L2TP Client: Windows: Difference between revisions

Back up to the Incoming L2TP Category
From AAISP Support Site
mNo edit summary
Line 1: Line 1:
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP.svg|link=:Category:Incoming_L2TP|30px|Back up to the Incoming L2TP Category]]</indicator>
__NOTOC__<indicator name="L2TP">[[File:Menu-L2TP.svg|link=:Category:Incoming_L2TP|30px|Back up to the Incoming L2TP Category]]</indicator>
[[Category:Incoming_L2TP]]
[[Category:Incoming_L2TP]]
== Windows 7 ==

Connecting with Windows 7 was almost as easy except that the default connection settings don't work. You have to edit the connection properties and on the Security tab change 'Type of VPN:' to 'Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)' otherwise it only tries PPTP, and change 'Data encryption:' to 'Optional encryption (connect even if no encryption)' as it doesn't like A+A's certificate (because RevK declines to use a root certification authority recognised by Microsoft, or is it that Microsoft declines to recognise the root certification authority chosen by RevK). I guess the alternative would probably be to add the root certificate to the machine in question. Anyway, with those two changes it works fine.

Watch out if you are using [[IPv6]]. It seems that Win7 negotiates a non-routable [[IPv6]] address with the LNS. You have to discard this address and manually configure one of your routed [[IPv6]] addresses. ipconfig /release6 is your friend here.

== Windows 10 ==
== Windows 10 ==


Line 27: Line 21:
# Select the 'Allow these protocols' radio button
# Select the 'Allow these protocols' radio button
# Ensure 'Challenge Handshake Authentication Protocol (CHAP)' is checked.
# Ensure 'Challenge Handshake Authentication Protocol (CHAP)' is checked.

== Windows 7 ==

This probably applies to Windows 8 too.

Connecting with Windows 7 is almost the same as the steps for Windows 10 above, except that the default connection settings don't work. You have to edit the connection properties and on the Security tab change:
#'Type of VPN:' to 'Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)' otherwise it only tries PPTP
#'Data encryption:' to 'Optional encryption (connect even if no encryption)'



Watch out if you are using [[IPv6]]. It seems that Win7 negotiates a non-routable [[IPv6]] address with the LNS. You have to discard this address and manually configure one of your routed [[IPv6]] addresses. ipconfig /release6 is your friend here.

Revision as of 13:55, 30 Ocak 2017

Windows 10

Windows 10 seems very keen on using IPsec with L2TP. To turn this off, in an Administrator Command Prompt do:

SC STOP RASMAN    ; you may have to wait a bit for this to stop
SC QUERY RASMAN   ; ensure it is STOPPED
REG ADD HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters /v ProhibitIpSec /t REG_DWORD /d 1 /f
SC START RASMAN

Also, once the connection has been created, ensure CHAP authentication is enabled:

  1. Open Network and Sharing Centre
  2. Click Change adapter settings
  3. Find the L2TP connection, it will have whatever name you gave it
  4. Right click the connection and choose Properties
  5. Go to the Security Tab
  6. Find the 'Authentication' section
  7. Select the 'Allow these protocols' radio button
  8. Ensure 'Challenge Handshake Authentication Protocol (CHAP)' is checked.

Windows 7

This probably applies to Windows 8 too.

Connecting with Windows 7 is almost the same as the steps for Windows 10 above, except that the default connection settings don't work. You have to edit the connection properties and on the Security tab change:

  1. 'Type of VPN:' to 'Layer 2 Tunneling Protocol with IPsec (L2TP/IPSec)' otherwise it only tries PPTP
  2. 'Data encryption:' to 'Optional encryption (connect even if no encryption)'


Watch out if you are using IPv6. It seems that Win7 negotiates a non-routable IPv6 address with the LNS. You have to discard this address and manually configure one of your routed IPv6 addresses. ipconfig /release6 is your friend here.