Unable to connect to Flex 200 L2TP with Win 10 client since upgrade to 21H1

FordPrefect

Hello, since I upgraded Windows 10 to 21H1 a week ago, L2TP connection to my Flex 200 stopped working.

Before, I had Win 10 2004 and everything was ok.

I search Google and found several similar problems (started with Win 10 20H2, which I didn't install), but no solution.

I also searched Zyxel forums and read many articles, but my configuration on both sides is completely ok.

During troubleshooting, I even deleted IP Sec connection and Gateway and created new one, strictly followed guide here:

https://support.zyxel.eu/hc/en-us/articles/4401915685522-How-to-setup-L2TP-VPN-on-USG-ATP-VPN-device-without-Wizard-

I recreated connection on Windows 10, also following guide here:

https://support.zyxel.eu/hc/en-us/articles/360001390914-L2TP-configuration-on-a-USG-Firewall-using-the-Windows-built-in-client

Because, my computer is behind NAT, I checked, that this setting is present in registry:

https://support.zyxel.eu/hc/en-us/articles/360003503440-L2TP-behind-NAT-on-a-Windows-client

Of course I triple checked username, password and preshared key.

Zyxel IKE log shows, that tunnel is correctly build, but then client drops connection for no apparent reason.

Now, I am completely out of ideas.

I hope someone here can help.
Thanks.

gb5102

It is a Windows bug. If you connect using the 'legacy' vpn client built into Windows it will work. Type 'rasphone' (no quotes) into the Windows search box and connect via that interface. Be sure to reboot first to clear out any 'stuck' VPN connections.

Zyxel_Cooldia

Hi @FordPrefect,

Welcome to Zyxel community.
kindly share your test result by following the solution as recommended by gb5102's

FordPrefect

Hi,

thanks for suggestion. Unfortunately, it didn't work.

I wanted to wait with results until today, because here at work I have access also to Win 10 2004 machine.

On 2004 machine, connection is build correctly and it is working OK, so L2TP server settings on Flex 200 are correct.

Om my laptop with 21H1, connection is dropped even if I use rasphone.exe as gb5102 suggested.

I also deleted all VPN connections, restarted computer and build new one with rasphone.exe.

I also checked Google for error 720. I deleted all WAN Miniport devices in Device manager and recreated them, I also followed this MS KB article (https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-error-720-when-establishing-a-vpn-connection ), but all drivers are enabled.

mMontana

Hi @FordPrefect, I'm using L2TP connections on Windows 10 Pro 21H1 and I had no problems after updating the system.

I can connect to different kind of firewalls (4.65P1, 5.10) and via different ISPs, so for what is my experience, should not be an issue of Windows 10 version.

On the L2TP connection i had to verify these settings for make it work.

PPP options: LCP extension checked, compression and multiple connections unchecked.

Security: MS-CHAP v2 checked, others unchecked.

Hoping that this can help you....

FordPrefect

All my L2Tp setting are the same. I tried different L2TP setting before without success.
It could be something else on my laptop that breaks connection. ESET Security AV could be the offender.  I currently don't have any other machine with 21H1 to try, so I would probably have to uninstall AV.

mMontana

Recently ESET updated product to version 15.0.18 (at least for AV). Is updated yours?

jbender

I'm having the exact same problem as the OP @FordPrefect and I'm at a loss.

I have an L2TP VPN connection on a USG Flex 200 that's been working fine for over a year with the Windows native VPN client. Then all of a sudden the other day it stopped working. Times out on "Connecting" and logs in the USG show similar entries to the OP.

I've tested this on four different systems -- three with 21H1 and one with 20H2 -- all with the same result (all from different origin networks).

I rolled back the firmware from 5.10 to 5.02 thinking it could have been a firmware bug since I updated recently. This did not fix the issue.

I uninstalled my AV (Bitdefender) completely to verify that wasn't causing the issue. No effect.

The strangest thing of all is that I can connect to OTHER USG Flex 200s with L2TP from my system without issue (some of which have the same ISP service). Given all this, I would think the issue is on the problem USG's side, but the fact that NOTHING has changed there and that the OP seems to have the same issue makes me think there might be something else going on here. I'm stumped so any help would be appreciated.

lalaland

It seems that a lot of users encounter similar issue after window update to 21H1
https://www.windowsphoneinfo.com/threads/cannot-connect-any-vpn-on-windows-10-help-plz.576305/
https://answers.microsoft.com/en-us/windows/forum/all/vpn-connection-via-internal-client-stopped-working/467047f8-93ff-4c18-98aa-da571491ba1f
Perhaps can refer to the article below for more info
https://windowsreport.com/vpn-wont-work-windows-10-update/

jbender

Thanks for the info. Unfortunately none of the fixes listed worked.

This has to be something related to this specific Flex 200. I can connect to other Flex 200s with the same firmware and L2TP set up. It's just this one.

Can someone from Zyxel jump in and advise as to how to troubleshoot this further on the appliance?

WJS

Do you use iphone hotspot?

In my past experience. iPhone hotspots often cause strange problems..

Btw, I can connect the vpn with WIN21H1... Can't reproduce your issue