Windows 10 client VPN is buggy and unreliable. Constant change from PAP to CHAP in options on the adapter, and toggling the sign in method from General to User/Pass. Never ending source of frustration. There is literally no way to deploy multiple VPN connections across environment without using CMAK, and it is still a deprecated tool that is buggy on it's best days, and not flexible enough to even be considered an option.
The MX series is only able to use IKEv1 at the moment. Since AnyConnect uses IKEv2 for negotiating the VPN it's not possible to use it at the moment...I would also love to use it for my customers. As far as I know Meraki is working on IKEv2 for MX and AnyConnect afterwards.
We actually created a script to push out the VPN and settings to our Windows 10 users. Was very simple to do using PowerShell. No CMAK required
Add-VpnConnection -AllUserConnection -Name "[insert VPN name]" -ServerAddress [insert IP/hostname for VPN] -TunnelType L2tp -DNSSuffix "[insert domain name]" -EncryptionLevel Optional -AuthenticationMethod PAP -L2tpPsk "[insert VPN password]" -Force -PassThru
Shrewsoft does not show any updates since 2013? Can anyone actively using shrewsoft with an MX appliance enlighten us if it works and is secure? I feel with all the openvpn and openssh exploits in the last few years this is not a good thing on the part of shrewsoft.
You are using "-EncryptionLevel Optional". Does this mean the authentication is sent in cleartext? As per the guidelines in this document, it suggests you require encryption (seen in the images) whilst using PAP.
I too am trying to figure out how to deeply this VPN config.
July 2018 - this continues to be a major issue for some Windows 10 workstations every time there is a failed connect the client changes the connection properties (as noted from PAP to CHAP) and then when you correct that you have to go back and reset the login information. I too vote for a reliable VPN client for my Meraki MX64's.
I've put togther a similar set powershell scripts, which create the vpn connection, and (as needed) can also reset the configuration of the vpn connection.