L2TP Client: Windows: Difference between revisions
m (→Windows 10) |
m (→Windows 10) |
||
| Line 3: | Line 3: | ||
== Windows 10 == |
== Windows 10 == |
||
Windows 10 has a built in L2TP client, there are a couple of extra bits that may be needed to get this to work once you've set up the initial connections - there are two extra steps below regarding ipsec and CHAP. |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
==Initial setup== |
|||
| ⚫ | |||
*Start |
|||
*Control Panel (cog icon) |
|||
*Network and Internet |
|||
*VPN (link on left panel) |
|||
*Add a VPN connection, with these details: |
|||
**VPN Provider = built in |
|||
**Connection Name: AAISP L2TP |
|||
**Server name: l2tp.aa.net.uk |
|||
**Type: L2TP (With certificate (we'll disable ipsec later)) |
|||
** username: your xxx@a.1 username |
|||
** your password |
|||
*Click save |
|||
You should then be able to connect via the Network icon in your Start bar. |
|||
However, the following two steps may be needed too: |
|||
==Enable CHAP== |
|||
| ⚫ | |||
# Open Network and Sharing Centre |
# Open Network and Sharing Centre |
||
| Line 21: | Line 35: | ||
# Select the 'Allow these protocols' radio button |
# Select the 'Allow these protocols' radio button |
||
# Ensure 'Challenge Handshake Authentication Protocol (CHAP)' is checked. |
# Ensure 'Challenge Handshake Authentication Protocol (CHAP)' is checked. |
||
==Disable IPsec== |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
== Windows 7 == |
== Windows 7 == |
||
Revision as of 15:28, 14 August 2020
Windows 10
Windows 10 has a built in L2TP client, there are a couple of extra bits that may be needed to get this to work once you've set up the initial connections - there are two extra steps below regarding ipsec and CHAP.
Initial setup
- Start
- Control Panel (cog icon)
- Network and Internet
- VPN (link on left panel)
- Add a VPN connection, with these details:
- VPN Provider = built in
- Connection Name: AAISP L2TP
- Server name: l2tp.aa.net.uk
- Type: L2TP (With certificate (we'll disable ipsec later))
- username: your xxx@a.1 username
- your password
- Click save
You should then be able to connect via the Network icon in your Start bar.
However, the following two steps may be needed too:
Enable CHAP
Once the connection has been created, ensure CHAP authentication is enabled:
- Open Network and Sharing Centre
- Click Change adapter settings
- Find the L2TP connection, it will have whatever name you gave it
- Right click the connection and choose Properties
- Go to the Security Tab
- Find the 'Authentication' section
- Select the 'Allow these protocols' radio button
- Ensure 'Challenge Handshake Authentication Protocol (CHAP)' is checked.
Disable IPsec
Windows 10 seems very keen on using IPsec with L2TP. To turn this off, in an Administrator Command Prompt do: (Click start, type cmd, press Ctrl-Shift-Enter)
SC STOP RASMAN ; you may have to wait a bit for this to stop
SC QUERY RASMAN ; ensure it is STOPPED
REG ADD HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters /v ProhibitIpSec /t REG_DWORD /d 1 /f
SC START RASMAN
Windows 7
This probably applies to Windows 8 too.
Connecting with Windows 7 is almost the same as the steps for Windows 10 above, except that the default connection settings don't work. You have to edit the connection properties and on the Security tab change:
- 'Type of VPN:' to 'Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)' otherwise it only tries PPTP
- 'Data encryption:' to 'Optional encryption (connect even if no encryption)'
Watch out if you are using IPv6. It seems that Win7 negotiates a non-routable IPv6 address with the LNS. You have to discard this address and manually configure one of your routed IPv6 addresses. ipconfig /release6 is your friend here.