We installed an MX250 last weekend and all is well except client vpn. I followed the instructions in this article https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10
And on one win10 computer, if I set up the vpn connection with user/password then go to the vpn connection and set the required settings, it changes the vpn properties back to General authentication method, then fails when I try to connect.
On a Win11 computer I can get the settings set properly, and connect once, then when I disconnect, one setting or the other changes.
Has anyone seen this and have a fix?
@WCS-Alan You can find Powershell scripts to configure the client VPN connection here:
Take a look over some of the common troubleshooting techniques for issues you are going to run into:
Thanks for that. I can get connected, but when I disconnect one of the settings changes on the client, then I have to go back and set it again, save it. then I can connect again.
So far it is fairly consistent with the win10 computers I have tried. Is there a way to get the settings set so they don't change on their own?
Are these domain joined computers?
Do you have VPN configuration settings pushed via group policy or something similar that is overriding your manual configuration?
Ahhh, OK, was wondering. I found the Windows client to be more of a pain than it was worth so as soon as I could switch sites to AnyConnect, I did. I expect you'll find the same.
I believe Windows just shows it as general authentication in the GUI, but in essence it is still the same like you have saved it.
If you want to see what is actually under the hood you need to use some Powershell:
Get-VpnConnection -ConnectionName "nameofyourVPN" and check if all the fields are correct.
If you are using split tunnel like you should you can get your routes like this:
(Get-VpnConnection -ConnectionName "nameofyourVPN").Routes
Make sure you have the correct pre shared key and you are using Pap and optional or noencryption as encryption parameter.
If you have access to CMAK i'd suggest using that to build your client VPN. It's been a while since I used CMAK and set ours up, but after configuring with CMAK you'll get a VPN client exe. Then you can just double click on it to install on machines, or roll it out however you prefer. Yes it's old, but still works great. We are using Radius L2TP/IPSEC with our MX for the windows client VPN. Here's more info on it: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc...