Skip to main content

VPN - Windows

L2TP/IPsec

Enable IPsec service

  • Run services.msc

  • Set IKE and AuthIP IPsec Keying Modules to Automatic / Manual

    # PowerShell
    Set-Service -Name IKEEXT -StartupType Manual

  • Set IPsec Policy Agent to Automatic / Manual

    # PowerShell
    Set-Service -Name PolicyAgent -StartupType Manual

NAT-T

Ref: Configure a L2TP/IPsec server behind a NAT-T device

In Registry

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

Set DWORD (32-bit) Value AssumeUDPEncapsulationContextOnSendRule to

ValueDescription
0No NAT (Default)
1Server is behind NAT
2Server and Client are behind NAT

Add route to VPN

Automatic add route after VPN connected

Add-VpnConnectionRoute -ConnectionName "<name>" -DestinationPrefix "<IP/Prefix>" -PassThru