If someone is getting the following error in Windows when trying to establish a L2TP/IPSec connection they likely need to edit their registry:
There are several ways to accomplish this. You can use a GUI to create the required entry, or there is a command you can enter in an elevated CMD prompt.
Using the Registry Editor GUI
- Launch Registry Editor with admin rights.
- Go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent - Open the Edit menu > New submenu and click DWORD (32-bit) Value.
- Paste AssumeUDPEncapsulationContextOnSendRule as the value name.
- Right-click AssumeUDPEncapsulationContextOnSendRule and choose Modify.
- At Value data, type 2.
- Set Base to Hexadecimal.
- Click OK.
- Go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan - Open the Edit menu > New submenu and click DWORD (32-bit) Value.
- Paste ProhibitIpSec as the value name.
- Right-click ProhibitIpSec and choose Modify.
- At Value data, type 0.
- Set Base to Hexadecimal.
- Click OK.
- Restart the PC.
Using CMD
- Launch Command Prompt as admin.
- Paste the following (these are all single lines!):
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f - Once the operation completes successfully, also paste:
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v ProhibitIpSec /t REG_DWORD /d 0x0 /f - Restart the PC.