| | W10 L2TP question
On 06/05/2020 14:44, Graham J wrote:
Two virtually identical laptops trying to connect via a dial-up VPN
using L2TP - one connects - the other fails.* I have syslog output from
the Vigor router that they try to connect with.
Both laptops are apparently fuly up-to-date.
Reference Judy: Windows 10 Build 1909 version 18363.778 - this one works
Reference Simon: Windows 10 Build 1909 version 18363.815 - this one fails.
Both are sitting side by side on the same table.
Both connect by WiFi to the same router.
Both can be made to work if they and the router are configured for PPTP;
but not if they and the router are configured for L2TP.
Both have the same configuration for the VPN, checked by comparing the
setup screens, parameter by parameter:
IP address of target router
PPP settings have "Enable LCP Extensions" checked
Security: L2TP/IPSec - advanced = Use certificate
Data encryption = Optional
Use EAP = No
Allow protocols CHAP and MS-CHAP-V2
Target router is Vigor 2860 (but same problem occurs with a V2832).
VPN remote access: PPTP, IPSec, L2TP
IPSec General: certificate = None, Method, Basic, AH = Enable
Dial-in user: Type = L2TP, IPSec policy = None
Username & Password.
Syslog on V2860:
For good connection: Judy - starts with
141May* 6 12:09:52 V2860n: L2TP == Control(0xC802)-L-S Ver:2 Len:97,
Tunnel ID:0, Session ID:0, Ns:0, Nr:0
141May* 6 12:09:52 V2860n: L2TP client from 184.108.40.206:62117 ...
141May* 6 12:09:52 V2860n: L2TP == Control(0xC802)-L-S Ver:2 Len:103,
Tunnel ID:6, Session ID:0, Ns:0, Nr:1
... and continues to show the connection being established.
For failing connection: Simon - starts with
141May* 6 12:13:23 V2860n: IKE ==, Next Payload=ISAKMP_NEXT_SA,
Exchange Type = 0x2, Message ID = 0x0
141May* 6 12:13:23 V2860n: Responding to Main Mode from 220.127.116.11
141May* 6 12:13:23 V2860n: Matching General Setup key for dynamic ip
The only common parameter is the IP address of the originating site.
The two laptops are clearly behaving very differently.* But I can't see
any difference between them.
Can you back up Simon and then use a restore point to take it back to
Or more risky backup Judy create a restore point and then and advance it
to .815. Might be worth looking for any known VPN SNAFUs in MSKB.
Or find yet another laptop and test the VPN connectivity with that at
progressively more updates applied until it fails.