Windows IPSec Client

 

 


Windows 10 connect IPSec

 

GUI

一直在 Connecting

Server log

... IPsec Client 12 (s.s.s.s:500 -> d.d.d.d:500): A new IPsec client is created.
... IPsec IKE Session (IKE SA) 11 (Client: 12) (s.s.s.s:500 -> d.d.d.d:500): A new IKE SA (Main Mode) is created. 
    Initiator Cookie: 0x97E9E94B49BB2589, Responder Cookie: 0x8FBE6CFB181D85B0, DH Group: MODP 2048 (Group 14), 
    Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
... IPsec Client 12 (s.s.s.s:4500 -> d.d.d.d:4500): The port number information of this client is updated.
... IPsec Client 12 (s.s.s.s:4500 -> d.d.d.d:4500):
... IPsec IKE Session (IKE SA) 11 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): This IKE SA is established between the server and the client.
... IPsec IKE Session (IKE SA) 11 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): The client initiates a QuickMode negotiation.
... IPsec ESP Session (IPsec SA) 17 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): A new IPsec SA (Direction: Client -> Server) is created. 
    SPI: 0xFE4D830A, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 250000 Kbytes or 3600 seconds
... IPsec ESP Session (IPsec SA) 17 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): A new IPsec SA (Direction: Server -> Client) is created. 
    SPI: 0x8C53590E, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 250000 Kbytes or 3600 seconds
... IPsec ESP Session (IPsec SA) 17 (Client: 12) (s.s.s.s:4500 -> d.d.d.d:4500): This IPsec SA is established between the server and the client.
... IPsec Client 12 (s.s.s.s:4500 -> d.d.d.d:4500): The L2TP Server Module is started.

一直都沒有一下句

... L2TP PPP Session [s.s.s.s:1701]: A new PPP session (Upper protocol: L2TP) is started.
    IP Address of PPP Client: s.s.s.s (Hostname: "tim-pc"), Port Number of PPP Client: 1701, IP Address of PPP Server: d.d.d.d, Port Number of PPP Server: 1701, Client Software Name: "L2TP VPN Client - Microsoft", IPv4 TCP MSS (Max Segment Size): 1314 bytes

Fix

Cannot connect to an L2TP/IPsec server behind a NAT-T device

NAT-T environment (Port 4500)

  • 0: It cannot establish security associations with servers that are located behind NAT devices.
  • 1: servers that are located behind NAT devices.
  • 2: both the server and the client are behind NAT devices

Run the following from an elevated command prompt:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

reboot