- The article describes how to configure an L2TP VPN connection between a Sophos XG Firewall and Microsoft Windows 10.
Windows 10 configuration
Change the default authentication mechanism to pre-shared key
- In the search section of the windows 10 desktop, type “firewall” and then click on Windows Defender Firewall with Advanced Security.
- In the Windows Defender Firewall with Advanced Security, click Propertise.
- Switch to the IPSec Setting tab and under IPSec Default click Cutomize.
- Under Authentication method, click Advanced and then click Cutomize.
- Select the current First authentication method, in this case, it is Computer (Kerberos V5) and click Remove.
- Click Add to add another First authentication method.
- In the Add First Authentication Method screen, select Preshared Key and specify the Preshared Key configured in the Sophos XG Firewall.
- Click OK in all the cascading windows.
Note: Make sure that IPSec Policy Agent and IKEand AuthIP IPSec Keying Modules in the machine are running without error.
Create the L2TP Connection on the end user’s machine
- On the desktop, right-click on the Windows button and click on Network Connections.
- Click on VPN and then click on Add a VPN connection.
- Configure the following and then click Save.
|VPN provider||Windows (built-in)|
|Connection name||Enter a connection name.|
|Server name or address||Enter the hostname or IP address of the XG Firewall.|
|VPN type||L2TP/IPsec with pre-shared key|
|Pre-shared key||Enter the pre-shared key.|
|Type of sign-in info||User name and password|
|User name (optional)||Enter the user name. This is optional.|
|Password (optional)||Enter the password. This is optional.|
- Click on the new connection that was created and then click Connect.
- Enter the username and password of the L2TP user to connect with the L2TP connection and then click OK.
- The above configuration establishes an L2TP connection between the Sophos XG Firewall and a Windows 10 machine.