Previous 1 2 Next 23 Replies Latest reply: Jan 21, 2015 7:12 AM by Theviet
beejster Level 1 (0 points)

I have been strugling the last couple days on this issue!


I have established a MAC OSX VPN connection to OSX Lion Server without any problems but also need to connect Windows 7 machines also.


The Settings on the server side are correct (hence the MAC connection) but still cant get the Windows 7 machine to make the connection!


Any help will be apreciated!

Toshiba Laptop, Windows 7
  • beejster Level 1 (0 points)

    Finally got it going!


    Here are the steps:


    1. Add this to your registry:




    2. Open secpol.msc (click start > search for secpol.msc)


    - Local Policies > Security Options

    - Network Security : LAN Manager Auth Level…

    - Set to: Send LM & NTLMv2 - UseNTLMv2…




    - Network Security : Minimum session security… clients

    - uncheck "Require 128-bit encryption"


    3. Restart PC


    4. Create VPN Connection on Windows 7


    - Host Name: (server IP or

    - PPP Settings : Enable LCP (only)

    - Type: L2TP/IPSec

    - Pre-shared key : yoursharedsecret

    - Data encryption : Optional encryption

    - Allow CHAO and CHAPv2


    5. Router on server-side must allow VPN Passthrough and forward ports: 50, 51, 500, 548, 1701, 1723, 4500 to the server box. Also, do not filter anonymous internet requests, multicast or NAT Redirection but enable SPI Firewall.


    I now can successfully VPN from Windows 7 to MAC OSX Lion Server!  YAY!

  • Roger W Maki Level 1 (0 points)

    I have my vpn up and working

    connecting with my mac equipment works great

    Have been trying to get a windows machine to connect

    I am unclear as to how to edit the registry

    when I am in the registry at the location noted above, where do I entry the new line

    Iam not a regular windows user and want to make sure i enter it properly

    I Have edited the secpol.msc file

  • beejster Level 1 (0 points)


    Open the registry editor (regedit.exe) and browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent].

    To add a new dword > right click an empty area within the right side of the window, select NEW - DWORD and name it "AssumeUDPEncapsulationContextOnSendRule". Enter the value "2".


    Then just reboot your computer and make sure your VPN connection is configured using the above description.

    Also, you should make sure you Map a network drive while locally connected to the network (without VPN) first, so you dont have to map it over VPN (sometimes a big pain - Microsoft ***).


    Hope this helps!

  • CajunTech Level 1 (0 points)

    Great info with details.

    Do you know if the same steps would work with Vista or XP?

    Also, is there a VPN client that could be used to avoid all of the Microsoft workarounds?

  • beetlejelly Level 1 (5 points)

    This is great, thanks!

    I notice that once connected, all internet traffic now go through the vpn server. This is a problem because the vpn server lives on a slow network. Is there a work around for this?

  • beetlejelly Level 1 (5 points)

    I'm wondering if anyone has figured out how to implement this fix for windows 7 home edition (doesn't have secpol.msc).


    I was able to add,




    and I even changed a registry setting that I believe corresponds to "Send LM & NTLM - use NTLMv2 session security if negotiated"

    "[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\]"lmcompatibilitylevel "=dword:00000001"


    I am unable however to find where I can change the "Require 128-bit encryption" settings in the registry.


    Any help would be greatly appriciated.


  • heatsea Level 1 (0 points)



    with your home edition, change registry below.







  • CajunTech Level 1 (0 points)

    These steps worked great for establishing a Win 7 to Lion Server VPN.  But, once a drive is mapped and I try to access any Office files (Word, Excel, etc.) I get an error that the file is locked for editing by 'another user'. 


    I can download a copy, edit, the push it back up.  But I don't get the locked error from my mac clients.


    Any ideas?  workarounds?

  • CajunTech Level 1 (0 points)

    Thanks for the home machine settings.  But my win 7 home premium didn't respond successfully to your last regedit changes.  It still won't connect to Lion VPN.  Any other regedit ideas?

  • beejster Level 1 (0 points)



    I can not say what registry settings you would have to make on a Home Premium machine as I do not work with this OS. The Home Premium is however NOT designed for Business Networking such as VPN (thus HOME). Maybe that is why some settings are not possible on that OS. That is the main difference in the type of OS.

    Honestly - Microsoft should stop ****ing around with their 20 OS flavors and just push 1 that does it all - like Apple!


    Sorry but I think you may have to do an upgrade to Professional or Ultimate.

  • beejster Level 1 (0 points)

    You may also have to verify your server side SMB settings.

  • CajunTech Level 1 (0 points)

    I totally agree about MS.  Their limited OS's may save money for the customers but end up frustrating them in the end.  I like the apple approach better of course, flat rate and all the features.  Thanks for your help!!

  • the.right.idea Level 1 (0 points)

    Don't work by me. I did all things in the tutorial - but I get this message:

    "Fehler 789: Der L2TP-Verbindungsversuch ist fehlgeschlagen, da ein Verarbeitungsfehler während der ersten Sicherheitsaushandlung mit dem Remotecomputer aufgetreten ist."


    Error 789: The L2TP connection attempt failed because a processing error occurred during the initial security negotiation with the remote computer.

  • Pierre Froelicher1 Level 1 (110 points)

    i have also tried for two day to connect win7 home  pcs to lioserver with no success.

    i have however not yet accepted that i have to fumble aroud with some win registry..heck i do not even know HOW to edit these settings.

    anyway in my opinion this should work out of the we not all miss something?

    perhaps with win7 pptp would be the easier protocol.

    doesanyone see an easier way?


Previous 1 2 Next