IPSec with Windows 10

Hi

I am preparing to replace my PPtP links with L2TP/IPSec ones and came across a weird behaviour during one of my tests

I setup a Windows 10 machine to connect to my CCR9 via L2TP/IPSec.
The first connection attempt was successful, but subsequent ones weren’t
When I checked the CCR9 log I noticed the following

 respond new phase 1 (Identity Protection): 
 ISAKMP-SA established 
 the packet is retransmitted by
  the packet is retransmitted by
   the packet is retransmitted by
    etc..

The Windows 10 machine would eventually give up and throw the following error :

“The L2TP connection attempt failed because the security layer encountered a processing error during the initial negotiations with the remote computer”

I’m not sure why I remembered this, but I came across a setup guide by Daniel on his blog https://justit.eu/mikrotik-l2tpipsec-vpn/ where he emphasized the activation of the option use-mpls=yes
I thus enabled this option and suddenly the Windows 10 was able to connect again (hmm…)

Not sure why this would have any influence but stiil, I thought I’d ask around in case anyone else has had issues with Windows 10

Thanks
yann

I would use SSTP insted. I use it myself and it works better as port 443 is almost always open on external networks and works better in terms of stability.
Best is to use a real certificate so that CRL works, or you have to tweak the registry of the connecting Windows clients as they require a working CRL. You can get working certificates for free with startssl.
Works like a charm for me