L2TP server allows connections through firewall for iPhone/iPad, but not windows
Our L2TP server (running Windows 2008 RRAS) is behind a NAT firewall. I've already verified that it is passing NAT-T. The firewall rules are all set up correctly to pass GRE, IKE, L2TP and there are no custom IPSEC policies running on the server. L2TP is using a PSK instead of a certificate. Oddly, my Windows 7 and 8 desktops cannot make a successful connection, but my iPhone and iPad devices connect successfully. I can't think of anything else to check.
Also note that we can use PPTP and SSTP just fine.
I have firewall and netmon logs for both the failed and successful connections. I've seen a lot of cases where iOS devices cannot connect where full desktops can, but this is the opposite and I can find no clues on the interwebs.
Update: I've even replaced the server in question with a fresh Windows Server 2012 installation and it still has the same problem.
Solution 1:
Did you make the registry changes to the Windows machines to make it behind NAT?
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
If you prefer to use "REG ADD":
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 2
The registry change is mentioned in this article from Microsoft: https://docs.microsoft.com/en-US/troubleshoot/windows-server/networking/configure-l2tp-ipsec-server-behind-nat-t-device
Be aware that this registry value has had a history of being deleted by Windows 10 "Feature Updates". If you are able to enforce the setting through an automated mechanism (like Group Policy Preferences Registry settings) you will have more consistent results.
Solution 2:
I've had this same problem, and it turned out that the local Windows firewall was blocking the connection. This guide helped me add the correct ports.
Basically you need to open UDP Ports '50, 500, 4500'
https://www.magnumvpn.com/setup-windows-10-firewall-l2tp.html