Full Disclosure: I am not getting any money from Ubiquiti for this article or any of the articles on this site. I like Ubiquiti, and I have installed it for several customers in the US and not in the US. It is a solid product even if it is not Cisco.
What is a VPN client?
A VPN client is a computer that connects to a server using special software on the server and client to create an encrypted tunnel for data exchange.
For the example we are going to discuss here, the vpn client will connect to the vpn server using a L2TP / IPSEC connection and the Windows 10/11 built in vpn client software.
The L2TP / IPSEC vpn server is hosted on a Ubiquiti UDM-Pro or Ubiquiti UDM-Pre SE. If you want to see how to setup an L2TP / IPSEC vpn server on Ubiquiti hardware, please see this article: LINK.
Setting Up the Windows 10/11 vpn client software
To get started setting up your vpn client software on Windows 10/11, you will need your private key from you Ubiquiti vpn server.
These instructions and screenshots were taken on a Windows 11 box.
To get started, type “vpn client” in the Windows search box. Then click on “Open” on VPN settings.
You will now see the vpn connections that are configured on your PC. Click “Add VPN” to add a new connection to your Ubiquiti vpn server.
Fill out the “Add a VPN connection” configuration box. You will see the Add a VPN connection dialog box (see below).
For the VPN provider, select the “Windows (built-in)” option.
Now give your connection a name – something like MyL2TPVPN would work, but you can call it whatever you want to.
Enter your server name or address. You should use the public IP address of your Ubiquiti vpn server.
Next, select the “L2TP/IPSEC with pre-shared key” option for the vpn type.
Now copy and paste your Ubiquiti vpn server’s private key into the key box.
Select “User name and password” for the type of sign-in info that you will use.
Enter the username and password of the vpn client user you configured on your Ubiquiti vpn server. You completed configuration should look something like the screenshot below.
Vpn connection dialog
Finally, click save to save your changes and close the dialog box.
New vpn client shown
You will now see your new vpn client connection listed on your vpn connection screen.
We are not done yet. For some reason Windows 10/11 does not configure your vpn network adaptor correctly when it saves you configuration. You will need to change the connection security settings on your adaptor to use the new connection.
Watch out for this error
If you don’t make these changes, you will get an error like the one shown below.
Type “Network” in the search box on your Windows computer. You should see “Network & internet” appear. Click on “Network & internet”. Then click on “More network adaptor options”.
Configure the vpn adaptor
Click on the tab at the top of the screen labeled “Security”. Then select “Allow these protocols” and click on the box next to “Microsoft CHAP version 2”. Windows 10/11 won’t allow vpn client connections that do not use CHAP version 2. Click “OK” to save your changes.
Connect to your vpn server
Now go back to the VPN connections window and click on “Connect”. Your vpn client should now connect to your vpn server.
Once you are connected, you should see the vpn connection status on your task bar (on the right side where the network icon appears).
Verify your IP
You should verify that your PC has been assigned an IP in the range you configured.
Click on the Windows key and type “cmd” in the run box. Then type ipconfig at the command prompt. You should see an ip in the correct range.
Once you are connected to your home or work network via a VPN, you should be able to see any computer on your LAN as if you were locally connected to your network.
Plus, all the data you exchange with your network will be encrypted with the private key that your vpn server uses.