Only Windows won't connect to IPSEC Tunnel

nnvt

Hi there!

I have an IPSEC Tunnel configured on my pfsense router and I'm currently using it just fine on MacOS and iOS. I recently tried adding the vpn to a Windows machine for ad domain purposes and it just won't connect.

My pfsense IPSEC config:

config setup

uniqueids = yes

conn bypasslan

leftsubnet = 10.20.1.0/24
rightsubnet = 10.20.1.0/24
authby = never
type = passthrough
auto = route

conn con-mobile

fragmentation = yes
keyexchange = ikev1
reauth = yes
forceencaps = yes
mobike = no
rekey = yes

installpolicy = yes
type = tunnel
dpdaction = clear
dpddelay = 90s
dpdtimeout = 540s
auto = add
left = 192.168.0.2
right = %any
leftid = 192.168.0.2
ikelifetime = 28800s
lifetime = 3600s
rightsourceip = 10.20.3.0/24
rightdns = 10.20.0.1
ike = aes256-sha1-modp1024!
esp = aes256-sha1,aes192-sha1,aes128-sha1!
leftauth = psk
rightauth = psk
rightauth2 = xauth-generic
aggressive = yes
leftsubnet = 0.0.0.0/0

Authentication is done via RADIUS on a Windows Server.

MacOS and iOS both connect just fine. When I add the VPN to Windows 10 via the settings app with the right Type ("L2TP/IPSec with pre-shared key") and pre-shared key. I get the following error:
The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer.

Not sure what's causing this cause everything seems correct. Any ideas?

lst_hoe

To my knowledge Windows 10 does not support IKEv1 anymore at least it not listed in the artikel below and you have no GUI setting beside "automatic" which could match.
https://docs.microsoft.com/en-us/windows/security/identity-protection/vpn/vpn-connection-type
You should use IKEv2 or use some Third-Party Client SW on Windows.