Fix L2TP/IPsec VPN with Pre-Shared Key Not Working on Windows 11

Home » How To Guides » Fix
Diana Todea Shield
Chief Editor
Fix
Reading time icon 6 min. read

Calendar icon Published on

windows 11 l2tp ipsec pre shared key not working

If your L2TP/IPsec VPN won’t connect on Windows 11, you might see an error like “The L2TP connection attempt failed because the security layer encountered a processing error.” This problem often appears after Windows updates or when certain security services are turned off.

The good news is that most issues come from a few simple causes — like the wrong pre-shared key, blocked VPN ports, or Windows 11’s extra security settings. Follow these practical fixes to get your VPN connection working again. You can also check the Windows 10 L2TP/IPsec troubleshooting guide for comparison if you use multiple systems.

BEST WINTER DEALS
Editor's Choice
Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.
Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

How to Fix L2TP/IPsec VPN with Pre-Shared Key Not Working on Windows 11

Table of contents

1. Recheck Your VPN Configuration

clicking VPN windows 11 settings

Go to Settings → Network & Internet → VPN → Edit and confirm:

  • VPN provider: Windows (built-in)
  • VPN type: L2TP/IPsec with pre-shared key
  • Pre-shared key: entered exactly as provided (no spaces)
  • Username / password: correct and active

Even a small typo in the PSK or server address can cause authentication errors. For detailed setup steps, see how to connect to a VPN.

2. Start Required Windows Services

ipsec services set to automatic to prevent errors

Your VPN depends on background encryption services. Press Win + R, type services.msc, and press Enter. Set these to Automatic and click Start:

  • IKE and AuthIP IPsec Keying Modules
  • IPsec Policy Agent

Restart your PC and try the VPN again.

3. Enable NAT-Traversal in the Registry

If your VPN is behind a router or you get Error 809, enable NAT-Traversal so IPsec can pass through network devices:

  1. Press Win + R → regedit → Enter.
  2. Go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  3. Right-click → New → DWORD (32-bit) Value → name it AssumeUDPEncapsulationContextOnSendRule.
  4. Double-click it → set Value data to 2.
  5. Restart your computer.

4. Disable Credential Guard (Windows 11 Exclusive)

disable virtualization based security to turn off device guard

Windows 11 enables Credential Guard by default on modern devices. It can block MS-CHAP v2 authentication, which L2TP/IPsec uses. To turn it off temporarily:

  1. Press Win + R → gpedit.msc.
  2. Go to Computer Configuration → Administrative Templates → System → Device Guard.
  3. Open Turn On Virtualization-Based Security and set it to Disabled.
  4. Restart your PC and test the VPN.

You can re-enable it later after confirming the VPN works.

5. Allow VPN Ports and Protocols

vpn protocols

Make sure your firewall or router allows these connections:

  • UDP 500 – IKE negotiation
  • UDP 4500 – NAT traversal
  • UDP 1701 – L2TP
  • IP protocol 50 – ESP (encryption)

In Windows Defender Firewall → Advanced settingsInbound rules, add rules for UDP 500 and 4500, and a custom rule for ESP. To understand how these protocols differ and when to use them, check this guide on VPN protocols.

6. Reinstall WAN Miniport Adapters

Corrupted WAN Miniports are another common reason for L2TP errors (789 or 720). To fix:

  1. Right-click Start → Device Manager.
  2. Expand Network adapters.
  3. Uninstall WAN Miniport (L2TP), WAN Miniport (IP), and WAN Miniport (IKEv2).
  4. Click Action → Scan for hardware changes.

Windows reinstalls clean drivers automatically. If your VPN connection disappears, check VPN not showing up in Network Connections.

7. Uninstall Problematic Windows Updates

uninstall KB5026372 update on windows 11

Some patches (like KB5009566 and KB5025305) temporarily broke L2TP support in Windows 11. To fix:

  1. Open Settings → Windows Update → Update history → Uninstall updates.
  2. Remove the latest cumulative update.
  3. Restart and test your VPN.

8. Turn Off IPv6

disable ipv6

If your VPN provider doesn’t support IPv6, the connection might fail. Disable it to test:

  1. Press Win + R → ncpa.cpl → Enter.
  2. Right-click your active network → Properties.
  3. Uncheck Internet Protocol Version 6 (TCP/IPv6).
  4. Click OK and retry the VPN.

9. Flush DNS and Reset Winsock

flush dns

To reset your network stack, open Command Prompt as Administrator and run:

ipconfig /flushdns
netsh winsock reset
netsh int ip reset

Restart your PC after running these commands.

10. Fix Subnet Conflicts

If your local network uses the same IP range as your VPN (for example 192.168.1.x), traffic can route incorrectly. Change your router subnet to something like 192.168.50.x and try again. You can confirm correct routing by following this guide on accessing files through a VPN.

11. Update Network Drivers

click update driver network adapter windows

Windows 11 uses newer networking drivers (NDIS 6.9). Old NIC drivers may fail during IPsec negotiation:

  1. Open Device Manager → Network adapters.
  2. Right-click your network card → Update driver.
  3. Choose Search automatically for drivers.

12. Start the Routing and Remote Access Service (Windows 11 Exclusive)

Some Windows 11 builds cause slow or dropped VPNs. Enable this service to stabilize performance:

  1. Press Win + R → services.msc.
  2. Find Routing and Remote Access.
  3. Right-click → Start.

13. Reset Network Settings

network reset on windows

If nothing works, reset all network settings and rebuild the VPN from scratch:

  1. Go to Settings → Network & Internet → Advanced network settings → Network reset.
  2. Click Reset now.
  3. Restart your computer and reconfigure your VPN.

Common Error Codes and Fixes

Error CodeMeaningFix
789Wrong pre-shared key or invalid credentialsRe-enter PSK and password
809Blocked by firewall or NATAdd NAT-Traversal registry key
766Certificate expected instead of PSKSwitch to PSK mode
720Corrupted WAN MiniportsReinstall adapters
809 (after update)Windows update bugUninstall or replace faulty patch

Why did my VPN stop working after a Windows 11 update?

Some updates disable IPsec services or introduce temporary bugs. Restart services and uninstall the most recent patch.

Is L2TP/IPsec still safe to use?

Yes, with strong encryption (AES-256/SHA-2). For better reliability through NAT, consider switching to IKEv2/IPsec or OpenVPN. Learn more about VPN protocols

Final Thoughts

Most Windows 11 L2TP/IPsec issues come from incorrect pre-shared keys, blocked ports, or new system protections like Credential Guard. Go through each fix in order — especially the registry edit, service restart, and Credential Guard adjustment — to get your VPN running smoothly again.

Once it’s stable, keep your system updated and consider switching to IKEv2/IPsec for faster, more reliable connections.

More about the topics: VPN not working

Diana Todea

Diana Todea Shield

Chief Editor

Diana Todea is the editor-in-chief at VPNCentral.com. With a keen interest in online privacy, she is going all out in making sure we share practical and up-to-date methods to stay safe in the digital space. She's got a cybersecurity certification from Infosec and a data privacy specialization from UCI.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages