Android since 4.0 supports plain IPsec out of the box. And there are several apps for 4.x that provide other VPN protocols on unrooted devices (e.g. IKEv2/IPsec with the strongSwan VPN Client).
Since Windows 7 you can use the built-in IKEv2/IPsec client. Granted racoon does not support IKEv2, but there are other open-source implementations that do (e.g. strongSwan or Libreswan).
Does anyone know why L2TP is still the standard way with IPSec?
I wouldn't say it's the standard way, as e.g. Windows 7 and newer first try IKEv2, but I agree that clients still offer it quite prominently.
One reason for its initial success was probably that it allowed reusing the PPP infrastructure that existed for dial-up connections (while being more secure and standardized than PPTP). And because L2TP installations have been around for a long time, and were deployed pretty widespread, about any client had (and still has) to support it. This makes it, of course, easier for VPN providers as they can reduce the number of offered VPN technologies. This, however, reduces the incentive to implement other protocols in clients.
There could also be licensing issues preventing other protocols from being used, for instance, the IKEv2 implementations mentioned above are GPL licensed, which Apple in iOS and Google in Android tend to avoid in favour of more permissively licensed software such as racoon (which they both use in their products).
Best Answer
a> If you know which tunnel should actually be used for your deployment, try to set the ‘Type of VPN’ to that particular tunnel type on the VPN client side. [This can be set by clicking the ‘Network Connections’ icon on the bottom right of the task bar, Select your Connection, Right Click -> Properties -> Securities Tab -> Under ‘Type of VPN’ select the interested VPN tunnel type ]
By making VPN connection with a particular tunnel type, your connection will still fail but it will give a more tunnel specific error (for example: GRE blocked for PPTP, Certificate error for L2TP, SSL negotiation errors for SSTP, etc.)
b> This error usually comes when the VPN server is not reachable or the tunnel establishment fails.
i. Make sure the VPN server is reachable (try to PING the server).
ii. If interested in PPTP, make sure PPTP port (TCP 1723) or GRE Port (47) is not blocked on in between firewalls.
iii. If interested in L2TP, make sure
Correct pre-shared key or machine certificate are present both on client and server.
L2TP port (UDP 1701) is not blocked on any of the firewalls.
iv. If interested in IKEv2 based VPN tunnel, make sure
IKE port (UDP port 500, UDP port 4500) is not blocked.
Correct machine certificate for IKE are present both on client and server.
v. If interested in SSTP, make sure correct machine certificate is installed on the server and correct trusted root certificate is installed on the client machine.