Windows RRAS VPN configuration when server is behind NAT
The following configuration changes have to be done when the Windows VPN server (Remote Access and Routing Service) is behind NAT (ie, server has a private IP). To make PPTP work: Allow tcp/1723 traffic to flow through the firewall to the RRAS server Add inspect pptp on the firewall To make L2TP/IPSec work on Windows clients: On the client device, open Registry Editor Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent Add a DWORD (32-bit) key named AssumeUDPEncapsulationContextOnSendRule Set the value to 2, and base to Hexadecimal Restart the client PC (this is important). Done!