Only Windows won't connect to IPSEC Tunnel



  • Hi there!

    I have an IPSEC Tunnel configured on my pfsense router and I'm currently using it just fine on MacOS and iOS. I recently tried adding the vpn to a Windows machine for ad domain purposes and it just won't connect.

    My pfsense IPSEC config:

    config setup
    
    uniqueids = yes
    
    conn bypasslan
    
    leftsubnet = 10.20.1.0/24
    rightsubnet = 10.20.1.0/24
    authby = never
    type = passthrough
    auto = route
    
    conn con-mobile
    
    fragmentation = yes
    keyexchange = ikev1
    reauth = yes
    forceencaps = yes
    mobike = no
    rekey = yes
    
    installpolicy = yes
    type = tunnel
    dpdaction = clear
    dpddelay = 90s
    dpdtimeout = 540s
    auto = add
    left = 192.168.0.2
    right = %any
    leftid = 192.168.0.2
    ikelifetime = 28800s
    lifetime = 3600s
    rightsourceip = 10.20.3.0/24
    rightdns = 10.20.0.1
    ike = aes256-sha1-modp1024!
    esp = aes256-sha1,aes192-sha1,aes128-sha1!
    leftauth = psk
    rightauth = psk
    rightauth2 = xauth-generic
    aggressive = yes
    leftsubnet = 0.0.0.0/0
    

    Authentication is done via RADIUS on a Windows Server.

    MacOS and iOS both connect just fine. When I add the VPN to Windows 10 via the settings app with the right Type ("L2TP/IPSec with pre-shared key") and pre-shared key. I get the following error:
    The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer.

    Not sure what's causing this cause everything seems correct. Any ideas?



  • To my knowledge Windows 10 does not support IKEv1 anymore at least it not listed in the artikel below and you have no GUI setting beside "automatic" which could match.
    https://docs.microsoft.com/en-us/windows/security/identity-protection/vpn/vpn-connection-type
    You should use IKEv2 or use some Third-Party Client SW on Windows.