Why my Windows PC cannot connect to TP-Link L2TP VPN server?

TL-ER6120 , TL-ER6020 , TL-ER604W
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
The encrypted L2TP VPN, also known as L2TP over IPsec, is used for remote access to the workplace network. If you have properly configured L2TP VPN server on TP-Link SMB VPN router and L2TP VPN client on Windows PC, but the client still cannot connect to the server, there may be something wrong with the settings of the Windows System, please refer to this article to start some services and modify some entries of the Windows Registry.
Note:
- If you do not know how to configure L2TP VPN on the TP-Link router, please refer to FAQ444 for help.
- This method applies to Windows Operating Systems, including Windows 7, 8, 8.1, and 10.
- This method is not suitable for third-party VPN client software.
Problem:
If you have a problem connecting to the L2TP VPN server, please first check the basic configuration according to FAQ444, paying attention to the physical connection, username, password, pre-shared key, etc. After doing these basic checks, if you still encounter Error messages (Windows 8/8.1/10), or Error code 629/809 (Windows 7), please follow the below steps to start some system services and modify some values in the Windows Registry.
Solution:
Step 1
Start the following services on the client PC:
- IKE and AuthIP IPsec Keying Modules
- IPsec Policy Agent
- Remote Access Auto Connection Manager
- Remote Access Connection Manager
- Secure Socket Tunneling Protocol Service
Here are the configuration steps:
1) Click the Windows and R keys on the keyboard at the same time, then type “services.msc” in the box, click OK.
2) Start the services
a) IKE and AuthIP IPsec Keying Modules
If it is not started, right-click and start it.
b) IPsec Policy Agent
c) Remote Access Auto Connection Manager
d) Remote Access Connection Manager
e) Secure Socket Tunneling Protocol Service
Make sure that these services are started, then try to connect the VPN again. If you still fail to access the L2TP VPN server, please do the following steps.
Step 2
Modify the Register of the Windows OS.
1. Click Win+R, then type “regedit.exe” in the box. Click OK.
2. Go to HKEY_LOCAL_MACHINE——SYSTEM——CurrentControlSet——services——RasMan——Parameters, Find "ProhibitIpSec", double click it, then set the value as 0.
If you cannot find the parameter in the list, you can new it like below, then rename it as ProhibitIpSec(case insensitive) and set the value as 0.
Note: If the L2TP VPN server is behind a NAT device (Error 809), you need to do some extra settings. If not, skip the below steps.
-
- Open UDP port 500,1701,4500 for the L2TP server on the NAT device.
- Enable IPsec PassThrough in ALG on the NAT device.
- Modify the registry on your PC as below.
HKEY_LOCAL_MACHINE——SYSTEM——CurrentControlSet——Services——PolicyAgent, find "AssumeUDPEncapsulationContextOnSendRule", double-click it, and set its value to 2. If it doesn’t exist, new it like above and set it to 2.
Step 3
Restart the computer, make sure the services are started and try to connect to the VPN.
Looking for More
Is this faq useful?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
Thank you
We appreciate your feedback.
Click here to contact TP-Link technical support.

TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
TP-Link
accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Livechat
__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au
Meta Pixel
_fbp
Crazy Egg
cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs
lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or