https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-l2tp-ipsec-server-behind-nat-t-device

1.服务器改注册表
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
AssumeUDPEncapsulationContextOnSendRule DWORD (32-bit) 2

2.客户端电脑改注册表
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
ProhibitIPSec DWORD (32-bit) 1
AllowL2TPWeakCrypto DWORD (32-bit) 1
重启电脑