L2TP on 卡螺絲https://caloskao.org/tags/l2tp/Recent content in L2TP on 卡螺絲Hugo -- gohugo.iozh-HantWed, 06 May 2026 16:35:15 +0800Windows L2TP VPN 錯誤 809:修改登錄檔解決 NAT 相容性問題https://caloskao.org/l2tp-vpn-error-809-registry-fix/Mon, 04 May 2026 00:00:00 +0800https://caloskao.org/l2tp-vpn-error-809-registry-fix/<p>Windows 連接 L2TP/IPSec VPN 時,出現錯誤:</p> <blockquote> <p>錯誤 809:無法建立電腦與 VPN 伺服器之間的網路連線,因為遠端伺服器未回應。</p> </blockquote> <p>這個錯誤通常發生在客戶端位於 NAT 後方(例如家用路由器)的情況下。L2TP/IPSec 協定在設計上對 NAT 的支援有限,需要透過修改登錄檔啟用 UDP 封裝才能正常運作。</p> <h2 id="解法一啟用-udp-封裝nat-traversal">解法一:啟用 UDP 封裝(NAT Traversal) </h2><p>在提升權限的命令提示字元中執行:</p> <p><strong>Windows Vista / 7 / 8 / 10 / 11:</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-batch" data-lang="batch"><span class="line"><span class="cl">REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f </span></span></code></pre></td></tr></table> </div> </div><p><strong>Windows XP(僅適用):</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-batch" data-lang="batch"><span class="line"><span class="cl">REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f </span></span></code></pre></td></tr></table> </div> </div><p><code>AssumeUDPEncapsulationContextOnSendRule</code> 的值說明:</p> <table> <thead> <tr> <th>值</th> <th>意義</th> </tr> </thead> <tbody> <tr> <td><code>0</code></td> <td>預設,假設伺服器不在 NAT 後方</td> </tr> <tr> <td><code>1</code></td> <td>假設伺服器在 NAT 後方</td> </tr> <tr> <td><code>2</code></td> <td>伺服器與客戶端都可能在 NAT 後方(最常用)</td> </tr> </tbody> </table> <h2 id="解法二確認-ipsec-未被停用">解法二:確認 IPSec 未被停用 </h2><p>部分 Windows 設定會停用 IPSec 加密,也會導致連線失敗。執行以下指令重新啟用:</p> <p><strong>Windows XP / Vista / 7 / 8 / 10 / 11:</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-batch" data-lang="batch"><span class="line"><span class="cl">REG ADD HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters /v ProhibitIpSec /t REG_DWORD /d 0x0 /f </span></span></code></pre></td></tr></table> </div> </div><h2 id="套用設定">套用設定 </h2><p>兩個登錄值都改完之後,必須<strong>重新啟動電腦</strong>才會生效,重啟後再試一次 VPN 連線。</p> <hr> <blockquote> <p><strong>Reference</strong></p> <ul> <li><a class="link" href="https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients-zh.md#windows-10-%E6%AD%A3%E5%9C%A8%E8%BF%9E%E6%8E%A5" target="_blank" rel="noopener" >hwdsl2/setup-ipsec-vpn - Windows 客戶端設定說明</a></li> </ul> </blockquote>