Can't manage to connect to L2TP/IPSec VPN with built-in Windows 10 client

carles
carles Posts: 5  Freshman Member
First Comment Third Anniversary
edited April 2021 in Security
I've configured a L2TP/IPSec VPN tunnel (USG20W-VPN firewall), with default options. I can connect with no problem from an old Windows 7 PC, but I cannot with Windows 10.

The client configuration is the same in both cases: preshared key and PAP protocol.

I'm wondering if Windows 10 requires any additional step.

Comments

  • [Deleted User]
    [Deleted User] Posts: 118  Ally Member
    5 Answers First Comment Friend Collector Fifth Anniversary
    Dear @carles

    Can you check the properties of the vpn connection.
    • go to Control panel
    • Network connections
    • right click the l2tp connection and choose properties
    • go to the security tab and tick the PAP option..(copy the below)
    Let me now if this helps
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    @carles
    For VPN connect with win10<->USG,
    To establishing the L2TP connection , remember to enable the “IKE service”. Please refer to attached document as your reference.
    Charlie
  • carles
    carles Posts: 5  Freshman Member
    First Comment Third Anniversary
    Thanks for your help! The IKE service did the trick.
  • warwickt
    warwickt Posts: 111  Ally Member
    5 Answers First Comment Friend Collector Third Anniversary
    Further to Mark's post, we set quite a few USG's up with MacOS and FreeBSD with and without Open Directory (LDAP) authorisation via RADIUS from Windows OS 7,8, 10(  inbuilt ) VPN clients.

    L2TP adapter/Properties/Security/ Authentication / Encryption Types as follows:


    Local Users only (maintained in USG appliance)
    • use CHAP and or MS-CHAP(V2)
    • works fine.


    Ext-Users (via RADIUS to LDAP)
    • use only PAP
    • tech reason is that USG passes authentication to LDAP. if encrypted, LDAP can't process it and will fail.
    We usually combine in VPN_client_01_group and use USG config/ VPN / L2TP Authentication Method . works 100%

    HTH

    warwick
    Hong Kong 


Security Highlight