I'm trying to establish a connection between a Windows 10 machine and a Windows Server 2019. On the server side I set up the VPN by these instructions https://www.snel.com/support/how-to-set-up-an-l2tp-ipsec-vpn-on-windows-server-2019/. If I start the connection I'm prompted with access credentials, I type them in and then I receive the error message "The router does not recognize the protocol identifier" (translated from German). In the Windows 10 logs, I found the error code 902 for this connection. Server side I see the tasks "Credential Validation" and "Logon", then the session is destroyed (Logoff) with no error. I searched the web for a solution but had no luck. Never established a VPN connection, so I'm lost to be honest. Does anybody have an idea where the problem is? Thanks in advance.
-
Have you configured VPN-Client on Windows 10 as described here - snel.com/support/…– batistuta09Commented Nov 27, 2020 at 15:33
-
Yes, I followed the guide. Just wanted to be sure that I didn't miss anything out and created the connection again. Same result.– DBRCommented Nov 27, 2020 at 15:52
-
I turned off the firewall on both sides, that didn't make any change either– DBRCommented Nov 28, 2020 at 16:03
-
The issue may be caused by NAT between VPN-Client and VPN-Server. Check this - uninet.edu/6fevu/text/IPSEC-NAT.SGML.html– batistuta09Commented Nov 28, 2020 at 18:08
-
If your L2TP/IPsec server is behind a NAT-T device, then please refer to the following Microsoft official document:docs.microsoft.com/en-us/troubleshoot/windows-server/networking/… You can enable communication by changing a registry value on the VPN client computer and the VPN server.– CandyCommented Nov 30, 2020 at 9:28
1 Answer
This is an issue of the SP and his network! I had someone look at the issue with more know how on this, and he tried his best for over one day without getting a solution on the issue. So I contacted the SP, and they had a look at it. After several emails and changing some registries entries we managed to establish an IPv6 VPN. But not as expected, the client IPv6 address was exposed and with no IPv4 address there was no way to access pages that only use IPv4. The SP had some further look at the issue and couldn't solve it. Their solution was offering further investigation of the issue in their system and network billing with 50€/30min.
So the solution for this? Take a decent SP and if not needed, don't take a Windows Server for VPN. I've created a VPN on a Linux machine in something about an hour and there are several tutorials for this that make it easy to set up with respecting the server security.