The Redditor's choice section represents best Reddit VPN. Best Reddit VPN As per Redditor’s Choice: Votes. These platforms and devices include Windows, Mac. I want to create a Windows Firewall inbound rule to allow an inbound connection to a specific port only if the remote device is identified with a MAC Address in a subset of MAC Addresses I predefine. Effectively, loose device authentication, not network authentication (IP Address-based).
You need to at least select VPN access and NAT. The reason you need NAT is because if you don't, VPN users will not be able to access the internet while connected to the VPN, unless they uncheck 'Use default gateway on remote network' in their VPN connection properties. This is known as split-tunneling. Unchecking that is a potential security risk, so I am writing this How-to to avoid having to do that. With that said, VPN users will be accessing the internet through the VPN server. This can be a good thing depending on where they are in the world, or it could be bad if it's very heavily used by hundreds of simultaneous users.
![Office Office](http://3.bp.blogspot.com/-FdpZ4FZnRoU/ToMb7Lh3g3I/AAAAAAAADxg/18hGwMcUmDM/s640/webproxy.jpg)
But there are ways to deal with that:). If you have any network resources that exist on a subnet other than the subnet the VPN Server is on, you will need to add some static routes.
This will configure the routing table so VPN users are able to access the Internal destinations you put in here. Right-click on Static Routes and click 'New Static Route.' Select CorporateNetwork. Type in the Destination network, such as: 10.10.20.0 4. And the Network Mask: 255.255.255.0 5. And finally the Gateway in which to use to access this network: 10.10.10.1 6. You can leave the default metric unless you have issues going to where you need to go.
Now that you have it working, time to secure the server from internet attackers. You should configure your 'incoming' Windows Firewall Advanced settings to block EVERYTHING on the 'PUBLIC' connection, except the following: PPTP. To allow PPTP tunnel maintenance traffic, open TCP 1723. To allow PPTP tunneled data to pass through router, open Protocol ID 47. L2TP over IPSec. To allow Internet Key Exchange (IKE), open UDP 500.
![Network Network](/uploads/1/2/5/3/125390705/173460151.png)
To allow IPSec Network Address Translation (NAT-T) open UDP 5500. To allow L2TP traffic, open UDP 1701. HTTPS/SSL: Port 443 Note that Windows Server 2012 R2 has existing templates to choose from that will add these as well as ports for SSTP and others needed for VPN access. Thank you very much for this. Currently one of our clients is running VPN (PPTP)on a win2kr2 box which works well. With the latest Mac OSX upgrade, we have to switch to L2TP protocol.
I have gone through all of the details that I can find to allow PPTP as well as L2TP (with preshared key), but still no go. I keep getting the same error 'The L2TP connection attempt failed because the security layer encountered a processing error during the inital negotiations'. NPS is enabled. Please advise thank you.