Configure and Use L2TP on Windows 10
You can use the Windows 10 VPN client to make an L2TP VPN connection to a Firebox.
Configure the L2TP Connection
To prepare a Windows 10 computer to make an L2TP VPN connection, you must configure the L2TP connection in the network settings.
The procedure in this topic is an example only. The steps you must follow might differ because of your Control Panel view and existing configuration. For more information about L2TP VPN connections in Windows, see the Microsoft documentation.
- From the Windows 10 Start Menu, click Settings.
- Click Network & Internet.
- On the left navigation menu, select VPN.
- Click Add a VPN connection.
- In the VPN provider text box, select Windows (built-in).
- In the Connection name text box, type a name for the Mobile VPN (such as "L2TP VPN")
- In the Server name or address text box, type the DNS name or IP address for the Firebox external interface.
- From the VPN Type drop-down list, select Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec).
- Click Save.
The VPN is added to the Network & Internet VPN settings page. - On the VPN settings page, click Change adapter options.
- Click your VPN to select it.
- Click Change settings of this connection.
The Properties for this VPN appear. - Click the Security tab.
- From the Data encryption drop-down list, select Require encryption (disconnect if server declines).
- Select Allow these protocols.
- Select Microsoft CHAP Version 2 as the only allowed protocol.
- Click Advanced settings.
The Advanced Properties dialog box appears. - If Mobile VPN with L2TP on the Firebox is configured to use a pre-shared key as the IPSec credential method:
- Select Use pre-shared key for authentication.
- In the Key text box, type the pre-shared key for this tunnel. The pre-shared key must match the pre-shared key configured on the Firebox Mobile VPN with L2TP IPSec settings.
- If Mobile VPN with L2TP on the Firebox is configured to use a certificate as the IPSec credential method:
- Select Use certificate for authentication.
- Make sure the Verify the Name and Usage attributes of the servers certificate check box is selected.
- Make sure you have imported the certificate to the client device. For more information, go to Import a Certificate on a Client Device
- Click OK.
- Do not change the default settings on the Networking tab.
- Click OK.
Start the L2TP Connection
The name of the VPN connection is the destination name you used when you configured the L2TP connection on the client computer. The user name and password refers to one of the users you added to the L2TP-Users group. For more information, go to About Mobile VPN with L2TP User Authentication.
Before you begin, make sure the client computer has an active connection to the Internet.
- In the Windows notification area (System Tray), click the Network icon.
A list of available networks and VPNs appears. - Click the VPN connection.
The Network & Internet VPN settings appear. - Select the VPN connection. Click Connect.
The Connect page appears. - Type your user name and password.
- Click OK.
For information about how to specify the non-default authentication server when you connect, go to Connect from an L2TP VPN Client.
To configure pre-logon VPN connections for Windows users, go to How can I create and deploy custom IKEv2 and L2TP VPN profiles for Windows computers? in the WatchGuard Knowledge Base.
Internet Access Through a Mobile VPN with L2TP Tunnel
Configure and Use L2TP on Windows 8.1
Configure and Use L2TP on Windows 8 in the WatchGuard Knowledge Base
Configure and Use L2TP on Windows 7 in the WatchGuard Knowledge Base