I have been strugling the last couple days on this issue!
I have established a MAC OSX VPN connection to OSX Lion Server without any problems but also need to connect Windows 7 machines also.
The Settings on the server side are correct (hence the MAC connection) but still cant get the Windows 7 machine to make the connection!
Any help will be apreciated!
Toshiba Laptop-OTHER, Windows 7
Finally got it going!
Here are the steps:
1. Add this to your registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
2. Open secpol.msc (click start > search for secpol.msc)
- Local Policies > Security Options
- Network Security : LAN Manager Auth Level…
- Set to: Send LM & NTLMv2 - UseNTLMv2…
And
- Network Security : Minimum session security… clients
- uncheck "Require 128-bit encryption"
3. Restart PC
4. Create VPN Connection on Windows 7
- Host Name: (server IP or yourhost.name.com)
- PPP Settings : Enable LCP (only)
- Type: L2TP/IPSec
- Pre-shared key : yoursharedsecret
- Data encryption : Optional encryption
- Allow CHAO and CHAPv2
5. Router on server-side must allow VPN Passthrough and forward ports: 50, 51, 500, 548, 1701, 1723, 4500 to the server box. Also, do not filter anonymous internet requests, multicast or NAT Redirection but enable SPI Firewall.
I now can successfully VPN from Windows 7 to MAC OSX Lion Server! YAY!
Finally got it going!
Here are the steps:
1. Add this to your registry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
2. Open secpol.msc (click start > search for secpol.msc)
- Local Policies > Security Options
- Network Security : LAN Manager Auth Level…
- Set to: Send LM & NTLMv2 - UseNTLMv2…
And
- Network Security : Minimum session security… clients
- uncheck "Require 128-bit encryption"
3. Restart PC
4. Create VPN Connection on Windows 7
- Host Name: (server IP or yourhost.name.com)
- PPP Settings : Enable LCP (only)
- Type: L2TP/IPSec
- Pre-shared key : yoursharedsecret
- Data encryption : Optional encryption
- Allow CHAO and CHAPv2
5. Router on server-side must allow VPN Passthrough and forward ports: 50, 51, 500, 548, 1701, 1723, 4500 to the server box. Also, do not filter anonymous internet requests, multicast or NAT Redirection but enable SPI Firewall.
I now can successfully VPN from Windows 7 to MAC OSX Lion Server! YAY!
I have my vpn up and working
connecting with my mac equipment works great
Have been trying to get a windows machine to connect
I am unclear as to how to edit the registry
when I am in the registry at the location noted above, where do I entry the new line
Iam not a regular windows user and want to make sure i enter it properly
I Have edited the secpol.msc file
@Roger
Open the registry editor (regedit.exe) and browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent].
To add a new dword > right click an empty area within the right side of the window, select NEW - DWORD and name it "AssumeUDPEncapsulationContextOnSendRule". Enter the value "2".
Then just reboot your computer and make sure your VPN connection is configured using the above description.
Also, you should make sure you Map a network drive while locally connected to the network (without VPN) first, so you dont have to map it over VPN (sometimes a big pain - Microsoft ***).
Hope this helps!
Great info with details.
Do you know if the same steps would work with Vista or XP?
Also, is there a VPN client that could be used to avoid all of the Microsoft workarounds?
This is great, thanks!
I notice that once connected, all internet traffic now go through the vpn server. This is a problem because the vpn server lives on a slow network. Is there a work around for this?
I'm wondering if anyone has figured out how to implement this fix for windows 7 home edition (doesn't have secpol.msc).
I was able to add,
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002"
and I even changed a registry setting that I believe corresponds to "Send LM & NTLM - use NTLMv2 session security if negotiated"
"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\]"lmcompatibilitylevel "=dword:00000001"
I am unable however to find where I can change the "Require 128-bit encryption" settings in the registry.
Any help would be greatly appriciated.
beetlejelly,
with your home edition, change registry below.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
->0x00000000
HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec
0x20000000->0x00000000
These steps worked great for establishing a Win 7 to Lion Server VPN. But, once a drive is mapped and I try to access any Office files (Word, Excel, etc.) I get an error that the file is locked for editing by 'another user'.
I can download a copy, edit, the push it back up. But I don't get the locked error from my mac clients.
Any ideas? workarounds?
Thanks for the home machine settings. But my win 7 home premium didn't respond successfully to your last regedit changes. It still won't connect to Lion VPN. Any other regedit ideas?
@CajunTech
I can not say what registry settings you would have to make on a Home Premium machine as I do not work with this OS. The Home Premium is however NOT designed for Business Networking such as VPN (thus HOME). Maybe that is why some settings are not possible on that OS. That is the main difference in the type of OS.
Honestly - Microsoft should stop ****ing around with their 20 OS flavors and just push 1 that does it all - like Apple!
Sorry but I think you may have to do an upgrade to Professional or Ultimate.
You may also have to verify your server side SMB settings.
I totally agree about MS. Their limited OS's may save money for the customers but end up frustrating them in the end. I like the apple approach better of course, flat rate and all the features. Thanks for your help!!
Don't work by me. I did all things in the tutorial - but I get this message:
"Fehler 789: Der L2TP-Verbindungsversuch ist fehlgeschlagen, da ein Verarbeitungsfehler während der ersten Sicherheitsaushandlung mit dem Remotecomputer aufgetreten ist."
Error 789: The L2TP connection attempt failed because a processing error occurred during the initial security negotiation with the remote computer.
i have also tried for two day to connect win7 home pcs to lioserver with no success.
i have however not yet accepted that i have to fumble aroud with some win registry..heck i do not even know HOW to edit these settings.
anyway in my opinion this should work out of the box..do we not all miss something?
perhaps with win7 pptp would be the easier protocol.
doesanyone see an easier way?
pierre
As a sidenote, after much suffering, I set up a vpn server on an old G4 running leopard. It was easy enough setting it up and getting Macs (Lion) and iOS devices to connect using L2TP but when I tried over Windows 7 I ran into a wall! I finally resorted to your solution, though far from elegant, it did the job!
Thanks
How to VPN windows 7 to osx lion server
