Sophos XG Firewall: How to configure an L2TP connection for Windows 10

Overview

The article describes how to configure an L2TP VPN connection between a Sophos XG Firewall and Microsoft Windows 10.

Change the default authentication mechanism to pre-shared key

In the search section of the windows 10 desktop, type “firewall” and then click on Windows Defender Firewall with Advanced Security.
In the Windows Defender Firewall with Advanced Security, click Propertise.
Switch to the IPSec Setting tab and under IPSec Default click Cutomize.
Under Authentication method, click Advanced and then click Cutomize.
Select the current First authentication method, in this case, it is Computer (Kerberos V5) and click Remove.
Click Add to add another First authentication method.
In the Add First Authentication Method screen, select Preshared Key and specify the Preshared Key configured in the Sophos XG Firewall.
Click OK in all the cascading windows.
Note: Make sure that IPSec Policy Agent and IKEand AuthIP IPSec Keying Modules in the machine are running without error.

Create the L2TP Connection on the end user’s machine

On the desktop, right-click on the Windows button and click on Network Connections.
Click on VPN and then click on Add a VPN connection.
Configure the following and then click Save.

Parameter	Value
VPN provider	Windows (built-in)
Connection name	Enter a connection name.
Server name or address	Enter the hostname or IP address of the XG Firewall.
VPN type	L2TP/IPsec with pre-shared key
Pre-shared key	Enter the pre-shared key.
Type of sign-in info	User name and password
User name (optional)	Enter the user name. This is optional.
Password (optional)	Enter the password. This is optional.

Click on the new connection that was created and then click Connect.
Enter the username and password of the L2TP user to connect with the L2TP connection and then click OK.