Meraki

Community

Windows 10 version 1903 Client VPN issue

tantony
Head in the Cloud
‎Jul 8 2019 8:06 AM
‎Jul 8 2019 8:06 AM

Windows 10 version 1903 Client VPN issue

Not sure if you know this, but there's a Windows 10 native VPN client issue with this build.  To get around, you have to search for "VPN Settings", and connect to VPN from that Windows.

 

I'm not sure why Windows releases updates without testing first!

 

https://answers.microsoft.com/en-us/windows/forum/all/vpn-not-working-on-windows-10-1903/d23472ac-a1...

12 Replies 12
Nash
Kind of a big deal
‎Jul 8 2019 8:22 AM
‎Jul 8 2019 8:22 AM

Have I got a solution for you...

 

Are you familiar with the rasphone.exe client?

 

If you deploy the client VPN using my script that I constantly shill, a rasphone.exe desktop shortcut is automatically created.

 

Otherwise, you can either:

 

Hit Win+R and run rasphone.exe, select your VPN from the dropdown list, then connect a la Win7.

 

Or create a desktop shortcut as in the below screenshot. Your target is going to be your systems drive (usually C:, right?) and: C:\WINDOWS\system32\rasphone.exe -d "VPN Name"

Change "VPN Name" to the name of your vpn. Tell end user to use desktop shortcut. Avoids Win10's busted VPN overlay entirely.

 

rasphone.png

Windows 10 Client VPN scripts: Makes life better!
Uberseehandel
Kind of a big deal
‎Jul 8 2019 8:43 AM
‎Jul 8 2019 8:43 AM

Has anybody ever connected from a Win 10 Pro machine to a MX/Z using Client VPN? All I do is chew out surprising amounts of data and get nowhere.

 

Furthermore, I'm not sure that Android VPN client does much better. The Android phone (Sony) burned through 500MB data in 2 mornings of testing. In retrospect, I may have got close, so will do more pcaps tomorrow.

 

I can establish Hub/Spoke connections between an MX and a Z3C with LTE active.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
In response to Uberseehandel
Nash
Kind of a big deal
‎Jul 8 2019 8:57 AM
‎Jul 8 2019 8:57 AM

@Uberseehandel In as much as anything is my specialty, getting Win10 to connect to the client VPN is it.

 

What happens if you try the script I linked above? You can either create a one-and-done where you prepopulate the MX/Z's address, PSK, and - if split tunnel - subnets in the 192.168.0.0/24 format. AKA, your network IP slash CIDR notation.

 

Or you can run the script that prompts you for address, PSK, and subnets. Please read the comments on the scripts before running them. Default setup is an AllUserConnection, but I provide instructions for making it a single user connection.

 

For address, either use the Meraki-provided dynamic DNS (check the client VPN page) or create a CNAME record that points to that name. This way, you don't have to reconfigure end users if you change ISPs or failover between WAN1 and WAN2.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
In response to Nash
tantony
Head in the Cloud
‎Jul 8 2019 9:03 AM
‎Jul 8 2019 9:03 AM

@Nash 

 

Yes, I'm using rasphone.  Windows needs to do better quality control.  Any idea when Meraki will have its vpn client like the Cisco ASA and the AnyConnect?  This is what we really need.  

0 Kudos
In response to tantony
Nash
Kind of a big deal
‎Jul 8 2019 9:15 AM
‎Jul 8 2019 9:15 AM

@tantony Mmm, okay. When you referenced going into VPN settings, I assumed you meant this friendo:

 

2019_07_08_11_13_52_Settings.png

 

I have had issues with this not passing credentials correctly, which is why I go straight to rasphone. It's the simplest way to avoid Win10's strange issues.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
In response to Nash
tantony
Head in the Cloud
‎Jul 8 2019 9:29 AM
‎Jul 8 2019 9:29 AM

@Nash 

 

Actually, I meant "what your picture shows below".  This works for me.

 

I couldn't get the Client vpn to work from system tray, meaning it wouldn't bring up the login window.

 

If something goes bad, I'll look at rasphone.  Thanks for the suggestions.

0 Kudos
In response to tantony
Nash
Kind of a big deal
‎Jul 8 2019 10:05 AM
‎Jul 8 2019 10:05 AM

@tantony You're welcome. I call both the system tray way and the VPN Settings way "the Win10 overlay", since it's just rasphone in the end. The systems tray way breaks the most. The VPN settings way breaks less.

 

Most of my clients want a desktop shortcut, and you basically have to use rasphone to make that shortcut. If you make a shortcut from the Network and Sharing Center -> Change Adapter Settings screen, it'll try to use the system tray. This is why my eyebrows have gone grey.

Windows 10 Client VPN scripts: Makes life better!
0 Kudos
In response to Nash
Uberseehandel
Kind of a big deal
‎Jul 8 2019 10:18 AM
‎Jul 8 2019 10:18 AM

@Nash

 

Thanks for responding, and I will try your script. Unfortunately I am off to London this week, so I'll have to put the VPN Client testing on hold until afterwards. I'll take the Z3C with me, so I won't need to use the client software for a week.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
In response to Nash
Uberseehandel
Kind of a big deal
‎Jul 4 2021 4:44 AM
‎Jul 4 2021 4:44 AM

@Nash 

Sorry I never got back to you I disappeared into hospital(again) contemporaneously with your post, and it slipped between the lines, as it were.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
DW
Conversationalist
‎Jul 18 2019 1:14 PM
‎Jul 18 2019 1:14 PM

Great we will be testing some the resolution options today, will report back if we find a working solution for all

0 Kudos
IT_Tropolis
Getting noticed
‎Jul 2 2021 4:30 PM
‎Jul 2 2021 4:30 PM

This issue is back.  I've seen it in (3) different Windows 10 Build 19042 devices in the last two days.  I guess using rasphone.pbk is a workaround but hopefully Microsoft will fix it soon.

 

Is Cisco putting pressure on Microsoft to fix it?

0 Kudos
In response to IT_Tropolis
cmr
Kind of a big deal
Kind of a big deal
‎Jul 4 2021 1:45 AM
‎Jul 4 2021 1:45 AM

@IT_Tropolis Cisco's focus is on AnyConnect and that is now available on MX.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.