at the moment I want to configure a remote access VPN for my private little network at home. I want to use L2TP/IPsec protocol stack, because I trust this encryption more than PPTP/GRE combination. As VPN concentrator I am using my R450G routerboard connected to my dail-up DSL line, which has a forced disconnect every 24 hours and an IP address change as well. As VPN endpoint I want to use my notebook, which is running Windows Vista at the moment.
On the Mikrotik wiki I found this article. I followed the steps described in there. Afterwards I set up a VPN tunnel on my windows box. Unfortunately, the connection did NOT work. Now I am wondering, what I am doing wrong here. Below you find my current IPsec setup:
Code: Select all
[admin@Jumpgate2.0] /ip ipsec> export
# dec/26/2009 18:02:39 by RouterOS 4.3
# software id = M6B2-B6Q1
#
/ip ipsec proposal
set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
add auth-algorithms=sha1 comment="" disabled=no enc-algorithms=aes-256 lifetime=2h name=AES-256-SHA-PF5 pfs-group=modp1536
/ip ipsec peer
add address=213.144.XX.XX/32:500 auth-method=pre-shared-key comment="" dh-group=modp1536 disabled=no dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=aes-256 exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0 lifetime=2h nat-traversal=yes proposal-check=obey secret=\
XXXXXXXXXX send-initial-contact=yes
add address=0.0.0.0/0:500 auth-method=pre-shared-key comment="" dh-group=modp1024 disabled=no dpd-interval=disable-dpd dpd-maximum-failures=5 enc-algorithm=\
3des exchange-mode=main generate-policy=yes hash-algorithm=sha1 lifebytes=0 lifetime=1d nat-traversal=yes proposal-check=obey secret=XXXXXXX \
send-initial-contact=yes
/ip ipsec policy
add action=encrypt comment="" disabled=no dst-address=172.22.0.0/16:any ipsec-protocols=esp level=require priority=0 proposal=AES-256-SHA-PF5 protocol=all \
sa-dst-address=213.144.XX.XX sa-src-address=0.0.0.0 src-address=172.31.1.240/28:any tunnel=yes
[admin@Jumpgate2.0] /ip ipsec> In order to get the remote access VPN working, I have also created a ppp user, which should have the rights to connect to the Mikrotik using L2TP.
Code: Select all
[admin@Jumpgate2.0] /ppp secret> export
# dec/26/2009 18:07:35 by RouterOS 4.3
# software id = M6B2-B6Q1
#
/ppp secret
add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=XXXXX password=XXXXX profile=default-encryption remote-address=\
192.168.87.250 routes="" service=l2tp
[admin@Jumpgate2.0] /ppp secret> In particular, I do not know how to work with the logging on the Mikrotik. Therefore I have little clues hinting at the problem besides a not working connection.
Any suggestions?
Greetings from Germany,
Rabbit@Net