L2TP/IPsec VPN from Windows 10 fails with error “remote server is no responding…”

Background

  • Synology DS413 NAS configured as L2TP/IPSec VPN server and located behind Draytek Vigor 2860 NAT.
  • L2TP VPN pass through enabled on Draytek Vigor Router (VPN and Remote Access > Remote Access Control > remove checkboxes from Enable IPSec VPN Service and Enable L2TP VPN Service).
  • UDP ports 1701, 500 or 4500 are forwarded from Draytek Router to Synology NAS.
  • Windows 10 Pro client trying to connect using built-in Windows VPN client.
  • VPN connection over PPTP works fine.

Issue

  • VPN connection over L2TP/IPsec fails with following error:

    The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.

Resolution

By default, Windows L2TP/IPsec VPN client does’t support connections to VPN servers located behind NAT devices. To enable NAT Traversal (NAT-T) support, make following registry change:

  • Open regedit.exe
  • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  • Create a new DWORD 32 type value:
    • Name: AssumeUDPEncapsulationContextOnSendRule
    • Data: 2
      0 – No connection to servers behind NAT (Default).
      1 – Connection where VPN server is behind NAT.
      2 – Connection where VPN server and client are behind NAT.
  • Reboot computer

 

December 2017
Windows 10 Pro (1709)

 


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *