Community discussions

MikroTik App
 
User avatar
Tomy
just joined
Topic Author
Posts: 1
Joined: Fri Apr 16, 2021 10:24 pm

Windows PCs doesn't connect to L2TP/IPsec VPN

Fri Apr 16, 2021 10:36 pm

Hi, as I said in the title, my Windows PCs don't connect to the L2TP/IPsec VPN, that I've set up on my MikroTik using this guide. It works fine on android, but on Windows, it doesn't want to connect.

-----MIKROTIK:

IP -> IPsec -> Proposals -> default

Name: default
Auth. Algorithms: sha1, sha256
Encr. Algorithms: aes-128-cbc, aes-256-cbc
Lifetime: 30 min
PFS Group: modp1024

IP -> IPsec -> Profiles -> default

Name: default
Hash Algorithms: sha256
PRF Algorithms: auto
Encryption Algorithm: aes-256
DH Group: modp1024
Proposal Check: obey
Lifetime: 1 day
Lifebytes: <nothing>
NAT Traversal: ENABLED
DPD Interval: disable DPD
DPD Maximum Failures: 5

-----LOG:

Public IP: 1.2.3.4
PCs IP: 5.6.7.8

-----START OF LOG-----

respond new phase 1 (Identity Protection): 1.2.3.4[500]<=>5.6.7.8[500]

no suitable proposal found

5.6.7.8 failed to get valid proposal

5.6.7.8 failed to pre-proccess ph1 packet (side: 1, status 1).

5.6.7.8 phase 1 negotiation failed

-----END OF LOG-----

Thank you for taking the time to read :)
Any help would be appreciated since I'm new to this and still learning.
 
User avatar
MickeyT
Member Candidate
Member Candidate
Posts: 125
Joined: Tue Feb 18, 2020 7:06 am
Location: Australia

Re: Windows PCs doesn't connect to L2TP/IPsec VPN

Fri Apr 23, 2021 4:44 am

It is worth noting that Microsoft Windows (all versions) does not support L2TP VPN connections that run through NAT without a specific registry change.

1) Start a command prompt (cmd) with Administrator privileges,
2) Run regedt32,
3) Browse to the registry sub-key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent,
4) Create (or edit if it exists) and entry called AssumeUDPEncapsulationContextOnSendRule with a type of DWORD (32-bit),
5) Give the entry a value of 2,
6) Quit the registry editor,
7) Restart your computer.

This change will not cause problems with L2TP VPN connections that don't run through a NAT so you may as well make it. You should also be aware that, if your ISP is using CGNAT, you may have problems using any VPN protocol that relies on UDP (L2TP does).

I hope this helps.

Who is online

Users browsing this forum: Ahrefs [Bot], fibracapi, Josephny, raiod and 78 guests