Home

How to deploy a Windows 10 VPN Profile? Meraki Client VPN (L2TP+PSK)

%3CLINGO-SUB%20id%3D%22lingo-sub-731805%22%20slang%3D%22en-US%22%3EHow%20to%20deploy%20a%20Windows%2010%20VPN%20Profile%3F%20Meraki%20Client%20VPN%20(L2TP%2BPSK)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-731805%22%20slang%3D%22en-US%22%3E%3CP%3EHas%20anyone%20configured%20a%20Windows%2010%20Configuration%20Profile%20successfully%3F%20Is%20there%20a%20way%20to%20do%20it%20for%20Meraki%20Client%20VPN%20solutions%20that%20use%20L2TP%2BPSK%20or%20do%20I%20have%20to%20use%20a%20certificate%3F%20The%20documentation%20on%20this%20issue%20appears%20a%20bit%20vague.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-731805%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-742533%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20deploy%20a%20Windows%2010%20VPN%20Profile%3F%20Meraki%20Client%20VPN%20(L2TP%2BPSK)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-742533%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20the%20same%20question%2C%20so%20will%20be%20interested%20to%20see%20reply.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20Meraki%20article%20shows%20how%20to%20configure%20a%20VPN%20profile%20on%20Windows%2010...%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocumentation.meraki.com%2FMX%2FClient_VPN%2FClient_VPN_OS_Configuration%23Windows_10%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocumentation.meraki.com%2FMX%2FClient_VPN%2FClient_VPN_OS_Configuration%23Windows_10%3C%2FA%3E%3C%2FP%3E%3CP%3Ebut%20this%20uses%20L2TP%20with%20PSK.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIntune%20Device%20Configuration%20policies%20support%20VPN%20settings%20with%20L2TP%20and%20a%20certificate%20(but%20not%20with%20a%20Pre-Shared%20Key).%3C%2FP%3E%3CP%3EIf%20I%20could%20work%20out%20how%20to%20use%20an%20authentication%20certificate%2C%20then%20that%20would%20be%20the%20better%20option.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20MS%20article%20describes%20how%20to%20use%20EAP%20and%20output%20the%20necessary%20XML%20for%20Intune%2C%20but%20I%20can't%20seem%20to%20link%20this%20to%20Meraki%20MX%20firewalls...%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Feap-configuration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Feap-configuration%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHas%20anyone%20got%20the%20final%20piece%20of%20this%20jigsaw%20puzzle%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-742579%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20deploy%20a%20Windows%2010%20VPN%20Profile%3F%20Meraki%20Client%20VPN%20(L2TP%2BPSK)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-742579%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F145795%22%20target%3D%22_blank%22%3E%40Martin%20Norfolk%3C%2FA%3E%26nbsp%3BI%20haven't%20gotten%20any%20traction%20with%20this%20other%20than%20finding%20CMAK%20(Connection%20Manager%20Administrator%20Kit)%2C%20the%20feature%2Frole%20you%20can%20install%20on%20Windows%20Server%20to%20create%20a%20connection%20and%20then%20distribute%20to%20your%20end%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fnewhelptech.wordpress.com%2F2017%2F07%2F12%2Fstep-by-step-how-to-create-connection-manager-administrator-kit-cmak-in-windows-server-2016%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fnewhelptech.wordpress.com%2F2017%2F07%2F12%2Fstep-by-step-how-to-create-connection-manager-administrator-kit-cmak-in-windows-server-2016%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-774125%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20deploy%20a%20Windows%2010%20VPN%20Profile%3F%20Meraki%20Client%20VPN%20(L2TP%2BPSK)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-774125%22%20slang%3D%22en-US%22%3E%3CP%3ETry%20editing%20the%20VPN%20network%20connection%20settings%20in%20the%20old%20windows%20interface%20and%20disable%20IPv6%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F275405%22%20target%3D%22_blank%22%3E%40symm_adrian%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Has anyone configured a Windows 10 Configuration Profile successfully? Is there a way to do it for Meraki Client VPN solutions that use L2TP+PSK or do I have to use a certificate? The documentation on this issue appears a bit vague.

 

Thanks!

3 Replies
Highlighted

I have the same question, so will be interested to see reply.

 

This Meraki article shows how to configure a VPN profile on Windows 10...

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Windows_10

but this uses L2TP with PSK.

 

Intune Device Configuration policies support VPN settings with L2TP and a certificate (but not with a Pre-Shared Key).

If I could work out how to use an authentication certificate, then that would be the better option.

 

This MS article describes how to use EAP and output the necessary XML for Intune, but I can't seem to link this to Meraki MX firewalls...

https://docs.microsoft.com/en-us/windows/client-management/mdm/eap-configuration

 

Has anyone got the final piece of this jigsaw puzzle?

 

Thanks.

Highlighted

@Martin Norfolk I haven't gotten any traction with this other than finding CMAK (Connection Manager Administrator Kit), the feature/role you can install on Windows Server to create a connection and then distribute to your end users.

 

https://newhelptech.wordpress.com/2017/07/12/step-by-step-how-to-create-connection-manager-administr...

 

 

Highlighted

Try editing the VPN network connection settings in the old windows interface and disable IPv6 @symm_adrian