FIX: VPN error 809 on Windows 10

3 minute read
expressvpn proxy error

VPN error 809 is usually caused when a firewall between the client and server blocks the ports that a VPN tunnel uses. Additionally, and by default, Windows doesn’t support IPsec NAT-T security associations to servers behind a NAT device.

NAT devices have a way of translating network traffic, and because of this, you may get errors when you put a server behind a NAT device and use the IPsec NAT-T environment.

Some of the symptoms of VPN error 809 include the error message you receive, and if you’re using the L2TP protocol, you cannot connect so the error is displayed saying, “The network connection between your computer and the VPN server could not be established.”

When the error appears, the event log too won’t display any related logs because the traffic won’t reach the MX’s WAN interface.

To resolve VPN error 809, here are some solutions you can try.

FIX: VPN error 809

  1. Enable the ports on your firewall/router
  2. Add a value to the Windows registry
  3. Disable Xbox Live Networking services
  4. Check PAP settings

1. Enable the ports on your firewall/router

Usually, VPN error 809 manifests by the PPTP port (TCP 1723), or port L2TP or IKEv2 port (UDP port 500 or 4500) blocked by a firewall or router.

The solution is to enable the port on the firewall or your router. If this is not possible, deploy the SSTP or OpenVPN based VPN tunnel on your VPN provider.

This allows the VPN connection to work across the firewall, NAT and web proxies.

2. Add a value to the Windows registry

If you get VPN error 809 when trying to establish your VPN connection, and your MX is located behind a NAT, the solution to this is to add the AssumeUDPEncapsulationContextOnSendRule” DWORD value to the Windows registry.

This lets Windows operating system establish security associations when your VPN’s server and the computer client are behind NAT devices.

For Windows 10, do this:

  • Right click start and select Run

  • Type regedit and press enter

  • Find this path: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesPolicyAgent 
  • RegValue: AssumeUDPEncapsulationContextOnSendRule
  • Type DWORD
  • Change the data value to 2. Once you create the key, restart your computer.

Note: some third party network apps can cause VPN error 809, like SmartByte, so disabling it can also fix the problem and let your VPN connect again.


In case you want a VPN tool that works like a charm, We recommend you Cyberghost.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


3. Disable Xbox Live Networking services

Sometimes your antivirus can be incompatible with Windows 10 causing it to break IPsec connections. A Windows 10 service may block access to the L2TP/IPsec VPN so to resolve this and prevent VPN error 809, do this:

  • Type services in the search box
  • Click on Services from search results

windows services

  • Find Xbox Live Networking Services and disable it

  • Check if your VPN connection works and the error 809 disappears

— RELATED: VPN blocked on Windows 10? Don’t panic, here’s the fix

4. Check PAP settings

  • Click Start and select Settings
  • Select Network and Internet

Surface Pro won't connect to WiFi Windows 10

  • Click VPN on the left pane

BBC iPlayer VPN is not working

  • Click Add a VPN connection and use the following:

For VPN provider, use Windows (built-in)

For Connection Name, write anything you like as this will be shown on the interface

For Server name or address, write the external hostname of your VPN

For VPN type, choose L2TP/IPsec

For Type of sign-in info, select Username and password

For Username/Password/Remember me: set as required as these are optional

  • Click Save
  • Select Change adapter options
  • Right click the connection you created and select Properties
  • Under Security tab, click Advanced Settings
  • Click Use pre-shared key
  • Enter the PSK and click OK
  • Set Data encryption to Maximum Strength
  • Under Authentication, select Allow these protocols
  • Tick the PAP box only
  • Restart your computer
  • Disable the service of Xbox Live Networking Services and see if VPN error 809 persists

Were you able to resolve the VPN error 809? Let us know in the comments section below.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend to use this tool.

This tool will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

  1. Download this PC Repair Tool with Patended Technologies
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues (requires upgrade).