L2TP and Windows 10

bbros

I'm not able to connect via L2TP VPN on a USG1100 with a Windows 10 client.

I'm always getting this error:

0|ZyXEL|USG1100||0|IKE|4|src=my_wan_ip dst=usg_wan_ip spt=62751 dpt=500 msg=Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len = 128, 256 bit ECP, 2048 bit MODP, 3DES, 1024 bit MODP; ).

0|ZyXEL|USG1100||0|IKE|4|src=usg_wan_ip dst=my_wan_ip spt=500 dpt=62751 msg=Send:[NOTIFY:NO_PROPOSAL_CHOSEN]

I tried many combinations in phase 1 and 2, but none let me connect. With my Android mobile device, all works fine only when I'm connected with the LTE 4G network, but it doesn't work when it goes out from the company VDSL (double nat, LAN and ISP).

With Windows 10 doesn't work at all, even connected via the hot-spot of the mobile device.

Do you have any suggestion to use L2TP VPN with Windows 10?

Thank you

Federico

Alfonso

Hi @bbros

L2TP IPSec on Windows 10 problems are known.

A quick solution is to execute and reboot the pc

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

But I suggest to read the following links:

https://superuser.com/questions/1298513/l2tp-ipsec-vpn-fails-to-connect-on-windows-10-works-fine-on-ios

https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md#windows

I hope it helps you.

Best regards

PeterUK

I have L2TP VPN work with win10 on Pre-shared key with.

Phase 1

Negotiation mode:main

Proposal:

1. 3DES SHA1

2.AES128 SHA1

Phase 2

Active Protocol: ESP

Encapsulation: Transport

Proposal:

1.AES256 SHA1

2. 3DES SHA1