Fix: VPN l2tp connection attempt failed on Windows 10 & 11

by Milan Stanojevic
Milan Stanojevic
Milan Stanojevic
Windows & Software Expert
Milan has been enthusiastic about PCs ever since his childhood days, and this led him to take interest in all PC-related technologies. Before joining WindowsReport, he worked as... read more
Affiliate Disclosure
  • VPN error 789 appears when a Windows system isn't configured properly while using the L2TP protocol.
  • This error can be fixed with a quick network adapter reset from Device Manager.
  • IPSec configuration should be changed as well as a fallback solution so tweak the services as shown in our guide.

Using a VPN is a great way to protect your online privacy, but sometimes you might experience issues with it. Many Windows 10/11 users reported VPN error 789 that states the following message:

The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer

This issue will prevent you from achieving a safe connection on your PC, and therefore it’s crucial that you fix it. So keep on reading to find out how to fix this problem once and for all.

Best VPNs we recommend

  1. Private Internet Access - Access content across the globe at the highest speed rate.
  2. NordVPN - Secure multiple devices and enjoy stable connections anywhere.
  3. SurfShark - Price convenient VPN service with all-rounded security features.
  4. CyberGhost - Connect to thousands of servers for persistent seamless browsing.
  5. ExpressVPN - Browse the web from multiple devices with increased security protocols.

Why does VPN error 789 appear?

This error pops up when your system is not properly set up to connect to an L2TP server, thus the connection attempt fails even before you establish a connection with the server.

It is also linked to the incorrect configuration of your operating system like Windows 10 in this case. This generic error is thrown when the IPSec negotiation fails for the L2TP/IPSec connections.

Other possible causes include:

  • L2TP based VPN client (or VPN server) is behind NAT
  • Wrong certificate or pre-shared key is set on the VPN server or client
  • A machine certificate or trusted root machine certificate is not present on the VPN server
  • Machine Certificate on VPN Server does not have Server Authentication as the EKU

Before trying any of these solutions, ensure that L2TP and IPSec pass-through options are enabled from your router.

If you configured your VPN service manually, then make sure you use the preshared key 12345678. If this doesn’t work, here are more solutions you can use to fix this problem on your PC.

How do I fix the VPN error 789 on Windows 10 & 11?

  1. Reset network adapter
  2. Check the certificate
  3. Use a reliable VPN service
  4. Re-enable IPSec on your computer

1. Reset network adapter

  1. Press Windows key + X and select Device Manager.
  2. Identify your network adapter and right-click on it then select Uninstall device.
  3. Click on Uninstall to confirm.
  4. Restart your computer. The device will reinstall and should reset it to default settings.

Refreshing the network adapter driver can make this problem go away quickly so make sure you try it out by performing the steps above.

2. Check the certificate

It is very important to ensure the correct certificate is used both on the client and the server-side.

In case the two don’t match, you won’t be able to use the virtual private network. You might need to renew the certificate with your provider.

If you are using a Pre Shared Key (PSK), ensure that the same PSK is configured on the client-side, and the VPN server machine.

3. Use a reliable VPN service

It is very likely that the root of this problem is that the servers you use are not very optimal for your connection. For this reason, it is recommended to use a top-level VPN service.

To make sure you will not encounter this kind of issue in the future, look for a VPN service that has a large number of servers across the globe. That guarantees an increased chance of server availability and functionality.

We recommend NordVPN because it has over 5 thousand servers across the globe, plus 1 thousand servers in the US alone. Plus, it is easy to use, you don’t need any level of proficiency to get an optimal connection.

To get started, select the subscription plan of your choice, create an account and install it. When the app is ready to open, connect to a secure server with just one click.

NordVPN is amongst the most secure VPN services out there, with a verified no-logs policy. It provides a very good connection speed of over 6700+Mbps.

NordVPN

Overcome the VPN error 789 and enjoy secure and fast browsing across the whole globe.

Free trial Visit website

4. Re-enable IPSec on your computer

  1. Press the Windows key + R keyboard shortcut to start Run.
  2. Type services.msc and press Enter or click OK.
  3. Double-click the IKE and AuthIP IPSec Keying Modules service.
  4. Set the Startup type to Automatic. If the service is running, click Stop and then Start. If it’s disabled, just click Start.
  5. Find IPSec Policy Agent and double-click it.
  6. Set the Startup type to Automatic. If the service is running, stop it and start it again. If it’s not running, start it.
  7. Save the changes.
  8. Restart your VPN service.

Once you have done all the steps above carefully, the VPN should work smoothly as the protocol settings have been reset to default.

If, however, it doesn’t work, you have to manually set the encryption method both for the server and the client-side, in order for them to be compatible.

In case you have a user-specific issue on your computer yet you still get the L2TP connection attempt failed error, you can also contact the customer care or tech support team for your specific VPN provider.

How do I fix Windows 11’s VPN error 789?

Modify your registry

Note icon
NOTE
This method works only if your system is behind a NAT.

  1. Press Windows key + R and enter regedit.
  2. Navigate to the following path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  3. Right-click the space in the right pane and expand the New section. Select DWORD (32-bit) Value.
  4. Enter AssumeUDPEncapsulationContextOnSendRule as the name of the DWORD and double-click it.
  5. Set the Value data to 2 and slick OK to save changes.

How does L2TP work?

Layer 2 Tunneling Protocol, also known as L2TP, is a tunneling protocol used by VPNs. It combines the features of other protocols including PPTP and L2F and establishes a safe connection between the VPN client and the server.

It’s important to mention that L2TP doesn’t offer encryption, and this is why it’s always paired with IPSec in order to provide the necessary security.

Which is better, paid or free VPN?

While free VPNs are useful, they usually come with major limitations. In most cases, you’ll have a daily bandwidth cap. Other restrictions include the number of servers or the maximum speed that you can achieve.

With a reliable and paid VPN, you’ll have unlimited access to any server and no data restrictions, which makes it a superior choice for most users.

Fixing the VPN error 789 is relatively simple, and we hope that this guide helped you solve the issue on your PC.

In case the issue is still there, you can also change your software completely. Just check our list including the best VPNs for Windows 10 and pick the one that suits your needs.

Do let us know if any of these solutions fixed VPN error 789 by leaving a comment in the section below.

Your connection is not secure - websites you visit can find out your details:

  • Your IP
  • Your IP Address:

Companies can sell this information, alongside your location and internet provider name, and profit from it by serving targeted ads or monitoring your data usage.

Use a VPN to protect your privacy and secure your connection.

We recommend Private Internet Access, a VPN with a no-log policy, open source code, ad blocking and much more; now 79% off.

Frequently Asked Questions

  • The ports you need to open are 500 and 4500 for UDP. Check out the complete guide on unblocking L2TP for other ports and more.

  • L2TP stands for Layer 2 Tunneling Protocol and is considered better than PPTP. It secures the traffic passing by it in an IPsec tunnel. If you have issues with it, we have an excellent guide on how to fix L2TP problems.

  • By resetting the network adapter or setting the firewall to allow traffic through port 500. More details in this excellent guide.