L2TP Error connecting Windows 10 to USG 100 - all of a sudden

ORCA · January 2022

Hello to the community,

since yesterday there is an L2TP issue connecting Windows 10 Pro (21H2) with Windows native software to Zyxel USG 100.

Setting:

USG 100 behind a FritzBox 5490. Port forwarding UDP 500 & 4500, TCP 1701, ESP. FritzBox is up to date (7.29) and restarted twice. USG 100 is up to date Firmware V5.20 (ABUH.0). Restarted USG 100 twice.

Just in case Port forwarding had been corrupted, all Ports in forwarding center FritzBox 5490 have been deleted by us and configured from scratch.

Connection Method: L2TP/IPsec with preinstalled key

Using Windows VPN built-in method.

Error:

The return message from Windows 10 VPN software is:

"The L2TP connection attempt failed because a processing error occurred during the initial security negotiation with the remote computer".

This issue occurs to 30 client computers in our organization. The setup has been working perfectly for about 10 month - until yesterday!

Anyone same issue recently or any idea?

Thanx much,

ORCA Team

ORCA · January 2022

Solution:

https://support.zyxel.eu/hc/de/articles/4415084375954-Ankündigung-Windows-VPN-Client-RAS-Client-Problem-nach-Installation-von-Windows-Update-vom-11-Januar-2022-KB5009543-KB5009566-

Thanx to ZYXEL Support Team

ORCA · January 2022

Solution:

https://support.zyxel.eu/hc/de/articles/4415084375954-Ankündigung-Windows-VPN-Client-RAS-Client-Problem-nach-Installation-von-Windows-Update-vom-11-Januar-2022-KB5009543-KB5009566-

Thanx to ZYXEL Support Team

another_user · January 2022

Hello at zyxel support team

in according to this article -> https://news.softpedia.com/news/microsoft-confirms-vpn-bug-caused-by-windows-cumulative-update-kb5009543-534686.shtml

so i report an interesting tip:

Microsoft says that customers who must use this VPN connection option are recommended to disable the vendor ID check on the server. Obviously, this isn’t something that users themselves can do but the server admins, and what’s worse is that this feature is sometimes even missing from some VPN servers.

“To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used. Next steps: We are presently investigating and will provide an update in an upcoming release,” Microsoft explained.

The answer is: is there a vendor ID option VPN on zyxel USG (100-310-1100 ecc)?

many thanks