Create a site-to-site (S2S) VPN tunnel via PPTP/L2TP on Windows Server 2022, 2016 and 2012

10.3. Connect site 1 (Brussels) to site 2 (Paris) using L2TP instead of PPTP

Now that your VPN servers are configured to receive VPN connections using the L2TP protocol instead of PPTP, you need to reconfigure the on-demand connections to use this new VPN protocol (L2TP) instead of the old one (PPTP).

To do this, on the "BRUX-VPN" VPN server at your site 1 (Brussels), go to the "Network Interfaces" section and right-click "Properties" on your "Paris" on-demand connection.

In the "Security" tab, change the VPN network type, this time selecting "Layer 2 Tunneling Protocol (L2TP) with IPsec (L2TP/IPsec)".

Once the VPN network type is "L2TP protocol ... with IPsec ..." selected, click the "Advanced Settings" button.

In the small "Advanced Properties" window that appears, select "Use a pre-shared key for authentication" and enter the pre-shared key configured in the remote VPN server properties (in this case: paris-vpn).
Then, click OK.

Click OK.

If the VPN connection (dial-on-demand) is already connected, Windows Server may display the message below.
This simply means that you will need to disconnect this dial-on-demand connection and reconnect it to use the new VPN settings you just configured.

Click OK.

10.4. Connect site 2 (Paris) to site 1 (Brussels) using L2TP instead of PPTP

Similar to what you just did, this time go to the VPN server at Site 2 (Paris) and go to the "Network Interfaces" section.
Then, right-click "Properties" on your "brux" on-demand connection.

In the "Security" tab, change the VPN network type again by selecting "Layer 2 Tunneling Protocol (L2TP) with IPsec (L2TP/IPsec)".

Then, click on the "Advanced Settings" button located just below.

Select "Use pre-shared key for authentication" again and type the pre-shared key specified in the remote VPN server properties (in this case: brux-vpn).

10.5. Restart VPN servers

To use the new VPN settings, right-click "All Tasks -> Restart" on both your VPN servers.

10.6. Automatic VPN connections

Since your two on-demand connections are configured to be permanent connections and not on-demand, they should both be in a "Connected" state.

This is the case for the "Paris" on-demand connection configured on the "BRUX-VPN" VPN server in Brussels.

But if not, feel free to simply right-click "Connect" on the desired connection request.

Then, its status will also be "Connected".

10.7. VPN connections established (using L2TP)

To ensure that your site-to-site VPN connections are properly established using the new "L2TP" VPN protocol instead of "PPTP", go to the "BRUX-VPN" VPN server at Site 1 (Brussels).
In the "Network Interfaces" section, you will see that the status of the "Paris" on-demand connection is "Connected".

You will see that the VPN server at site 2 (Paris) has connected to your Brussels VPN server "BRUX-VPN" with the user account "parisuser".

In the "Ports" section, sort the list by "Status" and make sure that the VPN protocol used this time is "L2TP".

On the remote VPN server "PARIS-VPN" at site 2 (Paris), perform the same checks.

In the "Network Interfaces" section, the status of the "brux" on-demand connection is "Connected".

In the "Remote Access Clients" section, you will see that the Brussels site has connected to your Paris VPN server.

Finally, in the "Ports" section of this VPN server "PARIS-VPN" (site 2 (Paris)), make sure again that the VPN protocol used is "L2TP".
To do this, sort the list by "Status" to see the active VPN ports.

10.8. Test connectivity between your physical sites (via VPN tunnel using L2TP protocol)

As you can see, our client PC at site 1 (Brussels) can once again communicate with the local VPN server (brux-vpn), as well as with the remote VPN server (paris-vpn).

Batch

ping 10.0.1.10

Plain Text

Reply from 10.0.1.10: bytes=32 time<1ms TTL=128
...

    Packets : Sent = 4, Received = 4, ...

Batch

ping 10.0.2.10

Plain Text

Reply from 10.0.2.10: bytes=32 time<1ms TTL=126
...

    Packets : Sent = 4, Received = 4, ...

Our VPN server "brux-vpn" at site 1 (Brussels) can once again communicate with the local VPN server (brux-vpn), as well as with the remote VPN server (paris-vpn).

Our client PC at site 2 (Paris) can once again communicate with the remote VPN server (brux-vpn), as well as with the local VPN server (paris-vpn).

Our VPN server "paris-vpn" at site 2 (Paris) can once again communicate with the remote VPN server (brux-vpn), as well as with the local VPN server (paris-vpn).