L2TP server allows connections through firewall for iPhone/iPad, but not windows

windows firewall iphone l2tp

Our L2TP server (running Windows 2008 RRAS) is behind a NAT firewall. I've already verified that it is passing NAT-T. The firewall rules are all set up correctly to pass GRE, IKE, L2TP and there are no custom IPSEC policies running on the server. L2TP is using a PSK instead of a certificate. Oddly, my Windows 7 and 8 desktops cannot make a successful connection, but my iPhone and iPad devices connect successfully. I can't think of anything else to check.

Also note that we can use PPTP and SSTP just fine.

I have firewall and netmon logs for both the failed and successful connections. I've seen a lot of cases where iOS devices cannot connect where full desktops can, but this is the opposite and I can find no clues on the interwebs.

Update: I've even replaced the server in question with a fresh Windows Server 2012 installation and it still has the same problem.


Solution 1:

Did you make the registry changes to the Windows machines to make it behind NAT?

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002

If you prefer to use "REG ADD":

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 2

The registry change is mentioned in this article from Microsoft: https://docs.microsoft.com/en-US/troubleshoot/windows-server/networking/configure-l2tp-ipsec-server-behind-nat-t-device

Be aware that this registry value has had a history of being deleted by Windows 10 "Feature Updates". If you are able to enforce the setting through an automated mechanism (like Group Policy Preferences Registry settings) you will have more consistent results.

Solution 2:

I've had this same problem, and it turned out that the local Windows firewall was blocking the connection. This guide helped me add the correct ports.

Basically you need to open UDP Ports '50, 500, 4500'

https://www.magnumvpn.com/setup-windows-10-firewall-l2tp.html

Related

Difference between function and equation
Prove that $\lim _{x\to \infty \:}(1+\frac{x^x}{x!})^{\frac{1}{x}} = e$ [closed]
What is the rank of the matrix consisting of all permutations of one vector? [duplicate]
Equivalent norms understanding proof visually
What inequalities should one know to evaluate limits fluently?
Who first proved Peano Arithmetic is not finitely axiomatizable?
If $a+b+c$ divides the product $abc$, then is $(a,b,c)$ a Pythagorean Triple?
Can monics always be "made left-invertible" by adding arrows?
Evaluate $\int_0^\pi \frac{\sin\frac{21x}{2}}{\sin \frac x2} dx$ (from MIT Integration Bee)
Is every polynomial with integral coefficients a Poincaré polynomial of a manifold?
Extraneous solution when solving $x^2+x+1=0$ by getting $x^2=1/x$
How is the Riemann integral a special case of the Stieltjes integral?