FIX: VPN error 809 on Windows 10

Milan Stanojevic
by Milan Stanojevic
Deputy Editor
Download PDF
Affiliate Disclosure

VPN error 809 is usually caused when a firewall between the client and server blocks the ports that a VPN tunnel uses. Additionally, and by default, Windows doesn’t support IPsec NAT-T security associations to servers behind a NAT device.

NAT devices have a way of translating network traffic, and because of this, you may get errors when you put a server behind a NAT device and use the IPsec NAT-T environment.

Some of the symptoms of VPN error 809 include the error message you receive, and if you’re using the L2TP protocol, you cannot connect so the error is displayed saying, “The network connection between your computer and the VPN server could not be established.”

When the error appears, the event log too won’t display any related logs because the traffic won’t reach the MX’s WAN interface.

To resolve VPN error 809, here are some solutions you can try.

FIX: VPN error 809

  1. Enable the ports on your firewall/router
  2. Add value to the Windows registry
  3. Disable Xbox Live Networking services
  4. Check PAP settings

1. Enable the ports on your firewall/router

Usually, VPN error 809 manifests by the PPTP port (TCP 1723), or port L2TP or IKEv2 port (UDP port 500 or 4500) blocked by a firewall or router.

The solution is to enable the port on the firewall or your router. If this is not possible, deploy the SSTP or OpenVPN based VPN tunnel on your VPN provider.

This allows the VPN connection to work across the firewall, NAT and web proxies.

2. Add value to the Windows registry

If you get VPN error 809 when trying to establish your VPN connection, and your MX is located behind a NAT, the solution to this is to add the AssumeUDPEncapsulationContextOnSendRule” DWORD value to the Windows registry.

This lets Windows operating system establish security associations when your VPN’s server and the computer client are behind NAT devices.

For Windows 10, do this:

  1. Right-click Start and select Run
  2. Type regedit and press enter
  3. Find this path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Policy\Agent 
  4. RegValue: AssumeUDPEncapsulationContextOnSendRule
  5. Type DWORD
  6. Change the data value to 2. Once you create the key, restart your computer.



Note: some third party network apps can cause VPN error 809, like SmartByte, so disabling it can also fix the problem and let your VPN connect again.

Note: In case you want a VPN tool that works like a charm, We recommend you Cyberghost.  Install now Cyberghost VPN (currently discounted) and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

CyberGhost also released the 7th version for Windows, with a lot of new security features so we suggest you to try it out.

Smart choice!
cyberghost vpn for windows logo
  • 256-bit AES encryption
  • Over 5600 servers worldwide
  • Great price plans
  • Excellent support

3. Disable Xbox Live Networking services

Sometimes your antivirus can be incompatible with Windows 10 causing it to break IPsec connections. A Windows 10 service may block access to the L2TP/IPsec VPN so to resolve this and prevent VPN error 809, do this:

  1. Type services in the search box
  2. Click on Services from search results
    windows services
  3. Find Xbox Live Networking Services and disable it
  4. Check if your VPN connection works and the error 809 disappears

— RELATED: VPN blocked on Windows 10? Don’t panic, here’s the fix

4. Check PAP settings

  1. Click Start and select Settings
  2. Select Network and Internet
    Surface Pro won't connect to WiFi Windows 10
  3. Click VPN on the left pane
    BBC iPlayer VPN is not working
  4. Click Add a VPN connection and use the following:
    For VPN provider, use Windows (built-in)For Connection Name, write anything you like as this will be shown on the interface

    For Server name or address, write the external hostname of your VPN

    For VPN type, choose L2TP/IPsec

    For Type of sign-in info, select Username and password

    For Username/Password/Remember me: set as required as these are optional

  5. Click Save
  6. Select Change adapter options

  7. Right-click the connection you created and select Properties
  8. Under the Security tab, click Advanced Settings
  9. Click Use pre-shared key
  10. Enter the PSK and click OK
  11. Set Data encryption to Maximum Strength

  12. Under Authentication, select Allow these protocols
  13. Tick the PAP box only
  14. Restart your computer
  15. Disable the service of Xbox Live Networking Services and see if VPN error 809 persists

Were you able to resolve the VPN error 809? Let us know in the comments section below.