Avatar of E C
E C
Flag for United States of America asked on

SonicWall Pro 2040, Windows 7 and L2TP with AES

I have a SonicWall Pro 2040.
The VPN is configured to use L2TP with 3DES encryption.

Using Windows 7's built-in VPN support, I created a connection and it works fine.

However, I also have Mac users who need to connect remotely. Apparently Apple no longer supports 3DES in their latest OS (10.7 Lion). I was told the VPN software built into Lion only supports AES encryption.

So, I logged into my Pro 2040 and changed the encryption from 3DES to AES-256 and sure enough, it works! My Mac users can now connect.

Well ... now my Windows 7 users CANNOT connect!
The VPN settings on Windows 7 are pretty basic. There's no place to specify the encryption type to match the VPN Server. I probably tried every possible combination of settings but I cannot get it to connect to my Pro 2040.

If I set the VPN Server from AES-256 back to 3DES, my Windows 7 users can connect right away but as you can probably guess, now my Mac users CANNOT connect.

Note: I tried using AES-128 instead of 256 to see if that would work; it did not

I read somewhere online that Windows 7 supports AES (I would expect it to), but I cannot get it to work.

So it appears that:
- Windows 7 supports 3DES but not AES.
- Mac OS X 10.7 supports AES but not 3DES.

(One more thing I wanted to mention ... on the Mac side, there is a third party VPN software client called Equinux VPN Tracker. I tried it out and it works beautifully. In other words, I can set my VPN back to 3DES and that makes my PCs happy. And using Equinux (instead of the Mac's built-in VPN client), the Macs are happy) But that software is too expensive)
VPNEncryptionInternet Protocol Security

Avatar of undefined
Last Comment
E C

8/22/2022 - Mon
Carl Dula

E C

ASKER
Hello carlmd,
Thanks for that link. But, while it mentions AES is supported in Windows 7, I still cannot connect unless I change my firewall from AES to 3DES.
ASKER CERTIFIED SOLUTION
Carl Dula

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
E C

ASKER
Hello Carl,
It appears that I can create another VPN policy, but I must admit I did not try it. Instead, I ended up reverting the VPN back to 3DES (to make the Windows users happy), and purcahsed Equinux VPNTracker (VPN Client software) for the Mac Users. Turns out I only had to purchase one Pro version. The Pro version can export a configuration file. Then I purchased 4 'Player' licenses, installed on each Mac, imported the config file and now they also connect just fine (also using 3DES).

Seems the VPN Client that is built into each OS (Windows and Mac) is flaky ... at least with my old SonicWall.

Thanks for your help!
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck