Forum Discussion
How to deploy a Windows 10 VPN Profile? Meraki Client VPN (L2TP+PSK)
Has anyone configured a Windows 10 Configuration Profile successfully? Is there a way to do it for Meraki Client VPN solutions that use L2TP+PSK or do I have to use a certificate? The documentation on this issue appears a bit vague.
Thanks!
- Martin NorfolkCopper Contributor
I have the same question, so will be interested to see reply.
This Meraki article shows how to configure a VPN profile on Windows 10...
https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10
but this uses L2TP with PSK.
Intune Device Configuration policies support VPN settings with L2TP and a certificate (but not with a Pre-Shared Key).
If I could work out how to use an authentication certificate, then that would be the better option.
This MS article describes how to use EAP and output the necessary XML for Intune, but I can't seem to link this to Meraki MX firewalls...
https://docs.microsoft.com/en-us/windows/client-management/mdm/eap-configuration
Has anyone got the final piece of this jigsaw puzzle?
Thanks.
- symm_adrianBrass Contributor
Martin Norfolk I haven't gotten any traction with this other than finding CMAK (Connection Manager Administrator Kit), the feature/role you can install on Windows Server to create a connection and then distribute to your end users.
- nhammadeCopper Contributor
Please let me know if you have solved this issues I have the same issues with L2TP and PreSHared kepsymm_adrian
- e-10_808Copper Contributor
Try editing the VPN network connection settings in the old windows interface and disable IPv6 symm_adrian
- ashokdangolCopper Contributor
has anyone come up with any idea? I have a similar problem.
- nhammadeCopper Contributor
ashokdangol Iโm still looking, nothing yet from my side hopefully some can help us.
- somesh_pathakIron ContributorHi Symm_Adrian,
If you are trying to connect your Win10 devices with authentication on CISCO infra e.g. WiFi, LAN or VPN or with 802.1x authentication, then it is possible using certificates. You need to deploy custom XML profiles.- ashokdangolCopper Contributor
somesh_pathak we have ubiquiti router which only allow L2TP psk VPN. Can I ask if you have any idea to create EAP XML with L2tp PSK? I think we should ask for feature request. ๐
- somesh_pathakIron Contributor
ashokdangol We faced the same issue with connecting AO VPN with L2TP on AO VPN on AAD & Hybrid AAD join device and worked with MS for months and eventually concluded that L2TP will not work in these scenarios. However, we were able to achieve it using custom PS scripts. We created two adapters for the device tunnel & user tunnel. These scripts can be packaged as a win32 packages or can be transformed into XML for Intune VPN profile. You can refer to the excellent script from Richard Hicks to create your own custom XML - aovpn/ProfileXML_Device.xml at master ยท richardhicks/aovpn (github.com)
Deploy these PS manually on a test machine in the system context and then export the eap XML, which you can later import in Intune. Hope this helps.๐