Broken L2TP/IPSec after OpenVPN installed on Windows 11

OpenVPN / openvpn

OpenVPN is an open source VPN daemon

http://openvpn.net

Other

10.92k stars 3.01k forks source link

Broken L2TP/IPSec after OpenVPN installed on Windows 11 #182

Open Maxersh opened 1 year ago

Maxersh commented 1 year ago

To Reproduce Install Windows 11 22H2 (on VirtualBox in my case). Configure L2TP/IPSec VPN connection with pre-shared key in built-in Windows VPN client. All needed settings can be done via GUI. Add Registry Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\AssumeUDPEncapsulationContextOnSendRule = 2 Reboot system. Check that L2TP\IPSec connection can be established. Install OpenVPN client community edition with default settings. Check that L2TP\IPSec connection can not be established with error: "The L2TP connection attempt failed because the security layer encountered a processing error during the initial negotiations with the remote computer." Uninstall OpenVPN client. Check that L2TP\IPSec connection still can not be established with same error.

Expected behavior L2TP/IPSec connection should work.

Version information (please complete the following information):

OS: Windows 11 22H2 (VirtualBox, official image)
OpenVPN version: 2.5.8

schwabe commented 1 year ago

OpenVPN does not support L2TP/IPSec. And as you wrote Configure L2TP/IPSec VPN connection with pre-shared key in built-in Windows VPN client you are using Windows internal VPN client. This is not OpenVPN itself. If installing OpenVPN really leads to L2TP/IPSEC no longer working we probably need a more detailed guide how to reproduce the problem

cron2 commented 1 year ago

Hi,

On Thu, Dec 01, 2022 at 04:54:21AM -0800, Arne Schwabe wrote:

OpenVPN does not support L2TP/IPSec. And as you wrote Configure L2TP/IPSec VPN connection with pre-shared key in built-in Windows VPN client you are using Windows internal VPN client. This does not

While OpenVPN does not do L2TP/IPSEC, installation of OpenVPN with all its drivers should not disturb pre-existing L2TP/IPSEC connections.

This said, I have no idea how that could happen, unless some sort of helpful security tool (virus scanner etc) interferes. Can this be reproduced on a fresh Win11 install with no "security helpful things" running?

gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany @.***

cron2 commented 1 year ago

@lstipakov any idea how this could interfere?

lstipakov commented 1 year ago

No, we don't do anything at all related to Windows built-in VPN services. Probably one could get some more logs from Windows?