Is it just me or is the Windows 10 implementation of VPN terrible? RRS feed

  • Question

  • I have had nothing but issues setting up Windows 10 clients to access 2008 and 2012 servers using VPN. Although I've been able to sort of solve these issues, it seems like it's way more work than Linux, Android, or Mac clients.

    Here's the two silliest issues I've encountered and their solutions:

    1) Split DNS doesn't work by default on systems connecting over VPN by LAN. In order to resolve this, you have to go into adapter settings and set the metric to 5 (or lower than your other adapters I guess). This seems like a silly default behavior considering that Windows 7 and 8 don't have this issues and it usually works on Windows 10 clients connecting by wifi. Also, until it was patched this could only be changed with power shell.

    2) L2TP requires a change to the registry in order to connect. This is in KB 885407: https://support.microsoft.com/en-us/help/885407/the-default-behavior-of-ipsec-nat-traversal-nat-t-is-changed-in-window. And the "reason" is explained in KB 885348: https://support.microsoft.com/en-us/help/885348/ipsec-nat-t-is-not-recommended-for-windows-server-2003-computers-that. But it doesn't really make sense. I can see how there could be a potential issue in the case where a client is connecting through another client and both are establishing the security association. But my client 1 can't even connect through a router which provides mere NAT unless I modify registry values. 885348 states that I should be fine, " Windows-based client computers that support IPSec NAT-T can be located behind a network address translator."

    It surely doesn't help that VPN is apparently outside of scope for Microsoft Support and they just transfer you around, blame your ISP, and then direct you to support.microsoft.com where you have to dig out your MSDN info.

    Nor is it useful that the new UI basically does nothing. Why do I have to flip between the VPN settings menu and the old control panel adapter settings menu to resolve these sorts of issues? Moreover, why does right clicking on connect/disconnect take me back to the VPN settings menu instead of just connecting?

    Anyway, I guess I've solved the issues I've encountered, but if anyone has other issues/solutions for SSTP or IKEv2, I would love to hear them.

    • Edited by deathmcdoom Wednesday, July 12, 2017 7:03 PM
    Wednesday, July 12, 2017 7:02 PM