Finally got it going!
Here are the steps:
1. Add this to your registry:
2. Open secpol.msc (click start > search for secpol.msc)
- Local Policies > Security Options
- Network Security : LAN Manager Auth Level…
- Set to: Send LM & NTLMv2 - UseNTLMv2…
- Network Security : Minimum session security… clients
- uncheck "Require 128-bit encryption"
3. Restart PC
4. Create VPN Connection on Windows 7
- Host Name: (server IP or yourhost.name.com)
- PPP Settings : Enable LCP (only)
- Type: L2TP/IPSec
- Pre-shared key : yoursharedsecret
- Data encryption : Optional encryption
- Allow CHAO and CHAPv2
5. Router on server-side must allow VPN Passthrough and forward ports: 50, 51, 500, 548, 1701, 1723, 4500 to the server box. Also, do not filter anonymous internet requests, multicast or NAT Redirection but enable SPI Firewall.
I now can successfully VPN from Windows 7 to MAC OSX Lion Server! YAY!
I have my vpn up and working
connecting with my mac equipment works great
Have been trying to get a windows machine to connect
I am unclear as to how to edit the registry
when I am in the registry at the location noted above, where do I entry the new line
Iam not a regular windows user and want to make sure i enter it properly
I Have edited the secpol.msc file
Open the registry editor (regedit.exe) and browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent].
To add a new dword > right click an empty area within the right side of the window, select NEW - DWORD and name it "AssumeUDPEncapsulationContextOnSendRule". Enter the value "2".
Then just reboot your computer and make sure your VPN connection is configured using the above description.
Also, you should make sure you Map a network drive while locally connected to the network (without VPN) first, so you dont have to map it over VPN (sometimes a big pain - Microsoft ***).
Hope this helps!
I'm wondering if anyone has figured out how to implement this fix for windows 7 home edition (doesn't have secpol.msc).
I was able to add,
and I even changed a registry setting that I believe corresponds to "Send LM & NTLM - use NTLMv2 session security if negotiated"
I am unable however to find where I can change the "Require 128-bit encryption" settings in the registry.
Any help would be greatly appriciated.
These steps worked great for establishing a Win 7 to Lion Server VPN. But, once a drive is mapped and I try to access any Office files (Word, Excel, etc.) I get an error that the file is locked for editing by 'another user'.
I can download a copy, edit, the push it back up. But I don't get the locked error from my mac clients.
Any ideas? workarounds?
I can not say what registry settings you would have to make on a Home Premium machine as I do not work with this OS. The Home Premium is however NOT designed for Business Networking such as VPN (thus HOME). Maybe that is why some settings are not possible on that OS. That is the main difference in the type of OS.
Honestly - Microsoft should stop ****ing around with their 20 OS flavors and just push 1 that does it all - like Apple!
Sorry but I think you may have to do an upgrade to Professional or Ultimate.
Don't work by me. I did all things in the tutorial - but I get this message:
"Fehler 789: Der L2TP-Verbindungsversuch ist fehlgeschlagen, da ein Verarbeitungsfehler während der ersten Sicherheitsaushandlung mit dem Remotecomputer aufgetreten ist."
Error 789: The L2TP connection attempt failed because a processing error occurred during the initial security negotiation with the remote computer.
i have also tried for two day to connect win7 home pcs to lioserver with no success.
i have however not yet accepted that i have to fumble aroud with some win registry..heck i do not even know HOW to edit these settings.
anyway in my opinion this should work out of the box..do we not all miss something?
perhaps with win7 pptp would be the easier protocol.
doesanyone see an easier way?