Only Windows won't connect to IPSEC Tunnel
-
Hi there!
I have an IPSEC Tunnel configured on my pfsense router and I'm currently using it just fine on MacOS and iOS. I recently tried adding the vpn to a Windows machine for ad domain purposes and it just won't connect.
My pfsense IPSEC config:
config setup uniqueids = yes conn bypasslan leftsubnet = 10.20.1.0/24 rightsubnet = 10.20.1.0/24 authby = never type = passthrough auto = route conn con-mobile fragmentation = yes keyexchange = ikev1 reauth = yes forceencaps = yes mobike = no rekey = yes installpolicy = yes type = tunnel dpdaction = clear dpddelay = 90s dpdtimeout = 540s auto = add left = 192.168.0.2 right = %any leftid = 192.168.0.2 ikelifetime = 28800s lifetime = 3600s rightsourceip = 10.20.3.0/24 rightdns = 10.20.0.1 ike = aes256-sha1-modp1024! esp = aes256-sha1,aes192-sha1,aes128-sha1! leftauth = psk rightauth = psk rightauth2 = xauth-generic aggressive = yes leftsubnet = 0.0.0.0/0
Authentication is done via RADIUS on a Windows Server.
MacOS and iOS both connect just fine. When I add the VPN to Windows 10 via the settings app with the right Type ("L2TP/IPSec with pre-shared key") and pre-shared key. I get the following error:
The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote computer.Not sure what's causing this cause everything seems correct. Any ideas?
-
To my knowledge Windows 10 does not support IKEv1 anymore at least it not listed in the artikel below and you have no GUI setting beside "automatic" which could match.
https://docs.microsoft.com/en-us/windows/security/identity-protection/vpn/vpn-connection-type
You should use IKEv2 or use some Third-Party Client SW on Windows.