So the combination above does not work for me. The built in client does not work for me using AD authentication since we have NTLMv1 disabled in our domain. It does work if I create the users manually and assign passwords. It also works with the SE Client. The result is the same using L2TP or SSTP.
For ease of use, I would really like to have users be able to use the built in clients.
Has anyone found a way to make this combination work? I have gotten a work around of configuring Network Policy Server on the server to use Radius authentication but the powers that be have concerns with radius security.
Setup:
SE VPN Server is on a Windows 2012 server joined to a domain that has NTLMv1 disabled (level 5 fwiw). Client is a Windows 10 machine using either L2TP or SSTP built in client.
Softether VPN + Windows 10 VPN Client + NTLMv1 disabled
-
- Posts: 2
- Joined: Wed Feb 15, 2017 2:21 pm
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Softether VPN + Windows 10 VPN Client + NTLMv1 disabled
Please try to enable PAP in the client.
-
- Posts: 4
- Joined: Mon Mar 13, 2017 11:37 pm
Re: Softether VPN + Windows 10 VPN Client + NTLMv1 disabled
i don't see any where to enable PAP on my windows 10 PC under the VPN connection
-
- Posts: 4
- Joined: Mon Mar 13, 2017 11:37 pm
Re: Softether VPN + Windows 10 VPN Client + NTLMv1 disabled
Doing this reg hack corrected the problem on my windows 10 computer
For Windows XP:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2
For Windows Vista, 7, 8, 10, and 2008 Server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2
Note that after creating this key you will need to reboot the machine
For Windows XP:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2
For Windows Vista, 7, 8, 10, and 2008 Server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2
Note that after creating this key you will need to reboot the machine