Using multiple L2TP/IPSec connections in Windows
In Windows, it is not possible to establish more than one simultaneous connection to an external L2TP/IPSec VPN server from Windows computers sharing a single Internet connection (a single external WAN IP address). For example, an external VPN server may be using multiple user accounts. Each user can establish a connection to the server. Still, if they attempt to connect to the VPN server simultaneously from a single external IP address, a connection error will occur. This issue occurs exclusively on computers running Windows (from XP onwards). This error is specific to the incorrect operation of the built-in L2TP/IPSec VPN client on Windows.
In this case, to ensure clients connect correctly via NAT, try making a Windows registry change on the VPN client.
Warning
The Registry Editor is a tool intended for experienced users only. It is designed to view and modify settings in the Windows operating system’s registry, which contains information about the computer’s operation.
Incorrect changes to the registry can cause serious problems, so please follow the steps below carefully. For added protection, it is recommended that you back up the registry before editing it, so you can restore the Windows registry if any issues arise.
To launch the Registry Editor in Windows, press the Win + R keys, type regedit and click OK. Navigate to the registry key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters] and set the following values:
AllowL2TPWeakCrypto = dword:00000001
ProhibitIPSec = dword:00000000After editing the registry, you will need to restart the operating system for the changes to take effect.
You may also need to configure the AssumeUDPEncapsulationContextOnSendRule registry key, as shown in the article on the Microsoft site.