UniFi Tutorials

How to Resolve Unifi VPN Access RAS/VPN Server Error for Windows 10

In this tutorial I will show you how to resolve Unifi controller version 6.1.71, Unifi VPN Access error “The Connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the Ras Server and notify them on this error.”  

There are only a few steps you need to take to resolve the RAS/VPN server VPN Access Error.

  1. Log into your Unifi controller version 6.1.71. This should also work with newer and previous versions of the Unifi controller software.
  2. Click on Settings
  3. Click on System Settings
  4. Click the New User Interface slider to turn it off.

  5. You will be prompted with a popup, click the red [ Deactivate ] button.
  6. You should now be viewing a classic version of the Unifi Controller software.
  7. Click on Settings
  8. Click on the Networks tab.
  9. Locate your VPN Access network and click the Edit icon.
  10. Go down to the RADIUS section and check mark the box for “Require MS-CHAP v2” and then click save.
  11. Go ahead and test the VPN access now. This setting change should have successfully resolved the “The Connection was prevented because of a policy configured on your RAS/VPN server.” error message you were getting. 

I hope this article was helpful, if you have any questions, please feel free to contact me. If you would like to be notified of when I create a new post, you can subscribe to my blog alert.

14 Comments

  1. Hey Patrick,

    thank you so much for this tutorial / guide.
    I already started to get frustrated because it worked fine on my iphone but refused to work on my windows 10 machine.
    A few klicks and everything is running just fine – THANK YOU!

  2. Sorry.. This simply does not work on most Main-stream Win10 builds..

    I have followed this and dozens of other tutorials for over two days and I have yet to make a L2TP VPN connection connect between a UDM Pro and Windows Pro Build 19043.

    FYI, I can make a connection perfectly between the UDM Pro and Win10 LTSC build 17763, iPhone and Android devices, but any OEM Windows10 build just won’t play..

    1. There shouldn’t be a difference. I have countless Windows OEM installations of windows 10 working fine. Are you getting a RAS error? If so search RAS on the website. Let me know if you have additional questions.

  3. I have setup VPN on a UDM Pro and everything is working. The only issue that I am facing is when two or more users try to connect to the VPN from the same location. Each user has different credentials but only one of them is allowed to login on the VPN. The rest cannot connect.

    Is this by default and can we bypass it without the need to setup Site-to-Site VPN? We are talking about 4-5 users.

  4. Thank you, sir! Came here from you setting up VPN article and resolved the issue immediately.
    I might have to buy a bloody book if I’m not careful ;0)

  5. Thank you, sir! Came here from you setting up VPN article and resolved the issue immediately. I have 2 weeks trying to resolve this problem after reset my unifi gateway security.
    Gob bless my brother. Congratulations

  6. Hello Patrick,

    I have a UDM-Pro with Network 7.1.68 with automatic configuration.
    One of our Windows 11 (21H2) users cannot keep his L2TP connection. It varies from hours to 2 minutes when using RDP.

    Is there any way to figure out what is causing this?

    Thanks,

    Rich

    1. Hello Rich,

      Thank you for the visit. I suggest using the following https://patrickdomingues.com/2020/03/31/how-to-ping-with-date-and-time-to-txt-file-using-cmd/ to track where the connectivity issue is.

      Create two command instances on the computer having vpn issues to ping to google.com and one to the VPN IP of the UDM PRO. Let it sit through the day.
      Create two command instances from a computer behind the UDMPRO to his public IP and one to google.com Let it sit through the day.

      This will help you track for drop packets if it’s his network or your network on the UDMPRO side. If you find that the UDMPRO is pinging find to the outside and to his IP its not the UDM PRO dropping packets if you find ping to google but there are drops to his IP than his ISP modem may have issues are there are too many hops to get to his network.

      From his side if he pings google.com fine but not the vpn ip then UDM ISP or the UDM Pro might be having an issue. However this could be due to people uploading \ downloading and filling up the pipe causing him to drop connection. If you find packet drops for both google.com and UDM pro vpn ip its his network or ISP. If you find both are dropping then create a command instance directly to his router. If you find packet drops this way then the issue is his network or computer. If he is on wifi that could be the issue.

      Let me know if you have any other questions.

      Thank you
      Patrick Domingues

Leave a Reply to Patrick Domingues Cancel reply

Stay Informed

Receive instant notifications when new content is released.