Softether VPN + Windows 10 VPN Client + NTLMv1 disabled

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
tschmidty
Posts: 2
Joined: Wed Feb 15, 2017 2:21 pm

Softether VPN + Windows 10 VPN Client + NTLMv1 disabled

Post by tschmidty » Wed Feb 15, 2017 2:54 pm

So the combination above does not work for me. The built in client does not work for me using AD authentication since we have NTLMv1 disabled in our domain. It does work if I create the users manually and assign passwords. It also works with the SE Client. The result is the same using L2TP or SSTP.

For ease of use, I would really like to have users be able to use the built in clients.

Has anyone found a way to make this combination work? I have gotten a work around of configuring Network Policy Server on the server to use Radius authentication but the powers that be have concerns with radius security.

Setup:
SE VPN Server is on a Windows 2012 server joined to a domain that has NTLMv1 disabled (level 5 fwiw). Client is a Windows 10 machine using either L2TP or SSTP built in client.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: Softether VPN + Windows 10 VPN Client + NTLMv1 disabled

Post by thisjun » Thu Mar 02, 2017 6:22 am

Please try to enable PAP in the client.

jlyle@ver.com
Posts: 4
Joined: Mon Mar 13, 2017 11:37 pm

Re: Softether VPN + Windows 10 VPN Client + NTLMv1 disabled

Post by jlyle@ver.com » Mon Mar 13, 2017 11:48 pm

i don't see any where to enable PAP on my windows 10 PC under the VPN connection

jlyle@ver.com
Posts: 4
Joined: Mon Mar 13, 2017 11:37 pm

Re: Softether VPN + Windows 10 VPN Client + NTLMv1 disabled

Post by jlyle@ver.com » Tue Mar 14, 2017 5:18 pm

Doing this reg hack corrected the problem on my windows 10 computer

For Windows XP:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2

For Windows Vista, 7, 8, 10, and 2008 Server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2

Note that after creating this key you will need to reboot the machine

Post Reply