If you are someone who uses a VPN to connect to Windows 10, then you may come across an error sometimes that prevents you to establish an L2TP/IPsec (that you created) connection with your Windows system. There a quite a few reasons why you may see this error and some of them are the incorrect username and password entry, invalid server name or address input, broken encryption settings in the server, firewall blocking the connection, or incorrect certificate.
While sometimes the issue can be resolved by double-checking if the username, password, server, and address, are all correct, most of the time this does not help. However, we have come up with a few workarounds for you for the L2TP/IPsec VPN that does not connect to your Windows 10 PC. Let’s see how to fix the issue.
Method 1: Modify Registry from CMD
Modifying the registry from the command line should fix the issue on your computer.
Warning – Registry Editor is a very delicate place on your system. Before committing any changes to the system, we request to make a backup of the registry on your computer.
Follow these easy steps to do so.
1. Type “regedit” in the search box.
2. Then, click on the “Registry Editor” to access it.
3. After opening the Registry Editor, click on “File“. Then click on “Export” to make a new backup on your computer.
After creating the backup, close the Registry Editor.
4. Search for “cmd” from the search box.
5. After that, right-click on “Command Prompt” and click on the “Run as administrator“.
6. What you have to do when the terminal appears is to copy-paste this line and hit Enter.
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f
After executing this code, close the CMD terminal.
Restart your computer. Check if this has helped you to solve the problem on your computer.
Method 2: Checking the VPN Proxy Settings
Step 1: Go to the Windows search bar and type VPN settings in the field.
Step 2: Left-click on the result to open the VPN settings window.
Step 3: In the VPN settings window, go to the right side of the pane and select your VPN connection. Then select the Advanced options button below it.
Step 4: In the next window, scroll down and under VPN Proxy settings check if the proxy settings are correct (if you need to redirect to a proxy server), or select None to remove the proxy.
Press Apply to save the changes.
Now, try connecting your L2TP/IPsec VPN and it should work fine now. If you are still facing an issue, follow the next method.
Method 3: By Opening L2TP Ports in Firewall
Step 1: Go to Windows search (next to Start) and type firewall in the search field.
Step 2: Left-click on the result (Firewall & network protection) to open the Windows Defender Firewall with Advanced Security.
Step 3: In the Windows Defender Firewall with Advanced Security pane, go to Inbound Rules.
Then navigate to the Actions pane on the extreme right side and click on New Rule.
Step 4: It will open the New Inbound Rule Wizard window. Now select Port and press Next.
Step 5: Now, in the Protocol and Ports window, select UDP and then, in the Specific local ports field type 1701, 500, 4500.
Step 6: Next, in the Action window, select Allow the connection if its secure and press Next.
Step 7: Keep pressing Next till you reach the Name window. Set a rule name and press Finish.
Repeat the same process for Outbound Rules.
Once done, try connecting the VPN and it should go through. However, if the VPN still does not connect, follow the below method.
Method 4: Using the Command Prompt
Step 1: Go to Start and type Command Prompt in the search field.
Step 2: Right-click on the result and select Run as administrator from the menu to open the Command Prompt in elevated mode.
Step 3: In the Command Prompt (Admin) window, type the below command and press Enter:
Now, reboot your computer the and your L2TP/IPsec VPN should be connected again.
However, if you still encounter the error, you can try the below method.
Method 5: Editing the Registry Editor
Step 1: Press Win + R keys together on your keyboard to open the Run command.
Step 2: In the Run command search field, type regedit and press OK to open the Registry Editor window.
Step 3: In the Registry Editor window, navigate to the below path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
Step 4: Rename the DWORD (32-bit) as AssumeUDPEncapsulationContextOnSendRule.
Step 5: Double-click on AssumeUDPEncapsulationContextOnSendRule to open the Edit DWORD (32-bit) Value dialogue box. Now, go to the Value data field and set it to 2.
Step 6: Now, copy the below path and paste it in the Registry Editor address bar:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan
Now, go to the right side of the pane and right-click on an empty space. From the menu, select New and then DWORD (32-bit) Value.
Step 7: Now, rename the new DWORd (32-bit) Value as ProhibitIpSec.
Step 8: Double-click on ProhibitIpSec to open the Edit DWORD (32-bit) Value dialogue box. Change the Value data to 0.
Press OK to save the changes and exit.
Exit Registry Editor and restart your PC for the changes to be effective. Your VPN should now connect to your Windows 10 PC.
If the problem persists, try checking the VPN Connection Properties as shown below.
Method 6: Double-Check the Authentication Settings
Step 1: Press Win + R hotkey together on your keyboard to open the Run command.
Step 2: Type ncpa.cpl in the Run command search box and hit Enter:
Step 3: It opens the Network Connections window. Right-click on your VPN and select Properties.
Step 4: In the Properties window, go to the Security tab and check if the Type of VPN is set to Layer 2 Tunneling Protocol with IPsec (L2TP/IPsec).
Check if the radio button next to Allow these protocols is selected.
Make sure that Challenge Handshake Authentication Protocol (CHAP) and Microsoft CHAP Version 2 (MS-CHAP v2) are both checked.
If none of the above options are selected, then select them accordingly and press OK to save the changes and exit.
Now, try connecting your VPN to Windows and it should work fine. If you are still not able to connect, try the below method.
Method 7: Restarting the IPsec service
Step 1: Navigate to the Windows search field and type Services in the search box.
Step 2: Left-click on the result to open the Services window.
Step 3: In the Services window, go to the right side and under Names, look for IPsec Policy Agent.
Right-click on it and click on Restart to start the service again.
Now, since you have successfully restarted the service, your VPN should connect to your Windows system.
Alternatively, you can also try the next method.
Method 8: By Disabling Xbox Live Networking Service
Step 1: Navigate to the Windows search field and type Services in the search box.
Step 2: Left-click on the result to open the Services window.
Step 3: In the Service manager window, go to the right side and under the Names column, look for Xbox Live Networking Service.
Step 4: Double-click on the Xbox Live Networking Service and in the Properties window, under the General tab, go to the Startup type section. Set it to Disabled.
Press Apply and then OK to save the changes and exit.
Reboot your PC for the changes to be effective, you can now connect your VPN to your Windows computer.
If this method also fails, you can try the next method.
Method 9: By Updating the Network Drivers
Step 1: Right-click on Start and select Device Manager from the menu.
Step 2: In the Device Manager window, navigate to Network adapters and expand it.
Now, right-click on TAP-Windows Adapter V9 and select Update driver.
Step 3: Press the Search automatically for updated driver software option and follow the instructions as shown to finish updating the driver.
Step 4: Repeat the same process for WAN Miniport (L2TP) and WAN Miniport (Network Monitor).
*Note – If you see a message saying “The best drivers for your device are already installed“, then you can try looking for any latest driver in Windows Update and install them manually. You an also use a driver update software to find and install drivers automatically.
Restart your PC and try connecting your VPN again. It should now connect to your system.
While any of the above methods should resolve your L2TP/IPsec VPN connection problem, you can also try using a premium VPN service from a trusted brand to check if that can fix the issue.