Unable to connect to Flex 200 L2TP with Win 10 client since upgrade to 21H1

FordPrefect Posts: 5  Freshman Member
First Anniversary First Comment
Hello, since I upgraded Windows 10 to 21H1 a week ago, L2TP connection to my Flex 200 stopped working.
Before, I had Win 10 2004 and everything was ok.
I search Google and found several similar problems (started with Win 10 20H2, which I didn't install), but no solution.
I also searched Zyxel forums and read many articles, but my configuration on both sides is completely ok.
During troubleshooting, I even deleted IP Sec connection and Gateway and created new one, strictly followed guide here:

I recreated connection on Windows 10, also following guide here:

Because, my computer is behind NAT, I checked, that this setting is present in registry:

Of course I triple checked username, password and preshared key.

Zyxel IKE log shows, that tunnel is correctly build, but then client drops connection for no apparent reason.

Now, I am completely out of ideas.
I hope someone here can help.

All Replies

  • gb5102
    gb5102 Posts: 25  Freshman Member
    First Anniversary Friend Collector First Comment
    It is a Windows bug. If you connect using the 'legacy' vpn client built into Windows it will work. Type 'rasphone' (no quotes) into the Windows search box and connect via that interface. Be sure to reboot first to clear out any 'stuck' VPN connections.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,450  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Welcome to Zyxel community. :)
    kindly share your test result by following the solution as recommended by gb5102's
  • FordPrefect
    FordPrefect Posts: 5  Freshman Member
    First Anniversary First Comment
    thanks for suggestion. Unfortunately, it didn't work.
    I wanted to wait with results until today, because here at work I have access also to Win 10 2004 machine.
    On 2004 machine, connection is build correctly and it is working OK, so L2TP server settings on Flex 200 are correct.
    Om my laptop with 21H1, connection is dropped even if I use rasphone.exe as gb5102 suggested.
    I also deleted all VPN connections, restarted computer and build new one with rasphone.exe.
    I also checked Google for error 720. I deleted all WAN Miniport devices in Device manager and recreated them, I also followed this MS KB article (https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-error-720-when-establishing-a-vpn-connection ), but all drivers are enabled.

  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @FordPrefect, I'm using L2TP connections on Windows 10 Pro 21H1 and I had no problems after updating the system.
    I can connect to different kind of firewalls (4.65P1, 5.10) and via different ISPs, so for what is my experience, should not be an issue of Windows 10 version.

    On the L2TP connection i had to verify these settings for make it work.
    PPP options: LCP extension checked, compression and multiple connections unchecked.
    Security: MS-CHAP v2 checked, others unchecked.

    Hoping that this can help you....
  • FordPrefect
    FordPrefect Posts: 5  Freshman Member
    First Anniversary First Comment
    All my L2Tp setting are the same. I tried different L2TP setting before without success.
    It could be something else on my laptop that breaks connection. ESET Security AV could be the offender.  I currently don't have any other machine with 21H1 to try, so I would probably have to uninstall AV.
  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Recently ESET updated product to version 15.0.18 (at least for AV). Is updated yours?
  • I'm having the exact same problem as the OP @FordPrefect and I'm at a loss.

    I have an L2TP VPN connection on a USG Flex 200 that's been working fine for over a year with the Windows native VPN client. Then all of a sudden the other day it stopped working. Times out on "Connecting" and logs in the USG show similar entries to the OP.

    I've tested this on four different systems -- three with 21H1 and one with 20H2 -- all with the same result (all from different origin networks).

    I rolled back the firmware from 5.10 to 5.02 thinking it could have been a firmware bug since I updated recently. This did not fix the issue.

    I uninstalled my AV (Bitdefender) completely to verify that wasn't causing the issue. No effect.

    The strangest thing of all is that I can connect to OTHER USG Flex 200s with L2TP from my system without issue (some of which have the same ISP service). Given all this, I would think the issue is on the problem USG's side, but the fact that NOTHING has changed there and that the OP seems to have the same issue makes me think there might be something else going on here. I'm stumped so any help would be appreciated.
  • Thanks for the info. Unfortunately none of the fixes listed worked.

    This has to be something related to this specific Flex 200. I can connect to other Flex 200s with the same firmware and L2TP set up. It's just this one.

    Can someone from Zyxel jump in and advise as to how to troubleshoot this further on the appliance?

  • WJS
    WJS Posts: 127  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Do you use iphone hotspot?
    In my past experience. iPhone hotspots often cause strange problems..

    Btw, I can connect the vpn with WIN21H1... Can't reproduce your issue

Security Highlight