Connecting from a Windows 10 client through L2TP/IPSEC to OSX Server

In a series of posts I am documenting my switch from an osx only world to a windows 10 client. This time: connecting to a L2TP/IPSEC VPN to a server running OS X Server 10.6.8 where the setup is like this:

Screenshot 2016-12-11 15.57.59.png

So let`s begin on the windows 10 side:

  • create a new VPN network connection in the network center
  • right click properties -> General: add a hostname
  • Options -> set PPP options
  • Security Settings
  • note the pre-shared key, you’ll set it in the os x server settings later on.
  • Now follow exactly these steps in order to set the correct security settings for your windows 10 client. note: these worked for me despite it says windows 7
  • Restart Windows

Now, for the gateway in order to get the traffic for L2TP / IPSec correctly tunneled I needed to forward these ports to my local server:

  • UDP 45, 500, 4500, 1701

As I am using a Zyxel Speedlink 5501, this looked like this (Web-Administration > Security > Port-Forwarding):
Screenshot 2016-12-11 16.24.37.png

On the OS X Server side, I set up the VPN through the Server Admin panel. I used MS-Chapv2 and a shared secret:
Screenshot 2016-12-11 16.26.27.png

Of course, you need to have a valid user/password for the server machine in order to connect succesfully.

Update 1: After a 1st test this broke my smb connections from the win 10 to another osx client on the network. 🙁

Update 2: fixed the problem above. To either connect to OS X Server via VPN or to another OS X machine it is „OK“ to set the „Network Security: LAN Manager authentication level“ to „Send NTLMv2 response only“. I was still able to connect to the VPN successfully.