Hello,
Since yesterday’s update for W10 (KB5009543) and W11 (KB5009566), our VPN connection to our Peplink Balance One Core 8.1.3.
does not work anymore.
Here is the message: “The l2tp connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer”.
By uninstalling these KB, there is no more problem.
Our VPN connection is L2PT with pre-shared key, etc.
We did not touch anything else excepted Windows Update.
Can you help me please ?
Just to confirm if you uninstall the kb’s you are able to connect?
Are you able to connect with a non-windows devices as well?
If so I suggest opening a ticket to have peplink investigate, but if it’s a microsoft updating some libraries, I’m not sure there will be a quick fix.
As an alternative, have you tried using openvpn server on the peplinks, I’ve started switching all of our devices to that, because of werid issues like this in windows.
Hello,
Yes everything works normally when I uninstall KB on W10 and W11.
No problem also to connect to VPN with my smartphone.
Thanks for the OpenVPN solution, I had just done some tests with it.
Think Microsoft is downgrading L2PT?
I put this message also at Microsoft:
https://answers.microsoft.com/en-us/windows/forum/windows_11-wintop_update/l2tp-vpn-connection-impossible-since-the-patches/417be893-b13b-4dce-917d-366256fa2894
Honestly, once peplink released openvpn I moved to it. I would randomly have problems with L2tp before this patch and a reboot would usually resolve it on my laptop, so I got tired of messing with it.
Had 50+ WFH users affected by this, reading this post it seems like OpenVPN is a direction we’ll need to head.
Besides this issue we’ve had all kinds of weird problems with “Remote User Access” over the last year randomly not allowing packets to flow across subnets, or even to specific IP#'s… that and the lack of any sort of advanced settings, or even detailed logging for the non site-to-site VPN has always been a concern and a head scratcher to me as to why you’d put in a feature and not log against it…
BTW not having read any of the reddit or M$ posts, this was my go to article that helped us out, ran through this entire list Method 5 is what did it for us:
shaun.
From Microsoft: Can we do this in the Peplink, just until everyone gets the update to the update?
Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used