Simple Fix: VPN Error 789 L2TP Connection Attempt Failed

Repair L2TP VPN error using our practical solutions or VPN pick

by Milan Stanojevic
Milan Stanojevic
Milan Stanojevic
Windows & Software Expert
Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He's a PC enthusiast and he... read more
Affiliate Disclosure
  • VPN error 789 appears when a Windows system isn't configured properly while using the L2TP protocol.
  • This error can be fixed with a quick network adapter reset from Device Manager.
  • IPSec configuration should be changed as well as a fallback solution, so tweak the services as shown in our guide.

Using a VPN is a great way to protect your online privacy, but sometimes you might experience issues with it. Many Windows 10/11 users reported VPN error 789 which states the following message:

The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer

This issue will prevent you from achieving a safe connection on your PC, so it’s crucial that you fix it. So keep on reading to find out how to fix this problem once and for all.

Why does VPN error 789 appear?

This error pops up when your system is not properly set up to connect to an L2TP server, thus the connection attempt fails even before you establish a connection with the server.

It is also linked to the incorrect configuration of your operating system like Windows 10 in this case. This generic error is thrown when the IPSec negotiation fails for the L2TP/IPSec connections.

Other possible causes include:

  • L2TP-based VPN client (or VPN server) is behind NAT
  • The wrong certificate or pre-shared key is set on the VPN server or client
  • A machine certificate or trusted root machine certificate is not present on the VPN server
  • Machine Certificate on VPN Server does not have Server Authentication as the EKU

Before trying any of these solutions, ensure that L2TP and IPSec pass-through options are enabled from your router.

If you configured your VPN service manually, then make sure you use the preshared key 12345678. If this doesn’t work, here are more solutions you can use to fix this problem on your PC.

How do I fix the VPN error 789 on Windows 10 & 11?

  1. Reset network adapter
  2. Check the certificate
  3. Use a reliable VPN service
  4. Re-enable IPSec on your computer

1. Reset network adapter

  1. Press the Windows key + X and select Device Manager.
  2. Identify your network adapter and right-click on it then select Uninstall device.
  3. Click on Uninstall to confirm.
  4. Restart your computer. The device will reinstall and should reset it to default settings.

Refreshing the network adapter driver can make this problem go away quickly so make sure you try it out by performing the steps above.

2. Check the certificate

It is very important to ensure the correct certificate is used both on the client and the server side.

In case the two don’t match, you won’t be able to use the virtual private network. You might need to renew the certificate with your provider.

If you are using a Pre Shared Key (PSK), ensure that the same PSK is configured on the client-side, and the VPN server machine.

3. Use a reliable VPN service

It is very likely that the root of this problem is that the servers you use are not very optimal for your connection. For this reason, it is recommended to use a top-level VPN service.

To make sure you will not encounter this kind of issue in the future, look for a VPN service that has a large number of servers worldwide. That guarantees an increased chance of server availability and functionality.

We used and tested ExpressVPN with 3,000 servers across the globe and multiple locations in the US to access restricted content like streaming shows or sports from overseas.

Plus, it is easy to use, you don’t need any level of proficiency to get an optimal connection.

To get started, select the subscription plan of your choice, create an account and install it. When the app is ready to open, connect to a secure server with just one click.

This VPN is amongst the most secure services out there, with a verified no-logs policy. It provides a remarkably fast connection and free content access for geo-blocked content globally.


Overcome the VPN error 789 and enjoy secure and fast browsing across the whole globe.
Check price Visit website

4. Re-enable IPSec on your computer

  1. Press the Windows key + R keyboard shortcut to start Run.
  2. Type services.msc and press Enter or click OK.
  3. Double-click the IKE and AuthIP IPSec Keying Modules service.
  4. Set the Startup type to Automatic. If the service is running, click Stop and then Start. If it’s disabled, just click Start.
  5. Find IPSec Policy Agent and double-click it.
  6. Set the Startup type to Automatic. If the service is running, stop it and start it again. If it’s not running, start it.
  7. Save the changes.
  8. Restart your VPN service.

Once you have done all the steps above carefully, the VPN should work smoothly as the protocol settings have been reset to default.

If, however, it doesn’t work, you have to manually set the encryption method both for the server and the client-side, in order for them to be compatible.

In case you have a user-specific issue on your computer yet you still get the L2TP connection attempt failed error, you can also contact the customer care or tech support team for your specific VPN provider.

How do I fix Windows 11’s VPN error 789?

The following guide presents a useful method to resolve the VPN 789 error on Windows 11 PC.

Before starting this system process, be sure you understood it correctly and apply the steps as shown below to avoid potential registry damages.

Note icon NOTE
This method works only if your system is behind a NAT.
  1. Press Windows key + R and enter regedit.
  2. Navigate to the following path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  3. Right-click the space in the right pane and expand the New section. Select DWORD (32-bit) Value.
  4. Enter AssumeUDPEncapsulationContextOnSendRule as the name of the DWORD and double-click it.
  5. Set the Value data to 2 and click OK to save changes.

How does L2TP work?

Layer 2 Tunneling Protocol, also known as L2TP, is a tunneling protocol used by many VPN software.

It combines the features of other protocols including PPTP and L2F and establishes a safe connection between the VPN client and the server.

It’s important to mention that L2TP doesn’t offer encryption, and this is why it’s always paired with IPSec in order to provide the necessary security.

L2TP is also considered better than PPTP. It secures the traffic passing by it in an IPsec tunnel. If you have issues with it, we have an excellent guide on how to fix L2TP problems.

In addition, the ports you need to open are 500 and 4500 for UDP. You have the complete guide on unblocking L2TP for other ports and more.

Which is better, paid or free VPN?

While free VPNs are useful, they usually come with major limitations. In most cases, you’ll have a daily bandwidth cap. Other restrictions include the number of servers or the maximum speed that you can achieve.

With a reliable and paid VPN, you’ll have unlimited access to any server and no data restrictions, which makes it a superior choice for most users.

Fixing VPN error 789 is relatively simple, and we hope that this guide helped you solve the issue on your PC.

If the issue is still there, you can change your software completely. Just check our list including the best VPNs for Windows 10 and pick the one that suits your needs.

Do let us know if any of these solutions fixed VPN error 789 by leaving a comment in the section below.