I have been having an issue with VPN connections on some windows 10 Machines, this does not happen on windows 7 and while not all Windows 10 Machines are affected it seems this is the only common factor.
The issue is as follows:
VPN is setup initially either from "Settings" or "Control Panel".
User credentials and VPN settings are entered in the Settings menu
After then going to control panel and changing the protocol to "PAP", the user authentication changes to "General Authentication" which would remove their credentials.
If you setup the PAP protocol first via. control panel, then enter the user credentials under the "Settings" menu, the PAP option (Use following Protocol) will be unselected. I have set up VPN connections multiple time within Windows 10, but have need seen anything like this. Any and all help would be appreciated.
We've also experienced this and its starting to get a bit of a pain. What we have done as a workaround is extract the PBK file from the APPData folder and stick this on the desktop. It seems to be something to do with the Windows 10 Metro.
The location is:
This works a charm
I picked this up on this forum somewhere. Best thing I've found is to create the saved VPN entry using Powershell:
Add-VpnConnection -Name $ConnectionName -ServerAddress $ServerAddress -AllUserConnection -TunnelType L2tp -L2tpPsk $PresharedKey -AuthenticationMethod Pap -EncryptionLevel Optional -Force
Run this in powershell as administrator and it will add the entry to all users on that device. Replace the $variables as appropriate. Windows 10 doesn't support required encryption for PAP - you can see for yourself if you change this to "-EncryptionLevel Required'.
Tell your users to enter the user name and password each time. Do not set it to remember.
We prefer to setup clients with RADIUS authentication with NPS, so having them manually enter the password saves my help desk grief. If the credential is saved, we get a ton of "my VPN doesn't work" tickets because the end user's changed their Windows password.
We've had a similar experience with the settings changing.
For more than 3 months, we've been using a pair of Meraki MX65's integrated with Active Directory for VPN access.
During this time many users have experienced an odd behavior.
The VPN stops connecting, with the connection dialog hung.
On another machine I'll verify that VPN is working.
When we review the Windows VPN client settings we find that the security setting on the VPN network adapter have changed back to the default settings.
Numerous users have had this experience (including myself) and they all say they've not been in the adapter settings, or changed the settings.
Sometimes we can get it working by setting the VPN network adapter security settings back to Meraki recommended.
Often it works better to delete and recreate the whole VPN client connection, both the VPN settings and the network adapter.
I'll give these work arounds a try.
I’ve heard from suppliers that there soon might be support for the Cisco AnyConnect VPN client with Meraki.
However, due to this issue we’ve been forced to use the Draytek client. Which has been working without fail for lots of our users.
Could you send me the profile settings you use with the Draytek client. I am having the same issue with Windows 10 and, for the first time, Meraki support is absolutely NO help.
I have those same settings and when I try to connect, it tries for about 60 seconds and then displays "Unknown Error".
Thank you. This solved the issue I have with the user PCs.
Great to have members like you.
However; the customer has two Microsoft Surface Pro devices and the RAS Phone Book,
"%userprofile%\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk" workaround does work on it.
Even the Powershell script command, complains about a [-SplitTunneling] value.
Any ideas to resolve this, to get Windows 10 to hold the settings.
When configuring the VPN account and adapter I noticed that the “User name & Password” option changes to “General authentication method”. Where the adapter “Security” drops “Allow these protocols” then account is changed to “User name & Password”. Please see below.
Okay, so you're having the authentication method change? Or is something else changing too?
Regarding changing authentication methods, tell your users to never save their user name/password. That will muck up the settings.
If Win10, create them a rasphone shortcut and have them use that to log in. That can also help. Win10 appears to have an overlay between its Win10-pretty VPN interface and rasphone, and sometimes that overlay will mess up.
If you want a better script, try this thing I wrote. Read the comments first and modify to suit your needs. Default version installs an AllUserConnection with a split tunnel. You have to populate variables for the split tunnel if you're using AddMerakiVPN.ps1
This also happened to me, I would setup the VPN and it would work one time but once you disconnect it would not connect again. If I went back into the Windows settings it changed "Username and Password" to "Generic Authentication Method" which is incorrect and turned PAP off. The solution that worked for me is:
Wipe out the VPN and re-create it from scratch configured correctly but don't actually connect when done.
In Windows there is a tool called rasphone which is an older way to do VPN connections (can be found by searching in the start menu, or going to C:\Windows\system32)
When you start the app it pulls any existing VPN connections and after typing in my username and password after clicking connect it not only worked but will not change settings. I created a shortcut to rasphone on the users desktop and just named it VPN, hope this can help someone.