L2TP/IPsec VPN fails to connect on Windows 10 - Works fine on iOS

I’ve configured an L2TP/ipsec server with a pre-shared key that works like a charm on my phone. I’ve tried several ways including disabling of firewall to connect on Windows 10 but it always fails. Here is the error it throws:

Error Windows L2TP VPN

How can I make it work? • My phone and Windows 10 Laptop are on the same network.


Solution 1:

For anyone else having issues, I was finally able to resolve the matter after making an edit in the registry and then rebooting. Thanks to the guide posted here at Github.

Run the following from an elevated command prompt:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

Also make sure, the following conditions are met: enter image description here

Solution 2:

You can disable IPSec and always connect to l2tp only.
Start a registry editor (regedit.exe) and navigate to the

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters.

From the Edit menu, select "New", "DWORD Value".
Enter the name of "ProhibitIpSec" and press Enter.
Double-click the new value, set it to 1, and click OK.
Restart the machine.
To enable IPSec again, set the value to 0.

Enjoy.

Solution 3:

I had the same issue on 3 Windows 10 PCs. The above registry fix did not work initially. The only thing the 3 PCs had in common is that they were all upgraded from Windows 7 at some stage. Microsoft support suggested doing an in-place reinstall of Windows 10 from DVD or USB stick using their media creation tool. That kept all my apps and data, in the same way the upgrade from W7 does. After the in-place upgrade, I had the same error, then applied the registry fix, and the connection was successful. I also tried installing Windows 10 on a reformatted hard drive. That also worked after the registry fix. The registry fix appears to be necessary if the VPN client and/or server are behind a NAT device such as a broadband router. Once the connection was established, additional steps were needed to enable internet access for the VPN client via the VPN connection. In my case, I had to add the range of client source IP addresses 10.2.0.0/8 to my NAS firewall, as the VPN server is my NAS.