VPN connection hangs in “Connecting”

Problem:

While testing the Meraki Client VPN feature I noticed what I can only assume is a bug in Windows 10 (I am on 1803).

When selecting the Connect option from the WIFI/Network icon in the system tray, the connection would often hang in a “Connecting” state.

Looking in the Meraki event log I would get the below;

Oct 22 10:31:48		Non-Meraki / Client VPN negotiation	msg: failed to begin ipsec sa negotiation.
Oct 22 10:31:48		Non-Meraki / Client VPN negotiation	msg: no configuration found for x.x.x.x.
Oct 22 10:31:24		Non-Meraki / Client VPN negotiation	msg: IPsec-SA established: ESP/Transport x.x.x.x[4500]->82.7.39.246[4500] spi=2174933844(0x81a2db54)
Oct 22 10:31:24		Non-Meraki / Client VPN negotiation	msg: IPsec-SA established: ESP/Transport x.x.x.x[4500]->82.7.39.246[4500] spi=190939951(0xb61832f)
Oct 22 10:31:24		Non-Meraki / Client VPN negotiation	msg: ISAKMP-SA established x.x.x.x[4500]-x.x.x.x[4500] spi:2fcc04ff9ff90469:779439138b14820c
Oct 22 10:31:24		Non-Meraki / Client VPN negotiation	msg: invalid DH group 19.
Oct 22 10:31:24		Non-Meraki / Client VPN negotiation	msg: invalid DH group 20.

Rebooting the client seemed to be a temporary workaround. But after a couple connections or the laptop going to sleep the issue would come back.

Workaround

The reason I say I assume it is a Windows 10 bug is because if I connect via Windows Settings > Network & Internet > VPN it works every time.

I think what I will do if I can’t find a permanent fix is I will create some sort of wrapper application that just triggers “Windows Settings” functionality from a shortcut or system tray icon.

I will update this post as and when I find a permanent fix or a better workaround.

Update

The issue at least for me seems to have largely gone away on more recent version of Windows 10. Anything over 1903 seems far more stable.

Need at automated way of deploying your connection?

Check out this post Meraki Client VPN – PowerShell Deployment