Currently Being ModeratedAug 18, 2011 12:27 AM (in response to beejster)
Finally got it going!
Here are the steps:
1. Add this to your registry:
2. Open secpol.msc (click start > search for secpol.msc)
- Local Policies > Security Options
- Network Security : LAN Manager Auth Level…
- Set to: Send LM & NTLMv2 - UseNTLMv2…
- Network Security : Minimum session security… clients
- uncheck "Require 128-bit encryption"
3. Restart PC
4. Create VPN Connection on Windows 7
- Host Name: (server IP or yourhost.name.com)
- PPP Settings : Enable LCP (only)
- Type: L2TP/IPSec
- Pre-shared key : yoursharedsecret
- Data encryption : Optional encryption
- Allow CHAO and CHAPv2
5. Router on server-side must allow VPN Passthrough and forward ports: 50, 51, 500, 548, 1701, 1723, 4500 to the server box. Also, do not filter anonymous internet requests, multicast or NAT Redirection but enable SPI Firewall.
I now can successfully VPN from Windows 7 to MAC OSX Lion Server! YAY!
Currently Being ModeratedAug 28, 2011 6:34 PM (in response to beejster)
I have my vpn up and working
connecting with my mac equipment works great
Have been trying to get a windows machine to connect
I am unclear as to how to edit the registry
when I am in the registry at the location noted above, where do I entry the new line
Iam not a regular windows user and want to make sure i enter it properly
I Have edited the secpol.msc file
Currently Being ModeratedAug 28, 2011 6:57 PM (in response to Roger W Maki)
Open the registry editor (regedit.exe) and browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent].
To add a new dword > right click an empty area within the right side of the window, select NEW - DWORD and name it "AssumeUDPEncapsulationContextOnSendRule". Enter the value "2".
Then just reboot your computer and make sure your VPN connection is configured using the above description.
Also, you should make sure you Map a network drive while locally connected to the network (without VPN) first, so you dont have to map it over VPN (sometimes a big pain - Microsoft ***).
Hope this helps!
Currently Being ModeratedSep 7, 2011 1:16 PM (in response to beejster)
This is great, thanks!
I notice that once connected, all internet traffic now go through the vpn server. This is a problem because the vpn server lives on a slow network. Is there a work around for this?
Currently Being ModeratedSep 7, 2011 2:45 PM (in response to beetlejelly)
I'm wondering if anyone has figured out how to implement this fix for windows 7 home edition (doesn't have secpol.msc).
I was able to add,
and I even changed a registry setting that I believe corresponds to "Send LM & NTLM - use NTLMv2 session security if negotiated"
I am unable however to find where I can change the "Require 128-bit encryption" settings in the registry.
Any help would be greatly appriciated.
Currently Being ModeratedSep 12, 2011 5:19 AM (in response to beetlejelly)
with your home edition, change registry below.
Currently Being ModeratedSep 12, 2011 11:03 AM (in response to beejster)
These steps worked great for establishing a Win 7 to Lion Server VPN. But, once a drive is mapped and I try to access any Office files (Word, Excel, etc.) I get an error that the file is locked for editing by 'another user'.
I can download a copy, edit, the push it back up. But I don't get the locked error from my mac clients.
Any ideas? workarounds?
Currently Being ModeratedSep 14, 2011 5:00 PM (in response to heatsea)
Thanks for the home machine settings. But my win 7 home premium didn't respond successfully to your last regedit changes. It still won't connect to Lion VPN. Any other regedit ideas?
Currently Being ModeratedSep 14, 2011 6:26 PM (in response to CajunTech)
I can not say what registry settings you would have to make on a Home Premium machine as I do not work with this OS. The Home Premium is however NOT designed for Business Networking such as VPN (thus HOME). Maybe that is why some settings are not possible on that OS. That is the main difference in the type of OS.
Honestly - Microsoft should stop ****ing around with their 20 OS flavors and just push 1 that does it all - like Apple!
Sorry but I think you may have to do an upgrade to Professional or Ultimate.
Currently Being ModeratedSep 14, 2011 7:50 PM (in response to beejster)
I totally agree about MS. Their limited OS's may save money for the customers but end up frustrating them in the end. I like the apple approach better of course, flat rate and all the features. Thanks for your help!!
Currently Being ModeratedSep 29, 2011 4:47 AM (in response to beejster)
Don't work by me. I did all things in the tutorial - but I get this message:
"Fehler 789: Der L2TP-Verbindungsversuch ist fehlgeschlagen, da ein Verarbeitungsfehler während der ersten Sicherheitsaushandlung mit dem Remotecomputer aufgetreten ist."
Error 789: The L2TP connection attempt failed because a processing error occurred during the initial security negotiation with the remote computer.
Currently Being ModeratedNov 21, 2011 5:09 PM (in response to beejster)
i have also tried for two day to connect win7 home pcs to lioserver with no success.
i have however not yet accepted that i have to fumble aroud with some win registry..heck i do not even know HOW to edit these settings.
anyway in my opinion this should work out of the box..do we not all miss something?
perhaps with win7 pptp would be the easier protocol.
doesanyone see an easier way?