FIX: Cannot Connect to L2TP VPN in Windows 10 (Solved)

If you cannot connect to your L2TP/IPsec VPN server from Windows 10, continue reading below to solve the problem.

VPN connection errors can be caused by a variety of causes, but are usually due to incorrect settings of the VPN connection (e.g. incorrect server name/address, authentication method, username or password). So the first step to troubleshoot VPN connection problems, is to verify that all the VPN settings are correct.

This tutorial contains instructions to solve the following errors, while trying to connect to L2TP/IPsec VPN server in Windows 10 or Windows Server 2012/2016:

• The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g. firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.

• The L2TP connection attempt failed because the security layer encountered a processing error during the initial negotiations with the remote computer.

How to FIX: Can't connect to VPN. L2TP connection between your computer and the VPN server could not be established on Windows 10.

Before continue to the instructions below, apply the following actions: *

* Important: If the problem started in January 2022, see the following article first:

• Related Article: FIX: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

1. Ensure that the Required L2TP/IPsec Ports are enabled on VPN Server's side.

Login to the Router on VPN Server's side, and forward the following UDP ports to VPN Server's IP address: 1701, 50, 500 & 4500

2. Connect to VPN via another device or network.

Try connecting to L2TP VPN from another device (e.g. your mobile), or network (e.g. your Mobile's phone network).

3. Delete and recreate the VPN connection.

Sometimes VPN connection problems, are resolved after removing and re-adding the VPN Connection.

If, after the above steps, you are still unable to connect to your l2tp/IPsec VPN server from your Windows 10 computer, apply the following modifications to the registry and the VPN connection.

STEP 1. ALLOW L2TP CONNECTIONS BEHIND NAT.

By default, Windows do not support L2TP/IPsec connections if the computer or the VPN server are located behind a NAT. To bypass this problem modify registry as follows:

1. Open Registry Editor. To do that:

1. Simultaneously press the Win + R keys to open the run command box.
2. Type regedit and press Enter to open Registry Editor.

2. At the left pane, navigate to this key:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Sevices\PolicyAgent

3. Right click at an empty space at the right pane and select New –> DWORD (32 bit) Value.

4. For the new key name type: AssumeUDPEncapsulationContextOnSendRule and press Enter.

* Note: The value must be entered as shown above and with no space at the end.

5. Double click at AssumeUDPEncapsulationContextOnSendRule value, type 2 at Value data and click OK.

6. Close Registry Editor and reboot the machine.

Step 2. Modify Security Settings on VPN Connection.

1. Right-click at the Network icon on the taskbar and choose Open Network & Internet settings.

* Note: Alternatively, go to Start > Settings click Network and Internet.

2. Select Ethernet on the left and then click Change adapter options on the right.

3. Right-click on the VPN connection and chose Properties.

4a. At Options tab, click PPP Settings.

4b. Check Enable LCP extensions and click OK.

4c. At Security tab, check the following and click OK.

• Allow these protocols
• Challenge Handshake Authentication Protocol (CHAP)
• Microsoft CHAP Version 2 (MS-SHAP v2)

5. Try to connect to VPN. The connection should be established now without problems. *

ADDITIONAL HELP: If after applying the above steps you still have a problem, try the following:

1. Check that the following services are enabled (Startup type: Automatic)

1. 1. IKE and AuthIP IPsec Keying Modules
   2. IPsec Policy Agent

2. If you're using a third-party firewall program, try to disable it or to completely uninstall it before connecting to VPN.

3. Try to reset the Windows Firewall settings to their default. To do that, go to Control Panel > Windows Defender Firewall and click Restore defaults.

4. Delete and recreate the VPN connection.

5. Reboot the router on VPN's server side.

That's it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:

• Author
• Recent Posts

Konstantinos Tsoukalas

Konstantinos is the founder and administrator of Wintips.org. Since 1995 he works and provides IT support as a computer and network expert to individuals and large companies. He is specialized in solving problems related to Windows or other Microsoft products (Windows Server, Office, Microsoft 365, etc.).

Latest posts by Konstantinos Tsoukalas (see all)

• Fix: 0x80070426 in Xbox app, Microsoft Store or in Windows Update. - May 1, 2024
• FIX: Not in a hypervisor partition, VT-x is Disabled in BIOS in VirtualBox' (Solved) - April 29, 2024
• How to Disable or Remove BitLocker from Windows RE. - April 24, 2024