, connecting to the Internet via a local or virtual network based on wireless technologies has become very popular among ordinary users, and among corporate clients. It is not surprising, because when establishing such a secure connection, the best protection is provided for transmitted and received data, or, more simply put, outgoing and incoming traffic. One of the most common types is the use of the L2TP connection protocol. What it is and how to set up a connection based on it yourself is what we’re asking you to figure out below. Fundamentally nothing that would differ from the creation normal connection based on wireless technologies, there is no such thing, however, many experts advise meeting several conditions and taking into account some recommendations in order to avoid common mistakes.

L2TP connection: what is it?

First, let's look at what this data or network using exactly this type of access is. In fact, the L2TP protocol is one of the types of installing Internet access on VPN based using so-called tunneling.

When connecting computers to the Internet in this way, the greatest possible privacy is ensured. And this is achieved not only because access to the tunnel is blocked, but also because all input and output data is encrypted. Plus, there are verification keys on both sides. In other words, without knowing the automatically generated keys, no one can steal or view information. In addition, as is already clear, it is in encrypted form.

Prerequisites for the connection to work

But this was just brief theoretical information, so to speak, for general development. Now let's move on to practical actions and consider using an L2TP connection. What kind of technology this is, I think, is a little clear, so the basic steps for creating such a connection will be practically no different from the standard one.

However, before engaging in such actions, pay attention to several mandatory points, without which the connection being created will not only not work, it will not even be possible to create it. The main criteria are:

• operating system no lower than Windows Vista (recommended), although customization is also possible in XP;
• availability of the address of the corporate server to which the connection is supposed to be made;
• Availability of login and password to enter the network.

The initial stage of creating a connection

So, first you need to enter the “Network and Sharing Center” (you can call this section either from the standard “Control Panel” or through the RMB menu on the network icon in the system tray (to the left of the clock and date).

Choose the first one, since using the second one only makes sense if the connection is made through an operator mobile communications using a modem.

Next, the question of how to set up an L2TP connection involves choosing a delayed connection rather than an immediate connection (this action is recommended, but not required, and there is no single solution on this matter).

At the next stage, be especially careful, since the accuracy of entering the server address plays a paramount role here. Enter the address, enter an arbitrary name for the new connection (destination type), and then in the checkbox, check the box to remember the entered data (this will save you from constantly entering information during subsequent logins). Next, simply click the create connection button, after which it will appear in the section network settings and in the system tray.

VPN type

Now the most important thing. A new connection seems to have been created, but without additional settings it may not work correctly.

Use the connection properties through the RMB menu, and then on the security tab for the L2TP connection type, select the protocol of the same name with IPsec (security level). This is also a required parameter. All other settings offered for use by default can, in principle, be left unchanged.

Sometimes on some non-standard router models you will need to specify the type in the web interface parameters PPTP connections L2TP, however, when using regular routers and ADSL modems, such actions are not required.

Possible errors and failures

As for the occurrence of errors and failures when establishing an Internet connection through the created connection, there can be any number of problems. The most important thing is the usual carelessness of the user, who simply entered the server address incorrectly or entered an invalid login and password.

The second point to pay attention to is the properties of the IPv4 protocol. Its parameters and settings must necessarily indicate automatic receipt all addresses, including both IP and DNS. In addition, for local addresses Proxy use must be disabled. Keep in mind that with static IPs wireless technologies they don't want to work. The only option is to connect several terminals combined into a local or virtual network through one L2TP server (in this case, logins and passwords are assigned to each machine).

Finally, if errors occur even with this formulation of the question, try using free DNS addresses for the preferred and alternative server, provided, for example, by Google (combinations of fours and eights).

Instead of an afterword

That's all there is to it regarding the L2TP connection. What kind of technology this is and how to establish the appropriate connection, I think, is already clear. If you look closely at the practical actions, they are all standard procedure creating a VPN connection. The only difference is that you must specify the address of the corresponding server and select the protocol with the preferred level of protection. Router settings were not considered fundamentally in this material, since in most cases you can do without changing them.

// Settings for experienced

Local network settings.

IP address, routes, default gateway (Default Gateway), domain name server (DNS) - your computer or router receives via DHCP.
To access the Internet, a VPN connection is used via L2TP (without IPsec) or PPTP protocols. We recommend using an L2TP connection.

Server addresses:

• tp.internet.beeline.ru - for connecting via L2TP protocol.
• vpn.internet.beeline.ru - for connecting via PPTP protocol.

For the VPN connection to work correctly, make sure that your security software did not block the ports used when establishing a VPN session.

• L2TP - 1701
• PPTP - 1723
• WWW - 80/8080

Equipment - routers, switches.
We support and recommend the following router models for working on the Beeline network:

• Wi-Fi router Beeline
• Beeline Smart Box
• Beeline N150L
• Beeline D150L
• Asus 520GU
• D-Link DIR 300/NRU rev. B1-B6, C1
• Linksys WRT610n

We have tested this equipment and meets all the requirements for working on the Beeline network. You can find detailed information on setting up this equipment in the “Router settings” section.
If your router is not on the recommended list, you can try setting it up yourself:

• Make sure your router supports L2TP/PPTP.
• Download it yourself new firmware from the manufacturer's website.
• Enter tp.internet.beeline.ru or vpn.internet.beeline.ru as a VPN server
• Set to obtain an IP address and DNS addresses to automatic (via DHCP).
• Enter your registration details.

More detailed information for setting up non-recommended equipment you can find on the user forum Home Internet"Beeline".

A television.

Watching television using a set-top box (STB).

We support the following set-top box models*:

• with TV control function: Cisco CIS 430, ISB7031, ISB2230, Motorola VIP 1216, 2262E, Tatung STB3210
• without TV control function: Cisco CIS 2001, ISB2200, Motorola VIP 1200, 1002E, Tatung STB2530

*Other models of set-top boxes work with the service Digital television"Beeline-TV" will not.

Watching TV on a computer:

To watch television on your computer, install free program VLC and download the channel list. You can find out more detailed information on the Beeline Home Internet user forum.

Port numbers of the most common protocols

• SMTP - 25
• POP - 110
• IMAP- 143 (993 IMAP over SSL)
• SSL - 443
• FTP - 21
• SSH - 22
• Telnet - 23
• WWW- 80, 8080
• PPTP - 1723
• L2TP - 1701
• NTP- 123/UDP

Maximum Transmission Unit (MTU).
For VPN connection:

• PPTP - 1460
• L2TP - 1460

Maximum Receive Unit (MRU) - 1500

Maximum Segment Size (MSS).
For VPN connection:

• PPTP - 1452
• L2TP - 1460



The L2TP protocol is more preferable for building VPN networks than PPTP, mainly for security and higher availability, due to the fact that a single UDP session is used for data and control channels. Today we will look at setting up an L2TP VPN server on the Windows server 2008 r2 platform.

PPTP

Point-to-Point Tunneling Protocol is a protocol invented by Microsoft for providing VPN over dial-up networks. PPTP has been the standard protocol for VPNs for many years. It is a VPN protocol only and relies on various authentication methods to provide security (the most commonly used is MS-CHAP v.2). Available as a standard protocol in almost all operating systems and devices that support VPN, which allows you to use it without the need to install additional software.

Pros:

• PPTP client is built into almost all operating systems
• very easy to set up
• works quickly

Minuses:

• insecure (the vulnerable authentication protocol MS-CHAP v.2 is still used in many places)

L2TP and L2TP/IPsec

Layer 2 Tunnel Protocol is a VPN protocol that does not itself provide encryption or privacy for traffic passing through it. For this reason, IPsec encryption protocol is typically used to ensure security and privacy.

Pros:

• very safe
• easy to set up
• available on modern operating systems

Minuses:

• works slower than OpenVPN
• may be required additional customization router

And so let's go back to the settings for deployment VPN L2TP servers we will use Windows Server 2008 R2, however, everything said, with minor amendments, will be true for other Windows versions Server.

We will need an installed role, which should contain how to do this, we described in detail in the previous article where we raised PPTP VPN, Therefore, I see no point in describing this process again; further we will assume that the role Network Policy and Access Services you already have installed and contains Routing services and remote access . General deployment VPN L2TP servers very similar to deployment PPTP VPN, with the exception of a few settings which we will talk about in detail.

Go to Server Manager: Roles -Routing and remote access, right-click on this role and select Properties, on the tab Are common check the boxes IPv4 router, select local network and call on demand, And IPv4 remote access server:

Now we need to enter the pre-shared key. Go to the tab Safety and in the field Allow specific IPSec policies for L2TP connections check the box and enter your key. ( About the key. You can enter an arbitrary combination of letters and numbers there; the main principle is that the more complex the combination, the safer it is, and remember or write down this combination; we will need it later) In the tab Authentication Service Provider select Windows - Authentication.

Now we need to configure Connection security. To do this, go to the tab Safety and choose Authentication Methods, check the boxes EAP protocol And Encrypted verification (Microsoft version 2, MS-CHAP v2):

Next let's go to the tab IPv4, there we indicate which interface will accept connections VPN We will also set up a pool of addresses issued to clients L2TP VPN on the tab IPv4 (Set the interface to Allow RAS to select an adapter):

Now let's go to the tab that appears Ports, right-click and Properties, select a connection L2TP and press Tune, we will display it in a new window Remote access connection (incoming only) And On-demand connection (incoming and outgoing) and set the maximum number of ports, the number of ports must match or exceed the expected number of clients. It is better to disable unused protocols by unchecking both checkboxes in their properties.

As a result, you should have only the ports you need in the number you specified in your list of ports.

This completes the server setup. All that remains is to allow users to connect to the server. Go to Server Manager: Configuration - Local users and groups - Users -Select user and right click - Properties. On the tab Incoming calls - Network access rights expose Allow access. (If your server is running Active Directory, then the settings must be entered in the appropriate equipment)

And don’t forget to transfer the ports on your router, and also open them in your Firewall:

• IKE - UDP port 500 (Receive\Send)
• L2TP - UDP port 1701 (Receive\Send)
• IPSec ESP - UDP port 50 (Receive\Send)
• IPSec NAT-T - UDP port 4500 (Receive\Send)