Why my Windows PC cannot connect to TP-Link L2TP VPN server?

The encrypted L2TP VPN, also known as L2TP over IPsec, is used for remote access to the workplace network. If you have properly configured L2TP VPN server on TP-Link SMB VPN router and L2TP VPN client on Windows PC, but the client still cannot connect to the server, there may be something wrong with the settings of the Windows System, please refer to this article to start some services and modify some entries of the Windows Registry.

Note:

1. If you do not know how to configure L2TP VPN on the TP-Link router, please refer to FAQ444 for help.
2. This method applies to Windows Operating Systems, including Windows 7, 8, 8.1, and 10.
3. This method is not suitable for third-party VPN client software.

Problem:

If you have a problem connecting to the L2TP VPN server, please first check the basic configuration according to FAQ444, paying attention to the physical connection, username, password, pre-shared key, etc. After doing these basic checks, if you still encounter Error messages (Windows 8/8.1/10), or Error code 629/809 (Windows 7), please follow the below steps to start some system services and modify some values in the Windows Registry.

Solution:

Step 1

Start the following services on the client PC:

1. IKE and AuthIP IPsec Keying Modules
2. IPsec Policy Agent
3. Remote Access Auto Connection Manager
4. Remote Access Connection Manager
5. Secure Socket Tunneling Protocol Service

Here are the configuration steps:

1) Click the Windows and R keys on the keyboard at the same time, then type “services.msc” in the box, click OK.

2) Start the services

a) IKE and AuthIP IPsec Keying Modules

If it is not started, right-click and start it.

b) IPsec Policy Agent

c) Remote Access Auto Connection Manager

d) Remote Access Connection Manager

e) Secure Socket Tunneling Protocol Service

Make sure that these services are started, then try to connect the VPN again. If you still fail to access the L2TP VPN server, please do the following steps.

Step 2

Modify the Register of the Windows OS.

1. Click Win+R, then type “regedit.exe” in the box. Click OK.

2. Go to HKEY_LOCAL_MACHINE——SYSTEM——CurrentControlSet——services——RasMan——Parameters, Find "ProhibitIpSec", double click it, then set the value as 0.

If you cannot find the parameter in the list, you can new it like below, then rename it as ProhibitIpSec(case insensitive) and set the value as 0.

Note: If the L2TP VPN server is behind a NAT device (Error 809), you need to do some extra settings. If not, skip the below steps.

1. 1. Open UDP port 500,1701,4500 for the L2TP server on the NAT device.
   2. Enable IPsec PassThrough in ALG on the NAT device.
   3. Modify the registry on your PC as below.

HKEY_LOCAL_MACHINE——SYSTEM——CurrentControlSet——Services——PolicyAgent, find "AssumeUDPEncapsulationContextOnSendRule", double-click it, and set its value to 2. If it doesn’t exist, new it like above and set it to 2.

Step 3

Restart the computer, make sure the services are started and try to connect to the VPN.