If you have already correctly configured the L2TP VPN server in the TP-Link SMB VPN router and L2TP VPN client in your Windows 7, but the client still cannot connect to the server, there may be something wrong with the settings on your Windows 7, please refer to this article to start some services and modify some entries of your Windows Registry.

Note

1. If you do not know how to configure L2TP client-to-LAN VPN in TP-Link router, please refer to FAQ444 for help.
2. This method only works for Windows 7 operating system.
3. It is not suitable for third-party VPN client software.

Problem

L2TP Client-to-LAN VPN is used to remote access to your workplace network. If you have problem when connect to the L2TP VPN server, please first check the basic configuration according to the FAQ444 and mind the physical connection, username, password, pre-shared key and so on. After you did this basic check, if system still informs Error code 629 or 809, you can try to start some services and modify some values of the Windows Registry to solve the problem.

Solution

Step 1

Start the following services on client PC:

1. IKE and AuthIP IPsec Keying Modules
2. IPsec Policy Agent
3. Remote Access Auto Connection Manager
4. Remote Access Connection Manager
5. Secure Socket Tunneling Protocol Service

Here are the configuration steps:

1)  Type Win+R, then type “services.msc” in the box. Then click OK.

2)  Start the services

a) IKE and AuthIP IPsec Keying Modules

If it is not started, right-click and start it.

b) IPsec Policy Agent

c) Remote Access Auto Connection Manager

d) Remote Access Connection Manager

e) Secure Socket Tunneling Protocol Service

Make sure that these services are started, then try to connect the VPN again. If you still fail to access L2TP server, please do the following steps.

Step 2

Modify the Register of your Windows 7.

1. Win+R, then type regedit.exe in the box. Click OK.

2. Go to HKEY_LOCAL_MACHINE——SYSTEM——CurrentControlSet——services——RasMan——Parameters, Find „ProhibitIpSec„, double click it and then set the value as 0.

If you cannot find the parameter in the specify list, you can new it like below, then rename it as ProhibitIpSec(case insensitive) and set the value as 0.

Note

If L2TP VPN server is behind a NAT device (Error 809), you need to do some extra settings. If not, skip steps below.

1. Open UDP port 500,1701,4500 for L2TP server in NAT device.
2. Enable IPsec passthrough in ALG in NAT device.
3. Modify the registry list in client PC as below. 

    HKEY_LOCAL_MACHINE——SYSTEM——CurrentControlSet——Services——PolicyAgent, find „AssumeUDPEncapsulationContextOnSendRule“ and double click it, then set the value as 2. If it is not exist, new it and set it as 2.

Step 3

Restart the computer, make sure that services are started and try to connect the VPN again.