14 Jan 2020

Meraki Client VPN (Windows 10)

Meraki Client VPN has always been tricky to setup on windows 10.

To make matters worse Microsoft introduced a BUG in windows 10 latest builds that the GUI stops the VPN connecting if you use the standard VPN connection method of clicking on the network icon in the bottom right.

Go get around this bug  you need to right click on the network icon "Open Network and Internet Settings"

and select VPN here

Then select the VPN connection and press connect.   The advantage of doing it this way is you see the connection progress and errors.

Users find this particularly hard to remember.

Also setting up the VPN requires going into OLD GUI  (as new GUI does not have this setting)  to turn on PAP Authentication.

This is not easy to get to either requiring over 6  menus and mouse clicks.

 Windows 10 Still has the old RASPHONE program   I have discovered this is a much better way to do the client VPN

This always works from experience, and is easy way to check the VPN properties to make sure the only protocol checked is "Unencrypted password (PAP)" by clicking the properties button ,   You then always connect using the rasphone client.

 You create a shortcut on Desktop (or push one out within GPO) to target: C:\Windows\System32\rasphone.exe

Much Easier !!  (You can even change the ICON if you want too)


 Also be aware that if the CLIENT gets an IP V6 Address  due to a Meraki Bug  the VPN will not connect.   This some times happens when clients are hot spotting with there phones.  The fix here is do disable IPV6 on the interface that is connecting to the host spot.   The event log will log the message, "msg: unsupported ID type 5." If the identification field value is 5 in the identification payload, this means the payload is carrying the ID type 'ID_IPV6_ADDR.' Meraki does not currently support ID type 5, so an error will appear for these ISAKMP messages. 

A question for you group policy experts out there.
I have been trying to put the Meraki L2TP VPN Client config in Group Policy.  I have done it all except the  L2TP preshared key.    if you know how to so this PLEASE let me know in the comments.

Additional Links

No comments:

Post a Comment