L2TP VPN access stopped working on NSG50
support_rcor
Posts: 16 Freshman Member
We have a client that has been using an NSG50 for a year or more using "L2TP over IPSec VPN server" for 13 users on the Cloud Authenticator. It has been running smoothly for months without a peep from the client. Over the past day or two, they can no longer access the VPN. They immediately receive a message:
The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
These same settings for the Windows 10 Built-in client have been working.
What I've tried so far:
- I've tried it on 4 separate PC's all get the same message.
- I disabled the firewall on the PC's
- I've created a new test user
- I've enabled and disabled the PAP, CHAP and MS CHAP v2
- Updated the network drivers
Only thing I see that has changed is the Nebula update that took place on the 10th. Can anyone provide some assistance?
Brad Carpenter
support@rcor.com
The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
These same settings for the Windows 10 Built-in client have been working.
What I've tried so far:
- I've tried it on 4 separate PC's all get the same message.
- I disabled the firewall on the PC's
- I've created a new test user
- I've enabled and disabled the PAP, CHAP and MS CHAP v2
- Updated the network drivers
Only thing I see that has changed is the Nebula update that took place on the 10th. Can anyone provide some assistance?
Brad Carpenter
support@rcor.com
0
Accepted Solution
-
Hi @support_rcor,
Microsoft release fix overcome the issue. Now you can get windows updated.KB5010793 for Windows 10
https://support.microsoft.com/en-us/topic/january-17-2022-kb5010793-os-builds-19042-1469-19043-1469-and-19044-1469-out-of-band-f2d4f178-5b36-49cb-a6fd-4bf9857574f9KB5010795 for Windows 11
https://support.microsoft.com/en-us/topic/january-17-2022-kb5010795-os-build-22000-438-out-of-band-2d2b9310-d845-41c4-9907-aeea24f36a63
0
All Replies
-
Check this article, seems that latest windows update broke L2TP VPN:
New Windows KB5009543, KB5009566 updates break L2TP VPN connections
0 -
Thanks! Removing the KB seems to have fixed it temporarily. At least until Windows reinstalled it. I've had to lather/rinse/repeat a few times now. I've found the following from Microsoft stating that disabling Vendor ID can be done server side to alleviate the need to uninstall the KB multiple times on multiple user PCs. Any idea on if it can be disabled on Zyxel Nebula based gateways?
"
https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h2#2773msgdescCertain IPSEC connections might fail
Status Originating update History Confirmed OS Build 19041.1466
KB5009543
2022-01-11Last updated: 2022-01-13, 12:11 PT
Opened: 2022-01-13, 11:05 PTAfter installing KB5009543, IP Security (IPSEC) connections which contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used.Next steps: We are presently investigating and will provide an update in an upcoming release.Affected platforms:- Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB
- Server: Windows Server 2022; Windows Server, version 20H2; Windows Server 2019; Windows Server 2016"
0 -
Hi @support_rcor,
Microsoft release fix overcome the issue. Now you can get windows updated.KB5010793 for Windows 10
https://support.microsoft.com/en-us/topic/january-17-2022-kb5010793-os-builds-19042-1469-19043-1469-and-19044-1469-out-of-band-f2d4f178-5b36-49cb-a6fd-4bf9857574f9KB5010795 for Windows 11
https://support.microsoft.com/en-us/topic/january-17-2022-kb5010795-os-build-22000-438-out-of-band-2d2b9310-d845-41c4-9907-aeea24f36a63
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight