Can't manage to connect to L2TP/IPSec VPN with built-in Windows 10 client

carles Posts: 5
First Comment Third Anniversary
 Freshman Member
edited April 2021 in Security
I've configured a L2TP/IPSec VPN tunnel (USG20W-VPN firewall), with default options. I can connect with no problem from an old Windows 7 PC, but I cannot with Windows 10.

The client configuration is the same in both cases: preshared key and PAP protocol.

I'm wondering if Windows 10 requires any additional step.


  • [Deleted User]
    [Deleted User] Posts: 0
    5 Answers First Comment Friend Collector Fifth Anniversary
     Zyxel Employee
    Dear @carles

    Can you check the properties of the vpn connection.
    • go to Control panel
    • Network connections
    • right click the l2tp connection and choose properties
    • go to the security tab and tick the PAP option..(copy the below)
    Let me now if this helps
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034
    50 Answers 500 Comments Friend Collector Fourth Anniversary
     Zyxel Employee
    For VPN connect with win10<->USG,
    To establishing the L2TP connection , remember to enable the “IKE service”. Please refer to attached document as your reference.
  • carles
    carles Posts: 5
    First Comment Third Anniversary
     Freshman Member
    Thanks for your help! The IKE service did the trick.
  • warwickt
    warwickt Posts: 111
    5 Answers First Comment Friend Collector Third Anniversary
     Ally Member
    Further to Mark's post, we set quite a few USG's up with MacOS and FreeBSD with and without Open Directory (LDAP) authorisation via RADIUS from Windows OS 7,8, 10(  inbuilt ) VPN clients.

    L2TP adapter/Properties/Security/ Authentication / Encryption Types as follows:

    Local Users only (maintained in USG appliance)
    • use CHAP and or MS-CHAP(V2)
    • works fine.

    Ext-Users (via RADIUS to LDAP)
    • use only PAP
    • tech reason is that USG passes authentication to LDAP. if encrypted, LDAP can't process it and will fail.
    We usually combine in VPN_client_01_group and use USG config/ VPN / L2TP Authentication Method . works 100%


    Hong Kong 

Security Highlight