Not sure if you know this, but there's a Windows 10 native VPN client issue with this build. To get around, you have to search for "VPN Settings", and connect to VPN from that Windows.
I'm not sure why Windows releases updates without testing first!
Have I got a solution for you...
Are you familiar with the rasphone.exe client?
If you deploy the client VPN using my script that I constantly shill, a rasphone.exe desktop shortcut is automatically created.
Otherwise, you can either:
Hit Win+R and run rasphone.exe, select your VPN from the dropdown list, then connect a la Win7.
Or create a desktop shortcut as in the below screenshot. Your target is going to be your systems drive (usually C:, right?) and: C:\WINDOWS\system32\rasphone.exe -d "VPN Name"
Change "VPN Name" to the name of your vpn. Tell end user to use desktop shortcut. Avoids Win10's busted VPN overlay entirely.
Has anybody ever connected from a Win 10 Pro machine to a MX/Z using Client VPN? All I do is chew out surprising amounts of data and get nowhere.
Furthermore, I'm not sure that Android VPN client does much better. The Android phone (Sony) burned through 500MB data in 2 mornings of testing. In retrospect, I may have got close, so will do more pcaps tomorrow.
I can establish Hub/Spoke connections between an MX and a Z3C with LTE active.
@Uberseehandel In as much as anything is my specialty, getting Win10 to connect to the client VPN is it.
What happens if you try the script I linked above? You can either create a one-and-done where you prepopulate the MX/Z's address, PSK, and - if split tunnel - subnets in the 192.168.0.0/24 format. AKA, your network IP slash CIDR notation.
Or you can run the script that prompts you for address, PSK, and subnets. Please read the comments on the scripts before running them. Default setup is an AllUserConnection, but I provide instructions for making it a single user connection.
For address, either use the Meraki-provided dynamic DNS (check the client VPN page) or create a CNAME record that points to that name. This way, you don't have to reconfigure end users if you change ISPs or failover between WAN1 and WAN2.
Yes, I'm using rasphone. Windows needs to do better quality control. Any idea when Meraki will have its vpn client like the Cisco ASA and the AnyConnect? This is what we really need.
@tantony Mmm, okay. When you referenced going into VPN settings, I assumed you meant this friendo:
I have had issues with this not passing credentials correctly, which is why I go straight to rasphone. It's the simplest way to avoid Win10's strange issues.
Actually, I meant "what your picture shows below". This works for me.
I couldn't get the Client vpn to work from system tray, meaning it wouldn't bring up the login window.
If something goes bad, I'll look at rasphone. Thanks for the suggestions.
@tantony You're welcome. I call both the system tray way and the VPN Settings way "the Win10 overlay", since it's just rasphone in the end. The systems tray way breaks the most. The VPN settings way breaks less.
Most of my clients want a desktop shortcut, and you basically have to use rasphone to make that shortcut. If you make a shortcut from the Network and Sharing Center -> Change Adapter Settings screen, it'll try to use the system tray. This is why my eyebrows have gone grey.
Thanks for responding, and I will try your script. Unfortunately I am off to London this week, so I'll have to put the VPN Client testing on hold until afterwards. I'll take the Z3C with me, so I won't need to use the client software for a week.
This issue is back. I've seen it in (3) different Windows 10 Build 19042 devices in the last two days. I guess using rasphone.pbk is a workaround but hopefully Microsoft will fix it soon.
Is Cisco putting pressure on Microsoft to fix it?