Windows L2TP

最後更新: 2020-07-20

目錄

  • Auto connect VPN Setting
  • Service
  • NAT-T
  • Debug

 


Auto connect VPN Setting

 

Win7:

Setup Step

[1] Options tab -> uncheck the

  • Display progress while connecting
  • Prompt for username
  • retry: 0

[2] taskschd.msc -> Create task

Give the task a name .e.g "Auto-start VPN"

Select "Run whether user is logged in or not"

Select "Run with the highest privileges"

"triggers tab" -> click "New" -> Select "At Startup"

Click on the "Actions tab" -> click New

program script box: "C:\Windows\System32\rasphone.exe"

optional arguments: "-d connectionname" (without the quotes !!)

Click on the Conditions tab and clear any boxes which are checked.

Click OK. ALL DONE

 


Service

 

Win7:

Service: PolicyAgent

Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.

如果此 Service Stop 了, 那會 connect 唔到 VPN

Start

net start PolicyAgent

 


NAT-T

 

Win7

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

AssumeUDPEncapsulationContextOnSendRule [DWORD (32-bit)]

  • 0 cannot establish security associations with servers that are located behind NAT devices. (Default)
  • 1 establish security associations with servers that are located behind NAT devices
  • 2 establish security associations when both the server and the client are behind NAT devices

 

 


Debug

 

Client -> Server

# Debug: On Server
# x.x.x.x = Client IP

tcpdump -i wan esp                                               # 沒有 traffic 的

tcpdump -i wan udp port 500 and src x.x.x.x           # connection startup 時有 package (isakmp)

tcpdump -i wan udp port 4500 and src x.x.x.x         # 所有 traffic 都係行此 port (ipsec-nat-t)