VPN working on some PCs, but not others

RFrei
RFrei Posts: 13
First Anniversary Friend Collector First Comment
edited May 2022 in Nebula
Hello,

we have a USG100 in a remote location to which we need to connect.
We use the windows integrated VPN for this and L2TP with a secure key.

On some PCs like my work laptop, my home computer and another older work laptop this setup works without issues.
However, I tried setting up 2 different laptops in the last week with a vpn to this location and it just won't work on neither.

When checking the windows error code in the event viewer it's either 809 or 619, seemingly randomly switching between these two codes on both computers.

What I have tried so far:
-Setting the DWORD AssumeUDPEncapsulationContextOnSendRule in the registry to 2.
-Using my working login credentials for the other PCs.
-Open the UDP ports 500 and 4500 on every router and gateway that is being used in the connection.
-Disabling the Firewall temporarily on the laptop and every router and gateway that is being used in the connection, still not working.
-Enabling LCP extension and CHAP + CHAP2 in the adapter controls.
-Enabling/Disabling IPv6.
-Reinstalling the WAN Miniport adapters in the device manager.
-Check if the services Plug and Play, Ras Remote Access Connection Manager, 
IKE and AuthIP IPsec Keying Module and IPsec Policy Agent are alive and running.

I am at my wits end right now and hope someone can help me figure this out.

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 741  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @RFrei,
    Please kindly check the following lists
    1) Remove the Windows Update Patch (KB5009543) on issue Laptops.
    2) Check the Firmware up to date
    Kevin
  • RFrei
    RFrei Posts: 13
    First Anniversary Friend Collector First Comment
    The Laptops are up to date. This specific Windows patch is not installed, but likely bundled in a newer one? Should I try removing updates?
  • RFrei
    RFrei Posts: 13
    First Anniversary Friend Collector First Comment
    Hey sadly I still couldn't resolve this issue. Is there anything else I could try?
  • Zyxel_Kevin
    Zyxel_Kevin Posts: 741  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @RFrei
    Could we have remote to check the issue ?
    Did you have time today at 15:00 (UTC+8) ?
    Kevin
  • RFrei
    RFrei Posts: 13
    First Anniversary Friend Collector First Comment
    Sorry, I am sick at the moment. Maybe we can schedule a call next week?
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    RFrei said:
    Hey sadly I still couldn't resolve this issue. Is there anything else I could try?
    L2TP were broken by Microsoft during Patch Tuesday January 2022 (Windows 10: kb5009543, Windows 11: kb5009566), then "re-instated" a working solution (lots of Kb numbers, only the latest is  KB5010342 for 20H2 an subsequent for Windows 10), therefore, a fully updated OS should be capable of correctly create the tunnel.
    Ball through USG100. Consider to update to the latest available firmware. I suggest to look for the 3.30P7-WK48, link available here.
    Then USG100 must be allowing connection from WAN to Zywall for ports UDP 500, 1701, 4500.
    Then Gateway/phase 1 should exists and the Connection/phase 2 should be correctly configured,  with public static ip address as "local policy". I had few times my head hurt on the wall.

    Last, but first: create all the objects for subnets (local, remote, eventually translated), hosts, users, groups, before start tweaking with VPNs. It's boring, but get the things done so much faster!.

    And... you already should know that VPN 192.168.1.0/24 address to 192.168.1.0/24 does not work that well, without mapping/translate the networks...



  • Zyxel_Kevin
    Zyxel_Kevin Posts: 741  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @RFrei
    The VPN NIC setting is gone. 
    After resetting it, It is normal now. Please have a check with different network enviroment.
    Thank you
    Kevin

Nebula Tips & Tricks