What am I doing wrong? Synology VPN Server and Windows 10

Hello, I’m trying to get my station to work on the L2TP/Ipsec with PSK and MS CHAP-V2 vpn that I created. works great on my phone, and Chromebook, but not on my Win 10 stations. I’ve tried remote and local networks, can’t seem to get it to connect from the windows’ side.

What am I doing wrong?

Set up the VPN

1. Navigate to:
   Start > Settings > Network and Internet > VPN > ‘Add a VPN connection’ (ensure there are no others that will conflict)

2. Input the following information…
   VPN Provider:
   Windows (built-in)
   Connection name:
   VPN
   Server name or address:
   [Your public IP]
   VPN Type:
   L2TP/IPsec with pre-shared key
   Pre-Shared Key:
   [Your PSK Synology gave you]
   Type of sign-in info:
   User name and password
   User name:
   [Synology Account]
   Password:
   [Synology Account]
   Remember my sign-in info:
   CHECKED

Ensure MS-CHAP v2 is enabled

1. Go to:
   Start > Control Panel > Network and Internet > Network and Sharing Center > Change Adapter Settings
2. From here,
   right-click the ‘VPN’ connection and select ‘Properties’
3. Navigate to
   ‘Security’ tab and at the bottom, ensure ‘Allow these protocols’ is selected and MS-CHAP v2 is checked
4. Try the connection again on a Wi-Fi or wired network with reliable connection

Add a registry key to enable the VPN’s security setting

1. Log on to the Windows 10 computer
2. Click Start icon, type “regedit”. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, click Yes.
3. Locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
4. On the Edit menu, point to New, and then click DWORD (32-bit) Value.
5. Type:
   AssumeUDPEncapsulationContextOnSendRule
   and then press ENTER.
6. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
7. In the Value Data box, type the following value:
   2
8. Click OK, and then exit Registry Editor.
9. Restart the computer.

Launch the VPN

1. Press the Start button
2. Search for “Settings” or press the cog icon just above the start menu icon
3. Navigate to “Network & Internet”
4. Click ‘VPN’
5. Click ‘VPN’
6. Click ‘Connect’

We use OpenVPN for lots of clients and it’s very reliable. The one you are using is buggy on Windows 10.

Try connecting from the VPN settings menu and not from the system tray.

Who’s the whiny bitch that downvoted? LOL. Did you even read the gig article before suggesting it. 1 is the better option for L2TP tunneling to work correctly with Windows. I use this setting on three Win10 laptops like this. I tried 2 when I first did my research almost two years ago and it wouldn’t work. Ever. I set to 1 and it always works.

I’m using mschapv2 … Untucking that box would deny mschapv2

OpenVPN isn’t supported on my machine as it isn’t in the list of VPN types.

still doesn’t work. pops up with an error after several minutes of trying.

some error involving the security layer failing during initial negotiations. same as always

You need to set the Registry Key to 1, not 2 like it says in the Gig article.

If you mean your Windows 10 machine you need to install OpenVPN community edition, it runs in the system tray. We have perhaps 200 people on it daily right now and perhaps 1-2 issues a week.

One of my previous comments has a list of possible issues that I’ve found using L2TP VPN connections on Windows 10. Maybe see if you can find it and try those.

I’ve also tried things like making sure Win10 fully up to date, switching from wired to wireless connection (or vice versa). It’s a tough issue to diagnose what’s actually the problem since there are many possible solutions.

tried that. same error. “The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.”

OK, leave that set to 1. Then go to Control Panel → All Control Panel Items → Network Connections. Right-click on the VPN connection and choose properties. Make sure the security tab settings are correct. I’m guessing you’re using a preshared key and not a certificate.