L2TP ipsec dialup connection

johnson73 · April 24, 2026, 4:33pm

Hello,

Question about creating a Mikrotik L2tp ipsec connection. Is it really necessary to still use the SHA1 authorization algorithm in 2026? The built-in Windows 10/11 vpn client is used, which connects RoadWarrior to Mikrotik. When I change this SHA1 option to a more secure one, I can no longer connect. Am I misunderstanding something or what? Is it a Windows problem that the ''more secure'' protocol is not supported? This option works great on both Checkpoint and Fortigate routers. Okay, Mikrotik is not an enterprise solution, but I have questions about L2tp Ipsec.

patrikg · April 24, 2026, 5:07pm

Like i said in this thread: MikroTik VPN connection - #3 by patrikg

jaclaz · April 24, 2026, 5:40pm

I believe it defaults to 3DES/SHA1.

You need to manually configure it for safer algorithms, which requires obscure Powershell commands like "Set-VpnConnectionIPsecConfiguration":
https://learn.microsoft.com/en-us/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=windowsserver2025-ps

johnson73 · April 24, 2026, 6:57pm

thanks for the reply!