How to resolve L2TP/IPsec tunnel error in VPN connection on Windows 10/Windows 11?

Question

How to resolve L2TP/IPsec tunnel error in VPN connection on Windows 10/Windows 11?

Ernesto Porro Gomez 5

I have set up an L2TP/IPsec VPN connection, and when trying to establish it from my company's computer, I encounter the following error:

"The remote connection could not be established because an error occurred in the tested VPN tunnels. The VPN server may be inaccessible. If the connection is attempting to use an L2TP/IPsec tunnel, the necessary security parameters for IPsec negotiation may not be configured correctly."

The VPN configuration seems correct, as I have tested it on several personal devices (Windows11), and it works fine.

However, the error consistently appears on the computers within my company. I have tried it on different models we have (HP, Lenovo), running both Windows 11 and Windows 10.

I have conducted the following checks without success:

Verified the Windows patches KB5009566 for Windows 11 and KB5009543 for Windows 10. They are not installed.

Enabled the "Microsoft CHAP version 2 (MS-CHAP v2)" protocol in the VPN connection.

Activated the "Enable LCP extension" option within the "PPP Configuration" in the VPN settings.

Restarted and set the "IPsec Policy Agent and IKE" and "AuthIP IPsec Keying Modules" services to start automatically.

Can anyone help me find a solution to this issue? vpn_error

1 answer

Your answer

Answer 1

Gary Nebbett 6,196

Hello Ernesto,

The error message is probably providing useful hints ("the necessary security parameters for IPsec negotiation may not be configured correctly").

The security parameters can be configured with the PowerShell cmdlet Set-VpnConnectionIPsecConfiguration.

Here is an example usage from my PC:

Set-VpnConnectionIPsecConfiguration -Name "Test FQDN" -EncryptionMethod AES256 -IntegrityCheckMethod SHA256 -DHGroup Group14 -AuthenticationTransformConstants SHA256 -CipherTransformConstants AES256 -PfsGroup None -Force

Gary

Ernesto Porro Gomez 5 Reputation points

2023-12-04T09:26:41.42+00:00

Hello Gary, thank you for your response.

In this case, I've reviewed the settings on the devices in my company (connection failure) and on my personal device (successful connection). Both connections are identical: 'WARNING: Custom IPsec policy not configured.'

Additionally, the VPN server configuration doesn't utilize IPSec.

Do you have any other ideas on how to proceed?

Thank you very much!
Gary Nebbett 6,196 Reputation points

2023-12-04T12:05:01.2133333+00:00

Hello Ernesto,

When I first read the text "I have tested it on several personal devices", I assumed that the personal devices were not Windows systems (e.g. smartphone or tablet) but it now looks as though that was a mistake; can you confirm that a connection can be established from your personal Windows PC?

I was not aware that Windows supports a pure L2TP VPN (without IPsec). My suggestion would be to make network traces of successful and unsuccessful connections and then to compare them.

Gary
Ernesto Porro Gomez 5 Reputation points

2023-12-04T12:15:18.0766667+00:00

Yes, I can establish the connection from my personal laptop running Windows 11. I've also tried with other laptops running Windows 10, and it's possible to establish the connection there too. When I mentioned "personal", I meant these laptops don't have security or corporate policies applied.

I'll try to capture traces of both connections to compare them. In the meantime, if you have any other suggestions on how to proceed, please let me know.

Thank you very much

Share via

How to resolve L2TP/IPsec tunnel error in VPN connection on Windows 10/Windows 11?

1 answer

Your answer