L2TP/IPSec Registry Settings (Windows Embedded CE 6.0)
1/6/2010
You can use the registry to configure some of the IP Security Protocol (IPSec) parameters used by Layer Two Tunneling Protocol (L2TP).
Note
The default registry values vary depending on which Catalog items are included in your OS design. For more information, see Default Registry Settings.
To configure the encryption options for IPSec, set the value of type REG_DWORD for the HKEY_LOCAL_MACHINE\Comm\L2TP1\Parms\IpSecEncryption key. The following table shows the possible values of this key.
| Value | Description |
|---|---|
1 |
Request no encryption. A NULL-encryption Encapsulating Security Payloads (ESP) is negotiated. |
2 |
Request encryption, but a connection will be established without encryption. |
3 |
Require high or low-strength encryption. This is the default setting. |
4 |
Require low-strength encryption. 3DES and DH 2048 are both disabled. |
5 |
Require maximum-strength encryption. DES and DH 768 are both disabled. |
If this registry value is not set, the default is 3. This is appropriate for most connections.
To disable IPSec, set the value for HKEY_LOCAL_MACHINE\Comm\L2TP1\Parms\UseIpSecof type REG_DWORD to 0.
Note
You should only disable IPSec for troubleshooting purposes. Setting the UseIpSec key to 0 requires corresponding settings on the server.