Having come across many complaints recently regarding the instability of the native Windows 10 VPN client (lots of people working from home due to the pandemic and such). I thought it would be handy to leave a little guide here on how to use an alternative third party client from DrayTek, which works for me with my MX (tested on Firmware 15.25+).
Disclaimer: This is not a supported configuration, and Meraki Support will not assist in troubleshooting this 3rd party application.
Download: https://www.draytek.com/products/smart-vpn-client/
My example client VPN configuration;
Profile Setup
- Install and launch the client, add a new profile
- Give your profile a name
- Under Type, select “L2TP over IPSec”
- Enter your IP or hostname; This can be the DDNS hostname of your MX, or the Public IP (If your MX is in a warm spare configuration using virtual IPs, this will be the virtual IP of your MX).
- Enter your username and password for the Client VPN account.
- Expand the Advanced Options section
- Set the Authentication Method to “PAP”
- Enable “Use default gateway on remote network”
- Fill in the pre-shared key information as seen on the Client VPN configuration page (pre-shared secret).
- Save the profile by clicking OK.
To connect, select the connect slider on the Connection tab of the application (it may prompt to enter the password and PSK again for the first connection).
Hope this helps!
Thanks for publishing this!! I hate that Cisco can’t develop a client program for the MX. Why do I have to spend more money for another VPN solution that’s reliable!
Legend! Thanks man, this allowed me to resolve 3 issues at once.
-
Split Tunneling actually WORKING properly
-
Stability Issues seen with windows 10 client
-
Windows authentication working over the VPN for things like SSMS and other such tools! No more SSPI errors for me!
Thank you for this. 3 years old, but it has helped me so much.
I have been using the native client in Win11 and the major issue I have is that Windows keeps wanting to use the vpn credentials to access shared drives instead of the logged in user credentials when the VPN is connected.
years later and meraki/win10 issues still exist… this was the only consistent fix
We noticed that Windows 7 computers (if you still have any) had a difficult time connecting with the Draytek client so you might verify that if you still have to support the odd home laptop or two.
We have long email addresses, any way to fix the 23 character limit for usernames on the draytek config?
You sir are a freaking Genius. I’ve been looking for a solution for 6 months. These people should sell their product to Meraki, they would make a killing.
Have any issues with this? Ive tested this with three different merakis and they all sit at dialing then just error out.
Do you know if this tool would allow you to configure split tunneling to work properly?
Do I need to install open vpn for this to work
Meraki AM: “Just hang tight, one day AnyConnect support will be available”
HA
I’ve found windows 7 machines default vpn client rock solid
Unfortunately not, I haven’t come across a workaround for this.
Perhaps things have changed in the last 3 months, because im seeing a 128 Character limit?
https://imgur.com/ywUCP1O
worked for me! I unchecked “use default gateway on remote network” and added my remote subnets in the “More” button’s dialog. My non-work traffic is going out my local Comcast modem (validated by hitting whatsmyip.org)
I didn’t install it and mine works perfectly.
I was told by support this week it was due out by end of calendar year. But nothing I would put any faith in since they have been saying it since 2016
Yes it changed very recently, I downloaded and installed an updated version less than a week ago and it works like a dream!
Good to know. I am guessing installing the client requires administrative credentials. Do you know if you can preconfigure the client, and push it out to endpoints? Meaning, can I configure it how I want, with the preshared key, split tunnel subnets, etc, and push it out to where people only have to enter their credentials?
