How to Create an L2TP VPN Server (Step-by-Step Guide for Windows 10 and Beyond)

If you manage systems, develop SaaS products, or build infrastructure for clients, chances are you’ve needed a VPN at some point. Maybe not for the whole team, maybe not forever—but definitely for testing, compliance, or internal access. In that case, one of the easiest ways to get started is to create L2TP VPN infrastructure on your own.

L2TP isn’t fancy. It’s not new. But it’s supported by nearly every operating system without needing third-party apps. That makes it useful for labs, legacy systems, or quick deployments.

Let’s walk through how to do it on Windows 10. We’ll keep things clear, cover security considerations, and show you where to scale if this moves beyond a one-off project.

What is L2TP?

L2TP stands for Layer 2 Tunneling Protocol. On its own, it doesn’t offer encryption. That’s why most implementations pair it with IPsec for security.

Together, L2TP/IPsec creates a stable tunnel that most devices can connect to without needing special software. It’s widely used in firewalls, routers, and native OS settings.

Is it the most secure protocol? No. Is it fast to set up and widely compatible? Yes.

For internal tools, testing VPN connections, or remote access where zero trust isn’t in play—L2TP still has a role. If you’re building a product or managing a fleet of remote users, it’s a good protocol to understand before you move to something like WireGuard.

Is L2TP Obsolete?

Not quite. It’s not bleeding-edge, but it’s not dead.

If you’re trying to create L2TP VPN access for a handful of users or devices—especially when you don’t want to install anything—L2TP still makes sense. Every version of Windows since XP supports it. macOS and iOS do, too. Android’s built-in VPN tool? Also L2TP/IPsec-compatible.

It’s not the best choice for public networks or large-scale access. But for what it is, it works. That’s why businesses still use it.

What You’ll Need

Before we get into the steps, here’s what you’ll need:

• A Windows 10 Pro or Enterprise machine (or a Windows Server box)
  
• Admin access to the machine
  
• A public IP address (or Dynamic DNS if you’re testing)
  
• Ports open on your router or firewall (UDP 500, 1701, 4500)
  
• A pre-shared key (PSK) for IPsec
  
• A user account with a password

Optional: if you’re not using Windows Server, you can still install the Routing and Remote Access Service (RRAS) role manually on Windows 10. But it’s easier on a server environment.

Step-by-Step: How to Create L2TP VPN Server on Windows 10

This walkthrough covers setting up L2TP with IPsec on a Windows 10 machine using the built-in RRAS service. You can follow along on Windows Server too—it’s almost identical.

Step 1: Install the Routing and Remote Access Service (RRAS)

On Windows 10 Pro or Enterprise, RRAS isn’t enabled by default.

Here’s how to get it going:

1. Open Control Panel → Programs and Features → Turn Windows features on or off.
   
2. Find Routing and Remote Access and enable it.
   
3. Let the system install the components and restart if needed.

Once it’s installed, RRAS will appear in the Services snap-in and Server Manager if you’re on Windows Server.

Step 2: Configure RRAS for VPN

1. Open Server Manager or run rrasmgmt.msc.
   
2. Right-click your server name and click Configure and Enable Routing and Remote Access.
   
3. Select Custom configuration → Check VPN access → Finish.
   
4. Start the RRAS service when prompted.

Now you’ve activated RRAS to allow incoming VPN connections. Let’s fine-tune it.

Step 3: Enable L2TP and Set the Pre-Shared Key

You’ll need to manually define L2TP and its IPsec settings.

1. In the RRAS console, right-click your server name → Properties → Security tab.
   
2. Click Authentication Methods.
   
3. Enable EAP and MS-CHAP v2. If you’re testing or just need something fast, MS-CHAP v2 is fine.
   
4. Still in the Security tab, click IPsec Settings.
   
5. Check Use preshared key for authentication and enter your PSK (make it strong).

This is the “secret code” that your L2TP clients will need.

Step 4: Set IP Range for VPN Clients

1. Go to IPv4 tab in RRAS server properties.
   
2. Enable Static address pool and define a range like 192.168.100.1 to 192.168.100.20.
   
3. These are the IPs that will be assigned to devices connecting over VPN.

Keep it outside your LAN DHCP range to avoid conflicts.

Step 5: Create VPN Users

You can use local Windows users or integrate with Active Directory if you’re on a domain. Here’s how to create a local one:

1. Open Computer Management → Local Users and Groups → Users.
   
2. Right-click → New User.
   
3. Set a name and strong password.
   
4. Right-click the new user → Properties → Dial-in tab → Allow access.

Repeat for each user that needs to connect.

Step 6: Open Firewall Ports

L2TP/IPsec uses:

• UDP 500 (for IPsec)
  
• UDP 1701 (for L2TP tunnel)
  
• UDP 4500 (for NAT traversal)

If you’re behind a router, forward these to your Windows machine. If there’s a local firewall, create inbound rules for these ports in Windows Defender Firewall.

Step 7: Client Configuration on Windows 10

Now test from a remote client.

1. Go to Settings → Network & Internet → VPN.
   
2. Click Add a VPN connection.
   
3. Fill in the fields:
   
   • VPN provider: Windows (built-in)
     
   • Server name or address: your public IP or dynamic DNS
     
   • VPN type: L2TP/IPsec with pre-shared key
     
   • Pre-shared key: your PSK
     
   • Username and password: from the user you created
     

Click Save, then try connecting.

If it fails the first time, you might need to tweak the registry to allow NAT-T:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

Add a DWORD value:

• Name: AssumeUDPEncapsulationContextOnSendRule
  
• Value: 2
  

Restart and try again.

If setting all this up feels like more than you want to manage, there’s a simpler path. With PureVPN White Label, you get a fully branded VPN solution with L2TP/IPsec already built in—no server configs, no port forwarding, no guesswork. It’s ready to go for your users or clients, so you can skip the setup and focus on scaling.

Setting Up L2TP Clients (Windows, macOS, Mobile)

Now that your server’s running, it’s time to test client connections. Windows 10 makes this easy, and most other platforms follow a similar pattern.

Windows 10

Already covered above, but quick recap:

• Open VPN settings
  
• Add a new VPN
  
• Set type to L2TP/IPsec with pre-shared key
  
• Enter your credentials and connect

If you’re working from behind a NAT (which most users are), you may need the registry tweak mentioned earlier for L2TP to work correctly.

macOS

1. Go to System Preferences → Network
   
2. Click the “+” to add a service
   
3. Interface: VPN
   
4. VPN Type: L2TP over IPsec
   
5. Enter the server IP, username, and shared secret

Click Connect and you’re in.

Android & iOS

Both platforms support L2TP natively.

• On iOS: Settings → VPN → Add Configuration → Type: L2TP
  
• On Android: Settings → Network → VPN → Add VPN → Type: L2TP/IPsec PSK

Use the same server address, PSK, and login credentials you set up earlier.

If you’d rather skip the manual setup across all these platforms, PureVPN White Label offers a branded VPN solution with native apps for Windows, macOS, iOS, and Android—all pre-configured with L2TP/IPsec and other modern protocols. It’s ready to deploy, no walkthroughs needed.

Free L2TP VPN Servers: Why You Should Think Twice

You might come across blog posts listing a Free L2TP VPN server list or credentials like “Free L2TP VPN username and password” floating around. Here’s the issue with that:

• They’re public. Which means they’re not secure.
  
• They’re overloaded and unstable.
  
• You’re trusting unknown third parties with your traffic.

For personal testing, sure—maybe. But for business or client use? No way.

Security Tips for L2TP/IPsec Setups

L2TP with IPsec is more secure than L2TP alone, but that doesn’t make it bulletproof. If you’re going to create L2TP VPN access, make sure to follow these best practices:

• Use a long, random pre-shared key. Not “123456”.
  
• Avoid using PAP. Stick with MS-CHAP v2 at minimum.
  
• Don’t reuse VPN credentials across systems.
  
• Rotate credentials regularly.
  
• Always log access and review usage if possible.

And remember, this protocol doesn’t offer perfect forward secrecy. For higher-risk use cases, consider OpenVPN or WireGuard.

Building Your Own L2TP VPN vs Using PureVPN White Label

Creating your own VPN server is great for testing and small-scale use. But when you’re serving real customers or want to scale, it breaks down fast.

That’s where PureVPN White Label comes in.

With PureVPN White Label, you get:

• Full VPN infrastructure — ready to go
  
• Your own branded apps (no mention of PureVPN)
  
• Protocol support including OpenVPN, WireGuard, IKEv2 (more modern than L2TP)
  
• A backend dashboard to manage users, analytics, and support
  
• Access to 6,500+ servers in 70+ countries

No server setup. No port forwarding. No dealing with config L2TP ever again.

Final Thoughts

Creating your own L2TP VPN server on Windows 10 is totally doable. You don’t need third-party apps or fancy tools. You just need a bit of time, the right firewall rules, and a secure PSK. If you’re building it for testing, it’s a great exercise. If you’re launching a product, managing users, or building a commercial tool—do yourself a favor and look at automation or hosted options.

You could spend hours configuring RRAS, opening ports, and managing IP ranges. Or, you could launch a secure, fully branded VPN with PureVPN White Label—L2TP, OpenVPN, WireGuard, and admin tools all included.