l2tp/ipsec vpn (CentOS 6)

yum -y install libreswan xl2tpd
chkconfig ipsec on
chkconfig xl2tpd on

# cat /etc/ipsec.conf 
config setup
 klipsdebug=none
 plutodebug=none
 protostack=netkey
 nat_traversal=yes
 virtual_private=%v4:192.168.1.0/24
 interfaces="%defaultroute"
 oe=off

conn L2TP-PSK
 authby=secret
 pfs=no
 auto=add
 keyingtries=3
 rekey=no
 type=transport
 forceencaps=yes
 right=%any
 rightsubnet=vhost:%no,%priv
 rightprotoport=17/%any
 leftnexthop=%defaultroute
 left=%defaultroute
 leftprotoport=17/1701

# cat ipsec.secrets 
include /etc/ipsec.d/*.secrets
185.212.47.69   :   PSK "IPSECSecretKey"

# cat /etc/xl2tpd/xl2tpd.conf 
[global]
listen-addr = 185.212.47.69

debug avp = yes
debug network = yes
debug packet = yes
debug state = yes
debug tunnel = yes

[lns default]
ip range = 192.168.100.101-192.168.100.120
local ip = 192.168.100.100
refuse pap = yes
require authentication = yes
name = LinuxVPNServer
ppp debug = no
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

Добавить в /etc/rc.d/rc.local:

# Correct ICMP Redirect issues with OpenSWAN
for each in /proc/sys/net/ipv4/conf/*; do
  echo 0 > $each/accept_redirects
  echo 0 > $each/send_redirects
  echo 0 > $each/rp_filter
done

# cat /etc/ppp/options.xl2tpd 
ipcp-accept-local
ipcp-accept-remote
ms-dns 8.8.8.8
noccp
auth
idle 1800
mtu 1410
mru 1410
nodefaultroute
debug
proxyarp
connect-delay 5000

# cat /etc/ppp/chap-secrets 
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user1 * password1 *
user2 * password2 *

service ipsec restart
service xl2tpd restart

IPTABLES:

# VPN L2TP/IPSEC
-A INPUT -p udp --dport 500 -j ACCEPT
-A INPUT -p udp --dport 4500 -j ACCEPT
-A INPUT -p udp --dport 1701 -j ACCEPT
-A FORWARD -j ACCEPT
-A POSTROUTING -s 192.168.100.0/24 -j MASQUERADE

На клиенте с Windows 10 (MS Support):

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

И перегрузиться.