I have been browsing the forum and reading the Wiki but I cannot get L2TP server on MK (RB433) work with Windows7 SP1 64 bit built in VPN client.
The client is behind a Router (Nat).
I tried NAT Traversal, manual generated IPSEC Policy and nothing. I use ROS 5.8.
The connetion is not establashed complitly. One side of the ESP is working (bytes counter incraseing) source (Client public IP) to Destination (Server Public IP) the other direction is not working bytes always zero.
I wonder If someone has an actual working setup and if he is willing to share it with us (Export configuration).
Here is my config:
Code: Select all
/ppp profile
set default change-tcp-mss=yes name=default only-one=default use-compression=\
default use-encryption=default use-mpls=default use-vj-compression=default
set default-encryption change-tcp-mss=yes dns-server=192.168.1.6 local-address=\
192.168.1.254 name=default-encryption only-one=default remote-address=\
MCLine-Local use-compression=yes use-encryption=required use-mpls=default \
use-vj-compression=default wins-server=192.168.1.6
/ppp aaa
set accounting=yes interim-update=0s use-radius=no
/ppp secret
add caller-id="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name=huntah \
password="@huntah2000;" profile=default-encryption routes="" service=any
/ip ipsec proposal
set default auth-algorithms=sha1 disabled=no enc-algorithms=aes-128 lifetime=1h name=default pfs-group=none
/ip ipsec peer
add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp2048 disabled=no dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des exchange-mode=main generate-policy=yes hash-algorithm=sha1 lifebytes=0 lifetime=8h my-id-user-fqdn="" \
nat-traversal=yes port=500 proposal-check=obey secret=uqODFiSnp send-initial-contact=yes
/ip ipsec policy
add action=encrypt disabled=no dst-address=86.58.x.x/32 dst-port=any ipsec-protocols=esp level=require priority=0 proposal=\
default protocol=all sa-dst-address=86.58.x.x sa-src-address=213.250.x.x src-address=213.250.x.x/32 src-port=any tunnel=\
no