When trying to connect a Windows 10 client to Server 2019 Routing and Remote Access L2TP/IPsec tunnel two important settings are required on the client that aren’t commonly documented:
- Maximum strength encryption:
- Settings -> Network -> VPN
- Change Adapter Options
- Change Settings on this connection
- Security -> Data encryption -> Maximum strength encryption
- Registry entry AssumeUDPEncapsulationContextOnSendRule set to 2, to enable Client and Server to be behind NAT devices – see: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-l2tp-ipsec-server-behind-nat-t-device