Community discussions

MikroTik App

Search found 531 matches: 6.44 l2tp

Searched query: 6 44 l2tp

ignored: 6

  • 1
  • 2
by korg
Mon Mar 18, 2024 6:22 pm
Forum: General
Topic: Wireguard from MT to client (win10) with several users to several VLAN's [SOLVED]
Replies: 6
Views: 352

Re: Wireguard from MT to client (win10) with several users to several VLAN's [SOLVED]

... add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp add action=accept chain=input ...
by DAnEq
Sun Mar 03, 2024 8:50 pm
Forum: Beginner Basics
Topic: hex poe lite high cpu load management process
Replies: 0
Views: 102

hex poe lite high cpu load management process

... discover-interface-list=LAN /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=Link_to_modem ...
by Tecnico74
Thu Feb 29, 2024 2:02 pm
Forum: Beginner Basics
Topic: Internet for Remote Gateway
Replies: 9
Views: 824

Re: Internet for Remote Gateway

... 7.13 # software id = xxxxx # # model = xxxxx # serial number = xxxx /interface bridge add name=Bridge_3_16 port-cost-mode=short /interface l2tp-client add allow=mschap1,mschap2 connect-to=xxxx.sn.mynetname.net disabled=no \ name=l2tp-VPN use-ipsec=yes user=MM /interface pppoe-client add ...
by stepm65
Fri Feb 23, 2024 1:33 pm
Forum: General
Topic: MikroTik hex S + ONT Zyxel PMG3000-D20B
Replies: 0
Views: 227

MikroTik hex S + ONT Zyxel PMG3000-D20B

... set discover-interface-list=LAN /ipv6 settings set accept-redirects=no accept-router-advertisements=no disable-ipv6=yes forward=no /interface l2tp-server server set authentication=mschap2 /interface list member add interface=bridge list=LAN add interface=sfp1 list=WAN /interface ovpn-server ...
by toolongformt
Fri Jan 26, 2024 9:23 pm
Forum: Beginner Basics
Topic: Current documentation for 7.13.2 and capsman
Replies: 35
Views: 1530

Re: Current documentation for 7.13.2 and capsman

... \ queue-custom-drop-counter0-includes="" queue-custom-drop-counter1-includes="" vlan-type=network-port /interface l2tp-server server set accept-proto-version=all accept-pseudowire-type=all allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=ip-address ...
by Peayeon
Tue Jan 16, 2024 11:36 am
Forum: Beginner Basics
Topic: Help i couldn't Login page
Replies: 4
Views: 917

Re: Help i couldn't Login page

... add bridge=LAN tagged=LAN,ether2,ether3,ether4 untagged=ether6 vlan-ids=20 add bridge=LAN tagged=ether3,ether4,LAN vlan-ids=2 /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add interface=3BB_WAN1 list=WAN add interface=LAN list=Local add interface=WIFI_GUEST ...
by rutinoscorbin
Sun Jan 14, 2024 7:13 pm
Forum: Beginner Basics
Topic: Unable to access the router via L2TP
Replies: 5
Views: 830

Re: Unable to access the router via L2TP

... with its ethernet address, e.g. 00:11:22:33:44:55 has 192.168.1.1. The sender can then send the encapsulated IP to that ethernet address. Your L2TP connection is not part of that layer 2 network, it is a completely independent point-to-point link using PPP - hence its own interface on the Mikrotik. ...
by tdw
Sun Jan 14, 2024 6:11 pm
Forum: Beginner Basics
Topic: Unable to access the router via L2TP
Replies: 5
Views: 830

Re: Unable to access the router via L2TP

... with its ethernet address, e.g. 00:11:22:33:44:55 has 192.168.1.1. The sender can then send the encapsulated IP to that ethernet address. Your L2TP connection is not part of that layer 2 network, it is a completely independent point-to-point link using PPP - hence its own interface on the Mikrotik. ...
by abbio90
Sun Jan 14, 2024 5:40 pm
Forum: General
Topic: HELP ME! QUEUE TREE
Replies: 2
Views: 531

Re: HELP ME! QUEUE TREE

... chain=input comment="Allow IKE" dst-port=500 in-interface-list=WAN protocol=udp add action=accept chain=input comment="Allow L2TP" dst-port=1701 in-interface-list=WAN protocol=udp add action=drop chain=input comment="Drop all not coming from LAN" disabled=yes ...
by xtornado
Fri Jan 12, 2024 6:55 pm
Forum: Wireless Networking
Topic: CapsMan ROS 7.13.x , issues with adding local wifi interface [SOLVED]
Replies: 3
Views: 1253

CapsMan ROS 7.13.x , issues with adding local wifi interface [SOLVED]

... comment="Block VPN-pool to local LAN " dst-address-list=Local_LAN src-address-list=vpn-pool add action=accept chain=input comment="L2TP/IPsec VPN" dst-port=500 in-interface-list=WAN protocol=udp add action=accept chain=input comment="L2TP/IPsec VPN" dst-port=1701 ...
by brennanbabb
Fri Jan 12, 2024 11:10 am
Forum: General
Topic: Outgoing SSH traffic is blocked
Replies: 7
Views: 3116

Re: Outgoing SSH traffic is blocked

... bridge=bridge interface=ether4 add bridge=bridge interface=ether5 add bridge=bridge interface=wlan1 add bridge=bridge interface=wlan2 /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add interface=pppoe-VOX list=WAN add interface=bridge list=LAN add interface=bridge ...
by ductiena12
Tue Jan 02, 2024 4:37 am
Forum: General
Topic: Local IP Addressed leased but no internet.
Replies: 7
Views: 1499

Local IP Addressed leased but no internet.

... \ pfs-group=none /ip pool add comment="for IKE2 VPN" name=ikev2-vpn-pool ranges=\ 10.10.11.50-10.10.11.100 add comment="for L2TP VPN" name=l2tp-vpn-pool ranges=10.10.10.50-10.10.10.200 add comment="for PPTP VPN" name=pptp-vpn-pool ranges=10.10.12.50-10.10.12.100 ...
by Techknow
Sun Dec 24, 2023 8:30 am
Forum: General
Topic: Can Connect To OpenVPN But unable to access LAN and internet
Replies: 0
Views: 1016

Can Connect To OpenVPN But unable to access LAN and internet

... IPsec NAT chain=input action=accept protocol=udp dst-port=4500 46 ;;; allow IKE chain=input action=accept protocol=udp dst-port=500 47 ;;; allow l2tp chain=input action=accept protocol=udp dst-port=1701 48 ;;; defconf: drop invalid chain=input action=drop connection-state=invalid 49 ;;; defconf: ...
by dima1002
Sat Dec 09, 2023 6:42 pm
Forum: General
Topic: Firewall - DNS Open? - Urgent [SOLVED]
Replies: 41
Views: 6663

Re: Firewall - DNS Open? - Urgent [SOLVED]

... \ in-interface-list=WAN protocol=udp add action=accept chain=input comment=IPsec-ESP protocol=ipsec-esp add action=accept chain=input comment=L2TP dst-port=500,4500 protocol=udp add action=accept chain=input comment=SNMP dst-port=161 protocol=udp \ src-address-list=MGMT add action=accept chain=input ...
by dima1002
Sun Dec 03, 2023 8:34 pm
Forum: General
Topic: Firewall - DNS Open? - Urgent [SOLVED]
Replies: 41
Views: 6663

Re: Firewall - DNS Open? - Urgent [SOLVED]

... find default-name=ether2 ] name=WAN2 set [ find default-name=ether3 ] name=WAN3 set [ find default-name=ether4 ] disabled=yes name=WAN4 /interface l2tp-client add allow-fast-path=yes connect-to=vpn.test.com name=l2tp-TEST user=TEST01 /interface wireguard add comment=TEST listen-port=40231 mtu=1420 ...
by dima1002
Sun Dec 03, 2023 12:44 pm
Forum: General
Topic: Firewall - DNS Open? - Urgent [SOLVED]
Replies: 41
Views: 6663

Re: Firewall - DNS Open? - Urgent [SOLVED]

... find default-name=ether2 ] name=WAN2 set [ find default-name=ether3 ] name=WAN3 set [ find default-name=ether4 ] disabled=yes name=WAN4 /interface l2tp-client add allow-fast-path=yes connect-to=vpn.test.de disabled=no name=l2tp-DM \ user=APV01 /interface wireguard add comment=test listen-port=40231 ...
by rahimek
Fri Nov 17, 2023 7:31 pm
Forum: Beginner Basics
Topic: Long identyfing network in Win
Replies: 11
Views: 2092

Re: Long identyfing network in Win

... /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set authentication=mschap2 default-profile=ipsec_vpn enabled=yes use-ipsec=yes /interface ovpn-server server set auth=sha1,md5 /interface ...
by jaysen
Wed Nov 15, 2023 8:57 pm
Forum: General
Topic: Multi-WAN Load Balancing Starlink issue
Replies: 99
Views: 11776

Re: Multi-WAN Load Balancing Starlink issue

... with the correct gateway address in the configuration as a static one, you can do the same for one more DHCP client. My plan is to let the L2TP client use those two before eventually extending the approach to all of them. All the above is still just an intermediary step. My feeling is that ...
by jaysen
Wed Nov 15, 2023 2:01 am
Forum: General
Topic: Multi-WAN Load Balancing Starlink issue
Replies: 99
Views: 11776

Re: Multi-WAN Load Balancing Starlink issue

The L2TP client is running directly on the Mikrotik router in Alaska and it connects to another Mikrotik router at our HQ in Oregon running the L2TP server. Then something must have gone wrong in the process of posting the ...
by beatitas
Tue Nov 07, 2023 1:09 pm
Forum: Beginner Basics
Topic: IKEv2 vpn. Can access only few computers in network
Replies: 0
Views: 1594

IKEv2 vpn. Can access only few computers in network

... comment="Permit PPTP" disabled=yes dst-port=\ 1723 in-interface=ether1 protocol=tcp add action=accept chain=input comment="Permit L2TP" disabled=yes dst-port=\ 1701 in-interface=ether1 protocol=udp add action=accept chain=input comment="Permit IPSec" disabled=yes ...
by phr
Fri Nov 03, 2023 4:28 pm
Forum: General
Topic: Lag and spikes with wifi bridge
Replies: 2
Views: 666

Lag and spikes with wifi bridge

... /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set allow-fast-path=yes authentication=mschap1,mschap2 enabled=yes use-ipsec=\ yes /interface list member add interface=ether1 list=public ...
by rahimek
Wed Nov 01, 2023 8:48 pm
Forum: Beginner Basics
Topic: Long identyfing network in Win
Replies: 11
Views: 2092

Long identyfing network in Win

... /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set authentication=mschap2 default-profile=ipsec_vpn enabled=yes use-ipsec=yes /interface ovpn-server server set auth=sha1,md5 /interface ...
by hofi76
Sun Oct 15, 2023 1:39 pm
Forum: Wireless Networking
Topic: WifiWave2 Provisioning not receviced byCAP
Replies: 4
Views: 1578

Re: WifiWave2 Provisioning not receviced byCAP

... /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface detect-internet set detect-interface-list=all /interface l2tp-server server set authentication=mschap2 default-profile=PPTP_profile enabled=yes ipsec-secret=XXXXXXX use-ipsec=yes /interface ovpn-server server ...
by lucius
Mon Oct 02, 2023 2:15 am
Forum: General
Topic: device-mode switching doesn't work in 7.11.2
Replies: 2
Views: 1059

device-mode switching doesn't work in 7.11.2

... Turns out, on this device at least, "it won't bugde". I try to to this: [admin@MikroTik] > system/device-mode/update hotspot=no socks=no l2tp=no ipsec=no email=no pptp=no proxy=no romon=no smb=no zerotier=no update: please activate by turning power off or pressing reset or mode button ...
by saper2
Sun Sep 24, 2023 9:28 pm
Forum: General
Topic: Network behind CRS112 unavailable after main power failure
Replies: 3
Views: 775

Network behind CRS112 unavailable after main power failure

... /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set allow-fast-path=yes authentication=mschap2 default-profile=profile1 use-ipsec=required /ip address add address=192.168.2.1/24 ...
by miankamran7100
Sat Sep 16, 2023 7:26 pm
Forum: Beginner Basics
Topic: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]
Replies: 18
Views: 9534

Re: Force LT2P (IPSec) tunnel over specific WAN interface [SOLVED]

1) Fill the src-address field in l2tp-client.
2) Use /ip route rule (lookup-only-in-table) to force connections originated from this ip to desired routing table.
I have tried this rule.
I'm able to ping only my LAN Gateway 192.168.94.1 but not able to ping LAN IPs 192.168.94.44.
by Greyhard
Sun Aug 27, 2023 7:03 pm
Forum: General
Topic: Wireguard Client to lan . can't access the network [SOLVED]
Replies: 10
Views: 3539

Re: Wireguard Client to lan . can't access the network

... /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set authentication=mschap1,mschap2 enabled=yes use-ipsec=yes /interface ovpn-server server set auth=sha1,md5 /interface wireguard ...
by CurtisS
Mon Aug 14, 2023 10:15 pm
Forum: General
Topic: RouterOS 7 VLAN Bug [SOLVED]
Replies: 16
Views: 2444

RouterOS 7 VLAN Bug [SOLVED]

... set [ find default-name=sfp28-2 ] advertise=10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full /interface l2tp-server add name=l2tp-in1 user="" /interface vrrp /interface vlan add interface=sfp-sfpplus1 name=vlan101 vlan-id=101 add interface=sfp-sfpplus1 ...
by cleangreen
Sun Aug 13, 2023 7:24 pm
Forum: Beginner Basics
Topic: Multi WAN Recursive route issue with VPNs
Replies: 4
Views: 1169

Multi WAN Recursive route issue with VPNs

... is also on there but not used. Thanks in advance for your help /interface bridge add name="LAN 1" add name="LAN 2" add name=l2tp-bridge /interface list add name=WAN /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip pool add name=dhcp_pool1 ...
by sdslot
Fri Jul 21, 2023 2:02 pm
Forum: General
Topic: Drop connected l2tp(ipsec) RB4011 and RB951
Replies: 1
Views: 302

Re: Drop connected l2tp(ipsec) RB4011 and RB951

Client 09:32:18 l2tp,ppp,debug l2tp-out1: LCP lowerdown 09:32:18 l2tp,ppp,debug l2tp-out1: LCP closed 09:32:18 l2tp,ppp,debug l2tp-out1: CCP lowerdown 09:32:18 l2tp,ppp,debug l2tp-out1: BCP lowerdown 09:32:18 l2tp,ppp,debug l2tp-out1: ...
by sdslot
Fri Jul 21, 2023 1:50 pm
Forum: General
Topic: Drop connected l2tp(ipsec) RB4011 and RB951
Replies: 1
Views: 302

Drop connected l2tp(ipsec) RB4011 and RB951

... 08:02:13 ipsec,info ISAKMP-SA established ip.ip.ip.ip[4500]-ip.ip.ip.ip[1024] spi:769874e3ab4bee87:612a9ad4cde61d66 08:02:20 l2tp,info first L2TP UDP packet received from ip.ip.ip.ip 08:02:20 l2tp,ppp,info,account bzs-l2tp logged in, 10.0.70.2 from 08:02:20 l2tp,ppp,info <l2tp-bzs-l2tp>: ...
by mikham
Thu Jul 06, 2023 9:52 am
Forum: Beginner Basics
Topic: Connecting 2 different subnet
Replies: 4
Views: 887

Re: Connecting 2 different subnet

... to 88.254" name=Board Of Director shared-users=10 /port set 0 name=serial0 set 1 name=serial1 /ppp profile add name=vpn-mikhmon /interface l2tp-client add connect-to=sg16.gukotunnel.net disabled=no name=l2tp-lala-MikhmonOnline \ profile=vpn-mikhmon user=lala@gukotunnel.net /interface bridge ...
by r0berts
Thu Jun 29, 2023 3:03 pm
Forum: Beginner Basics
Topic: Cannot port forward through dstnat
Replies: 10
Views: 1722

Re: Cannot port forward through dstnat

... I am behind carrier grade NAT and need to SSH into my debian server. This is an illustration. My static IP is 100.100.100.100/32 and it has a L2TP connection on l2tp client interface l2tp-aa which has 100.100.50.50 as a gateway. For some time I was able to see incoming ssh connection on my ...
by r0berts
Wed Jun 28, 2023 7:17 pm
Forum: General
Topic: SSH into LAN over external IP from a L2TP tunnel
Replies: 6
Views: 745

Re: SSH into LAN over external IP from a L2TP tunnel

... mode=dynamic-keys supplicant-identity=MikroTik /ip pool add name=dhcp ranges=192.168.88.10-192.168.88.254 /interface l2tp-client add allow=chap,mschap1,mschap2 connect-to=100.100.100.1 disabled=no name=l2tp-client profile=default user=l2tp-user@a add allow=mschap2 ...
by kanuns
Thu Jun 15, 2023 1:55 pm
Forum: General
Topic: Wireless Devices Disconnect DHCP Assign
Replies: 10
Views: 1555

Re: Wireless Devices Disconnect DHCP Assign

... [ find default-name=sfp-sfpplus1 ] mac-address=DC:2C:6E:84:30:A9 set [ find default-name=sfp-sfpplus2 ] mac-address=DC:2C:6E:84:30:A8 /interface l2tp-client add connect-to=18.170.149.27 disabled=no name="Cloud Router" use-ipsec=yes \ user=h21-lan add connect-to=45.249.10.48 disabled=no ...
by kanuns
Wed Jun 14, 2023 2:08 am
Forum: General
Topic: Wireless Devices Disconnect DHCP Assign
Replies: 10
Views: 1555

Wireless Devices Disconnect DHCP Assign

... Address-Time = 29400 jun/09 03:19:21 dhcp,debug,packet Msg-Type = ack jun/09 03:19:21 dhcp,debug,packet Server-Id = 178.17.0.1 jun/09 03:19:22 l2tp,ppp,info To Wogue Wan: initializing... jun/09 03:19:22 l2tp,ppp,info To Wogue Wan: connecting... jun/09 03:19:23 dhcp,debug dhcp1 received discover ...
by AlexPebody
Thu Jun 01, 2023 4:51 pm
Forum: General
Topic: Can't upgrade Firmware [SOLVED]
Replies: 14
Views: 1326

Re: Can't upgrade Firmware [SOLVED]

... upgrade... https://imgtr.ee/images/2023/06/01/S01MR.jpg 20:43:17 system,info router rebooted 20:43:20 interface,info WireGuard link up 20:43:21 l2tp,ppp,info FastestVPN1: initializing... 20:43:21 l2tp,ppp,info FastestVPN1: connecting... 20:43:21 l2tp,ppp,info FastestVPN1: terminating... - could ...
by mms101
Thu May 18, 2023 12:06 pm
Forum: Forwarding Protocols
Topic: v7 traffic forwarding problem
Replies: 0
Views: 1851

v7 traffic forwarding problem

... model: RB960PGS revision: r2 firmware-type: qca9550L factory-firmware: 6.44.6 current-firmware: 7.9 upgrade-firmware: 7.9 [admin@MIKR1] /routing/bgp/session> ... routing-table=main gateway=10.100.0.0 immediate-gw=10.100.0.0%l2tp-mikr2-intf1 distance=200 scope=40 target-scope=30 belongs-to="bgp-IP-10.100.0.0" ...
by Dalvi
Sat May 13, 2023 1:39 am
Forum: Beginner Basics
Topic: Setting 3 PPPoE connections, each has to route to its own network
Replies: 4
Views: 998

Re: Setting 3 PPPoE connections, each has to route to its own network

... vlan-id=3 add comment="For IP54" independent-learning=no ports=ether03,ether04,ether05 switch=switch1 vlan-id=54 /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether01-WAN1 ...
by mdadigital
Mon Apr 24, 2023 12:02 pm
Forum: Beginner Basics
Topic: IPv6 help [SOLVED]
Replies: 16
Views: 4353

Re: IPv6 help [SOLVED]

... dot1x client add anon-identity=CENSORED certificate=\ Client_CENSORED.pem_0 eap-methods=eap-tls identity=\ CENSORED interface=ether1 /interface l2tp-server server set allow-fast-path=yes authentication=chap,mschap2 enabled=yes max-mru=1460 \ max-mtu=1460 use-ipsec=required /interface list member ...
by chrisk
Wed Apr 19, 2023 10:52 am
Forum: Beginner Basics
Topic: IPSec issue
Replies: 1
Views: 373

IPSec issue

... hash-algorithm=sha256 /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-cbc pfs-group=modp2048 10:41:08 l2tp,ppp,info l2tp-to-bbone0: initializing... 10:41:08 l2tp,ppp,info l2tp-to-bbone0: connecting... 10:41:08 l2tp,ppp,info l2tp-to-bbone0: terminating... ...
by adamzolo
Wed Apr 12, 2023 7:48 pm
Forum: Beginner Basics
Topic: Hairpin NAT + Port Forwarding
Replies: 4
Views: 507

Re: Hairpin NAT + Port Forwarding

... interface=wlan1 add bridge=bridge comment=defconf interface=wlan2 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set default-profile=VPN-Profile enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add ...
by Hitmare
Mon Apr 10, 2023 11:05 pm
Forum: General
Topic: LT2P IPSec only partly LAN Connection
Replies: 0
Views: 302

LT2P IPSec only partly LAN Connection

... comment=defconf interface=sfp1 add bridge=bridge-wlan interface=ether10 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set default-profile=ipsec enabled=yes ipsec-secret=<removed> use-ipsec=required /interface list member add comment=defconf interface=bridge ...
by Rohllik28
Wed Mar 22, 2023 11:54 pm
Forum: General
Topic: Strange network behavior
Replies: 0
Views: 285

Strange network behavior

... name=\ vlan20_dhcp_supsal /ppp profile add bridge=RootBridge dns-server=192.168.15.1,8.8.8.8 local-address=\ 192.168.15.1 name=L2TP remote-address=private_pool use-encryption=\ required add bridge=RootBridge name=L2TP-o2 use-encryption=required add local-address=10.20.0.1 name=openvpn-profile ...
by Josephny
Sat Mar 18, 2023 12:57 pm
Forum: General
Topic: Wireguard help (again)
Replies: 25
Views: 2170

Wireguard help (again)

... /ip neighbor discovery-settings set discover-interface-list=all /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN ...
by ioannistsi
Thu Mar 16, 2023 7:47 pm
Forum: Beginner Basics
Topic: Connect Router's Through 3rd VPN
Replies: 4
Views: 424

Re: Connect Router's Through 3rd VPN

... port add bridge=CCTV interface=ether2 add bridge=CCTV interface=ether5 /ip neighbor discovery-settings set discover-interface-list=MGM /interface l2tp-server server set enabled=yes use-ipsec=required /interface list member add interface=ether5 list=MGM /interface sstp-server server set default-profile=default-encryption ...
by peterab
Thu Mar 09, 2023 11:35 am
Forum: Beginner Basics
Topic: VPN + acces to local network
Replies: 6
Views: 1723

VPN + acces to local network

... comment=defconf interface=wifi2 /ip neighbor discovery-settings set discover-interface-list=LAN /ip settings set tcp-syncookies=yes /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 ...
by BeeKeeper
Tue Mar 07, 2023 4:57 pm
Forum: Beginner Basics
Topic: L2TP ipsec connect okay but no access to LAN [SOLVED]
Replies: 1
Views: 785

L2TP ipsec connect okay but no access to LAN [SOLVED]

The connection from my Iphone to my router using L2TP ipsec is okay. Iphone gets configured IP address and ping from router to iphone and ping from iPhone to router is working without problems. The ip address of the iPhone is out of one vlan ( 192.168.76.0/24) ...
by nemocir
Mon Feb 20, 2023 8:23 pm
Forum: General
Topic: Wireguard tunnel to all clients trafic
Replies: 7
Views: 1367

Re: Wireguard tunnel to all clients trafic

... comment=defconf interface=*1 /ip settings set max-neighbor-entries=2048 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=1024 /interface l2tp-server server set use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=sfp-sfpplus1 ...
by marcwitteveen
Fri Feb 03, 2023 1:03 pm
Forum: Wireless Networking
Topic: Slow WiFi on 5G and after changing settings - no supported channel
Replies: 0
Views: 595

Slow WiFi on 5G and after changing settings - no supported channel

... add bridge=bridge interface=sfp-sfpplus2 add bridge=bridge interface=dynamic /interface detect-internet set detect-interface-list=all /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add interface="ether1 - OLD Modem" list=WAN add interface=ether2 list=LAN ...
by thanpolas
Wed Jan 25, 2023 12:37 pm
Forum: General
Topic: Unifi WiFi Clients losing local subnet routing
Replies: 3
Views: 733

Unifi WiFi Clients losing local subnet routing

... ] name=ether13-reolink set [ find default-name=sfp-sfpplus1 ] disabled=yes set [ find default-name=sfp-sfpplus2 ] disabled=yes /interface l2tp-server add name=l2tp-in-polas user=thanpolas-pptp /interface pppoe-client add allow=pap,chap interface=ether1-Cosmote name=pppoe-out-cosmote use-peer-dns=yes ...
by KNSDan
Tue Jan 10, 2023 9:27 pm
Forum: Beginner Basics
Topic: Inherited a Mikrotik system need some help
Replies: 1
Views: 430

Inherited a Mikrotik system need some help

... name=sfp3-D210A set [ find default-name=sfp4 ] advertise=10M-full,100M-full,1000M-full \ mac-address=6C:3B:6B:C0:14:2D name=sfp4-D510A /interface l2tp-server add name=l2tp-in1 /interface pptp-server add disabled=yes /interface vlan add interface=eth1-P209A name=V1-P209A vlan-id=1 add interface=eth2-coresw ...
by Kelalatir
Tue Jan 03, 2023 10:53 am
Forum: General
Topic: New Router cannot maintain OSPF Link: 5 seconds on, 5 seconds off
Replies: 1
Views: 545

New Router cannot maintain OSPF Link: 5 seconds on, 5 seconds off

... idea was that the issue was related to the GRE tunnel. I disabled the GRE tunnel and setup an LT2P tunnel between the two sites as a test. The L2TP tunnel established fine, but the OSPF issue is exactly the same on this tunnel. It only breaks one-way, and it goes 5 seconds on, 5 seconds off. ...
by Andrew162
Fri Dec 30, 2022 8:26 pm
Forum: Beginner Basics
Topic: Firewall Rule
Replies: 9
Views: 2384

Re: Firewall Rule

... remote-address=dhcp use-encryption=yes add bridge=bridge change-tcp-mss=yes dns-server=192.168.1.30 local-address=\ VPN_POOL name="VPN L2TP" remote-address=VPN_POOL use-encryption=yes /queue simple add disabled=yes name=Minecraft target=192.168.1.14/32 time=0s-0s, /routing bgp ...
by Jotne
Fri Dec 30, 2022 12:02 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.9 (Graphing everything) 💾 🛠 💻 📊
Replies: 318
Views: 117375

Re: 📌 Tool: Using Splunk to analyse MikroTik logs 3.8 (Graphing everything) 💾 🛠 💻 📊

... 382 ipsec - 255 script ntp 192 script resource 192 script version 192 script ipsec 109 script pool 72 script ppp 44 upnp - 33 script sysinfo 24 l2tp - 10 script IPSEC_failed 8 script - 2 info - 1
by Timonator
Tue Dec 13, 2022 9:17 pm
Forum: Wireless Networking
Topic: Lag spikes from cAP AC with capsman
Replies: 5
Views: 1584

Lag spikes from cAP AC with capsman

... interface=ether3 add bridge=bridge comment=defconf interface=ether2 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=pppoe-out1 ...
by mfaridi
Wed Dec 07, 2022 10:26 pm
Forum: Beginner Basics
Topic: l2tp VPN, linux host problem
Replies: 25
Views: 2979

Re: l2tp VPN, linux host problem

... /ip firewall connection tracking set enabled=yes /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface l2tp-server server set enabled=yes use-ipsec=yes /interface pptp-server server set authentication=pap,chap,mschap1,mschap2 enabled=yes max-mru=1350 ...
by mfaridi
Wed Dec 07, 2022 9:26 am
Forum: Beginner Basics
Topic: l2tp VPN, linux host problem
Replies: 25
Views: 2979

Re: l2tp VPN, linux host problem

To solve the problem, you have to debug it. You've said you've added a route and that it didn't help, but you haven't shown the address plan at the server side, the route you've added itself, and you haven't sniffed on the various interfaces when the route was in place while trying to access the se...
by mfaridi
Tue Nov 29, 2022 10:03 pm
Forum: Beginner Basics
Topic: l2tp VPN, linux host problem
Replies: 25
Views: 2979

Re: l2tp VPN, linux host problem

... not connect to servers by SSH. This confirms my assumption that the issue is in the Linux configuration, not in Mikrotik configuration. When the L2TP tunnel is up, what do the following CLI commands show on the Linux (it is enough to try that on one of the distributions)? ip l ink show ip a ddress ...
by kelarlee
Sun Nov 27, 2022 12:57 pm
Forum: General
Topic: Ipsec stuck connections problem [SOLVED]
Replies: 4
Views: 1526

Ipsec stuck connections problem [SOLVED]

... 2 RB3011(6.48.6), CHR(7.5)) and same issue on all of them. Also on all MT i have dual WAN setup with failover and all connected with L2TP+Ipsec site-to-site and several of them with cloud infrastructure via IPSEC tunnel to VMware Edge router. The main problem that sometimes when my ...
by NettingHelp
Fri Nov 25, 2022 2:17 pm
Forum: General
Topic: Packet loss in VLAN when enabling EoIP tunnel
Replies: 2
Views: 834

Packet loss in VLAN when enabling EoIP tunnel

... there are no packet loss whatsoever in the local network. All these issues happen identically when using VXLAN instead of EoIP. So far, I've tried L2TP, disabling firewall, transporting the VLAN either tagged or untagged through the tunnel, checking out resource usage for bottlenecks, arp config ...
by mociulski
Thu Nov 24, 2022 12:41 pm
Forum: Wireless Networking
Topic: Hap AC Wifi Dropping
Replies: 0
Views: 498

Hap AC Wifi Dropping

... /ip neighbor discovery-settings set discover-interface-list=LAN /interface detect-internet set detect-interface-list=all /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 ...
by Selbie
Fri Nov 11, 2022 3:42 pm
Forum: Beginner Basics
Topic: Internet issues (InvalidPackets) after upgrading ROSv6>v7 [SOLVED]
Replies: 8
Views: 2272

Re: Internet issues (InvalidPackets) after upgrading ROSv6>v7 [SOLVED]

... /interface detect-internet set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=\ LAN wan-interface-list=WAN /interface l2tp-server server set authentication=mschap1,mschap2 default-profile=ipsec_vpn enabled=yes \ keepalive-timeout=disabled use-ipsec=yes /interface list ...
by maxb
Wed Oct 26, 2022 1:49 am
Forum: General
Topic: Wireguard Asymetric speed on symmetric connections
Replies: 20
Views: 1758

Re: Wireguard Asymetric speed on symmetric connections

... set discover-interface-list=LAN /ip settings set max-neighbor-entries=8192 /ipv6 settings set max-neighbor-entries=8192 /interface l2tp-server server set allow-fast-path=yes enabled=yes max-mru=1350 max-mtu=1350 use-ipsec=yes /interface list member add comment=defconf interface=bridge ...
by maxb
Tue Oct 25, 2022 4:38 pm
Forum: General
Topic: Wireguard Asymetric speed on symmetric connections
Replies: 20
Views: 1758

Wireguard Asymetric speed on symmetric connections

... set discover-interface-list=LAN /ip settings set max-neighbor-entries=8192 /ipv6 settings set max-neighbor-entries=8192 /interface l2tp-server server set allow-fast-path=yes enabled=yes max-mru=1350 max-mtu=1350 use-ipsec=yes /interface list member add comment=defconf interface=bridge ...
by CurtisS
Wed Oct 05, 2022 9:10 pm
Forum: General
Topic: Limit Interface to Specific IP from Address List
Replies: 10
Views: 795

Re: Limit Interface to Specific IP from Address List

... add bridge=bridge1 disabled=yes tagged=sfp-sfpplus3 vlan-ids=201 add bridge=bridge1 disabled=yes tagged=sfp-sfpplus3 vlan-ids=301 /interface l2tp-server server set default-profile=vpn_profile enabled=yes use-ipsec=yes /ip address add address=192.168.88.1/24 interface=ether1 network=\ 192.168.88.0 ...
by karlyn22
Sat Oct 01, 2022 7:57 am
Forum: General
Topic: l2tp with ipsec mschap2 auth issue
Replies: 1
Views: 597

l2tp with ipsec mschap2 auth issue

Hi, I have an l2tp server configured on a RB750GR3 running RouterOS 7.5. I'm connecting to that router from a RB750GL running RouterOS 6.48.6. If I don't turn on IPSEC from the client side ( server side is set to "Yes" ...
by Babujnik
Thu Sep 29, 2022 5:33 pm
Forum: General
Topic: EoIP + L2TP + IPSEC MTU issue
Replies: 6
Views: 1342

Re: EoIP + L2TP + IPSEC MTU issue

... /interface detect-internet set detect-interface-list=WAN internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN /interface l2tp-server server set allow-fast-path=yes authentication=mschap2 default-profile=clients enabled=yes max-mru=1300 max-mtu=1300 mrru=1504 use-ipsec=yes ...
by Babujnik
Sun Sep 25, 2022 11:03 am
Forum: General
Topic: EoIP + L2TP + IPSEC MTU issue
Replies: 6
Views: 1342

Re: EoIP + L2TP + IPSEC MTU issue

... comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1 add action=accept chain=input comment="cust: allow L2TP via IPSEC" dst-port=1701 protocol=udp add action=accept chain=input comment="defconf: allow IKE" dst-port=500 protocol=udp add action=accept ...
by Babujnik
Sat Sep 24, 2022 6:04 pm
Forum: General
Topic: EoIP + L2TP + IPSEC MTU issue
Replies: 6
Views: 1342

EoIP + L2TP + IPSEC MTU issue

Hi everyone, I'm having some issue with (probably) MTU settings in site-2-site connection and L2TP connection to one site. here's config SiteA: /interface bridge add admin-mac=9E:B9:9C:3F:B0:E7 auto-mac=no name=br_100_mgmt add admin-mac=08:55:31:0D:C8:F5 auto-mac=no name=br_200_home ...
by IU1LCU
Fri Sep 23, 2022 2:04 pm
Forum: General
Topic: https webpage timeout
Replies: 6
Views: 944

Re: https webpage timeout

... and remove some private with *** the conf just have a IP wan (not ppoe), some firewall rules for vpn, some nat (most of them disable), wifi, dhcp, l2tp openvpn # sep/23/2022 12:51:44 by RouterOS 7.5 # model = RBD53iG-5HacD2HnD /interface bridge add arp=proxy-arp name=LAN /interface ethernet set ...
by tester789
Mon Aug 29, 2022 3:47 pm
Forum: General
Topic: DHCP does not work in bridged VLAN
Replies: 3
Views: 534

DHCP does not work in bridged VLAN

... [ find default=yes ] dh-group=modp1024 /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des add enc-algorithms=aes-256-cbc,3des name=L2TP-Proposal pfs-group=none /ip pool add name=dhcp_vlan10 ranges=192.168.10.30-192.168.10.100 add name=dhcp_vlan20 ranges=192.168.20.2-192.168.23.254 ...
by Jotne
Tue Aug 09, 2022 3:48 pm
Forum: General
Topic: Why NOT auto-upgrade your router.
Replies: 20
Views: 2298

Why NOT auto-upgrade your router.

... DHCPv6 relay forward and reply creation (introduced in v7.1.3) 7.4 *) l2tp - improved stability when establishing l2tp-ether connection (introduced ... v6.43) 6.45.7 *) crs312 - fixed combo SFP port toggling (introduced in v6.44.5) 6.45.7 *) ike2 - fixed phase 1 rekeying (introduced in v6.45) 6.45.7 ...
by Valerio5000
Thu Jul 14, 2022 7:34 pm
Forum: Beginner Basics
Topic: Beginner with routeros and VPN
Replies: 5
Views: 934

Beginner with routeros and VPN

... there are 3 situations that I have not been able to solve in any way 1. Is it possible to have layer2 connectivity between two RBs connected in L2TP while keeping the different subnets? RB Server = 192.168.0.0/24 Remote RB = 192.168.50.0/24 I would like to be able to find my DLNA servers, printers ...
by Bowen73
Wed Jul 06, 2022 3:38 pm
Forum: General
Topic: Cant get port forwarding to work
Replies: 8
Views: 511

Re: Cant get port forwarding to work

... interface=ether4_LAN add bridge=Bridge_LAN interface=ether5_LAN /interface detect-internet set detect-interface-list=WAN /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add interface=ether1_ISP1 list=WAN add interface=Bridge_LAN list=LAN add interface=pppoe-out1 ...
by rhodri
Thu Jun 16, 2022 1:16 pm
Forum: General
Topic: IPsec tunnels not coming up 7.3.1
Replies: 0
Views: 405

IPsec tunnels not coming up 7.3.1

... outside world. all the routers using pppoe as there connection there ipsec tunnels are up and working with no issues and we are using the IPsec L2TP via PPP because it just keeps everything simple and clean plus you get a interface you can monitor so on and so on.. But we have a 2 sites that ...
by tharorris
Fri Jun 10, 2022 11:45 am
Forum: General
Topic: Route specific traffic through the VPN
Replies: 41
Views: 9212

Re: Route specific traffic through the VPN

... /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface detect-internet set detect-interface-list=all /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add interface=ether1 list=LAN add interface=ether2 list=LAN add interface=ether3 ...
by tharorris
Tue Jun 07, 2022 5:36 pm
Forum: General
Topic: Route specific traffic through the VPN
Replies: 41
Views: 9212

Re: Route specific traffic through the VPN

... /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface detect-internet set detect-interface-list=all /interface l2tp-server server set use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 list=WAN ...
by anav
Sun Jun 05, 2022 2:10 pm
Forum: General
Topic: Wireguard VPN access to the routerbox [SOLVED]
Replies: 23
Views: 4947

Re: Wireguard VPN access to the routerbox [SOLVED]

... set discover-interface-list=LAN /ipv6 settings set max-neighbor-entries=8192 /interface detect-internet set detect-interface-list=NONE /interface l2tp-server server set authentication=mschap2 use-ipsec=yes /interface list member add interface=bridge1 list=LAN add interface=ether1 list=WAN add ...
by rbrtre
Sat Jun 04, 2022 5:44 am
Forum: Beginner Basics
Topic: Accessing NVR and home automation server
Replies: 6
Views: 938

Re: Accessing NVR and home automation server

... interface=ether9 add bridge=bridge1 interface=ether10 add bridge=bridge1 interface=sfp1 add bridge=bridge1 interface=wlan1 /interface l2tp-server server set enabled=yes use-ipsec=required /interface list member add interface=pppoe-out1 list=WAN add interface=bridge1 list=LAN /interface ...
by Aimovoria
Thu May 26, 2022 3:54 pm
Forum: Beginner Basics
Topic: Webserver (cannot get internally to intranet site via mobile phones) + other stuff..
Replies: 3
Views: 1811

Webserver (cannot get internally to intranet site via mobile phones) + other stuff..

... interface=sfp-sfpplus1 add bridge=br-Trunk interface=combo1 /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface l2tp-server server set default-profile=VPN_MAC enabled=yes use-ipsec=required /interface list member add interface=WAN1 list=WAN add interface=WAN2 ...
by turkel
Fri May 13, 2022 2:23 pm
Forum: General
Topic: VPN Issue
Replies: 1
Views: 633

VPN Issue

... interface=sfp1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface detect-internet set detect-interface-list=all /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 ...
by tangent
Sun May 08, 2022 12:50 pm
Forum: General
Topic: Securing a small network
Replies: 27
Views: 3194

Re: Securing a small network

... That got me to thinking: couldn't you use one of RouterOS's many VPN technologies to solve this? Above, I dismissed the option of IKEv2/IPsec/L2TP on an intra-LAN basis as "overkill." Not only is it more complicated to set up and manage than any other VPN technology, it's likely ...
by drasir
Thu Apr 28, 2022 12:02 am
Forum: General
Topic: Missing ether7 / no DHCP active on Port [SOLVED]
Replies: 8
Views: 1248

Re: Missing ether7 / no DHCP active on Port [SOLVED]

... indoor mode=ap-bridge name="wlan2 - 2,4GHz" ssid=darkSTAR_2,4G \ wireless-protocol=802.11 wps-mode=push-button-virtual-only /interface l2tp-server add name=VPN-IN user=bogus1 add name=VPN-IN_henny user=bogus2 add name=VPN-IN_l2s user=bogus3 /interface veth add address=192.168.88.7/16 ...
by sevo
Mon Apr 04, 2022 3:24 pm
Forum: Beginner Basics
Topic: LAN 2 LAN Wireguard tunnel [SOLVED]
Replies: 12
Views: 5581

Re: LAN 2 LAN Wireguard tunnel [SOLVED]

... /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface detect-internet set detect-interface-list=all /interface l2tp-server server set authentication=mschap1,mschap2 /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 ...
by howdey57
Mon Mar 28, 2022 9:29 pm
Forum: Beginner Basics
Topic: Moving to VLANs - Isolation and Access to my Router
Replies: 8
Views: 3061

Moving to VLANs - Isolation and Access to my Router

... here - I think it is getting quite complex - I hope to move my French VPN to Wireguard soon (after upgrading to v7). My Android phone doesn't like L2TP/IPSec anymore. If you spot any howlers in my config, please let me know!! Thank you in advance, Charlie # mar/28/2022 18:40:02 by RouterOS 6.48.6 ...
by awacenter
Fri Mar 18, 2022 4:29 pm
Forum: Announcements
Topic: v7.1.3 is released!
Replies: 251
Views: 55667

Re: v7.1.3 is released!

I have just tried to import l2tp client configuration with IPsec. I did: [admin@VPN-Infantas] /interface/l2tp-client> exp # mar/18/2022 15:27:44 by RouterOS 7.1.3 # software id = gjfgjkowegl # # model = RB5009UG+S+ # serial number = EC190F215E16 ...
by Dalvi
Sun Feb 27, 2022 9:47 pm
Forum: Beginner Basics
Topic: Same ISP, 3 PPPoE with own public IP, need to route each to own subnet/VLAN
Replies: 0
Views: 202

Same ISP, 3 PPPoE with own public IP, need to route each to own subnet/VLAN

... switch2 vlan-id=2 add comment="IP 56" independent-learning=yes ports=ether08,ether09,ether10 \ switch=switch2 vlan-id=3 /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether01-WAN1 ...
by esipoko
Wed Feb 23, 2022 9:41 am
Forum: Beginner Basics
Topic: Can't ping between two specific LANs
Replies: 9
Views: 3233

Can't ping between two specific LANs

... Modem Port4" name=\ ether8-Fiber4 set [ find default-name=sfp1 ] comment="Fiber Module" disabled=yes name=sfp /interface l2tp-server add comment="WAN L2TP In" name=L2TP-In user=Vahid /interface eoip add mac-address=02:3D:8F:42:63:3E mtu=1500 name=eoip-GermanVPS ...
by bbs2web
Fri Feb 18, 2022 1:05 pm
Forum: Announcements
Topic: v6.49.3 [stable] is released!
Replies: 64
Views: 21258

Re: v6.49.3 [stable] is released!

... xauth-use-radius=no [user@router] > ip ipsec export # feb/18/2022 12:44:28 by RouterOS 6.49.3 # software id = xxxx-xxxx # # # <blank> L2TP IPSec configuration is identical on the two routers: /ppp profile set *FFFFFFFE only-one=yes /ppp secret add local-address=192.168.253.5 remote-address=192.168.253.6 ...
by haris013
Wed Feb 09, 2022 6:24 pm
Forum: General
Topic: Recursive Routes in RoS 7.x
Replies: 35
Views: 17916

Re: Recursive Routes in RoS 7.x

... mode=dynamic-keys supplicant-identity=MikroTik \ unicast-ciphers=tkip,aes-ccm /ip ipsec peer # This entry is unreachable add name=l2tp passive=yes /ip ipsec profile set [ find default=yes ] dh-group=modp1024 enc-algorithm=aes-256,3des /ip ipsec proposal set [ find default=yes ] ...
by LeRadelle
Mon Jan 31, 2022 5:13 pm
Forum: General
Topic: two l2tp connections from same ip address
Replies: 21
Views: 16169

Re: two l2tp connections from same ip address

... RouterOSv7. I'd recommend to change the profile as suggested first. But as there are many other users, don't change the profile under /interface l2tp-server server - instead, add a new profile with only-one=no as a copy of the default one with another name, and use it only for the two /ppp secret ...
by LeRadelle
Mon Jan 31, 2022 12:40 am
Forum: General
Topic: two l2tp connections from same ip address
Replies: 21
Views: 16169

Re: two l2tp connections from same ip address

Server log detailed: Jan/30/2022 23:33:55 system,info log: log rule changed by XXXX Jan/30/2022 23:33:55 l2tp,info log: first L2TP UDP packet received from 95.168.118.22 Jan/30/2022 23:33:55 l2tp,ppp,info log: <l2tp-VergosDUE>: terminating... - hungup Jan/30/2022 23:33:55 l2tp,ppp,info,account ...
by LeRadelle
Mon Jan 31, 2022 12:30 am
Forum: General
Topic: two l2tp connections from same ip address
Replies: 21
Views: 16169

Re: two l2tp connections from same ip address

... log from server: Jan/30/2022 23:14:08 ipsec,info log: the packet is retransmitted by 212.15.178.17[238]. Jan/30/2022 23:14:09 interface,info log: <l2tp-VergosDUE> detect INTERNET Jan/30/2022 23:14:13 l2tp,info log: first L2TP UDP packet received from 95.168.118.22 Jan/30/2022 23:14:13 l2tp,ppp,info ...
by LeRadelle
Sun Jan 30, 2022 10:14 pm
Forum: General
Topic: two l2tp connections from same ip address
Replies: 21
Views: 16169

Re: two l2tp connections from same ip address

... > export # jan/30/2022 20:49:26 by RouterOS 7.1.1 # software id = x # # model = RB952Ui-5ac2nD # serial number = xxxxxxxxxx /interface l2tp-client add connect-to=public.ip.vpn.server name=l2tp-out1 user=VergosUNO /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce ...
by LeRadelle
Sun Jan 30, 2022 3:41 pm
Forum: General
Topic: two l2tp connections from same ip address
Replies: 21
Views: 16169

Re: two l2tp connections from same ip address

... address visible to the server, you have to use a non-standard port for L2TP at client side at all clients except one. When you set use-ipsec=yes ... , RouterOS dynamically creates (as of 6.44.3) an IPsec identity, peer and policy to protect the L2TP exchange with ...
by rjow2021
Fri Jan 28, 2022 4:10 pm
Forum: Beginner Basics
Topic: WAN access over WireGuard? [SOLVED]
Replies: 2
Views: 1742

WAN access over WireGuard? [SOLVED]

... discover-interface-list=none /ip settings set max-neighbor-entries=8192 /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface l2tp-server server set enabled=yes use-ipsec=required /interface list member add interface=bridge list=LAN add interface=pppoe-wan list=WAN /interface ...
by gigabyte091
Mon Jan 17, 2022 10:59 am
Forum: Beginner Basics
Topic: Wireguard VPN setup [SOLVED]
Replies: 95
Views: 26812

Re: Wireguard VPN setup [SOLVED]

... /ipv6 settings set disable-ipv6=yes max-neighbor-entries=8192 /interface detect-internet set detect-interface-list=all /interface l2tp-server server set authentication=mschap2 default-profile=VPN_Ured enabled=yes use-ipsec=\ required /interface list member add comment=defconf interface=bridge ...
by zippedmails
Mon Jan 03, 2022 12:50 pm
Forum: Beginner Basics
Topic: Is L2TP VPN safe for internet traffic?
Replies: 35
Views: 7077

Re: Is L2TP VPN safe for internet traffic?

... vpn server address (from www.vpngate.net) under PPP -> Interface -> ToVPN (this is my interface name) -> Dial Out (in order to activate the L2TP VPN). Note please that I have also added use-ipsec=yes -> use-ipsec=required as per last comment by @kalamaja. Now: 2. When I plug my laptop directly ...
by zippedmails
Thu Dec 30, 2021 12:03 pm
Forum: Beginner Basics
Topic: Is L2TP VPN safe for internet traffic?
Replies: 35
Views: 7077

Is L2TP VPN safe for internet traffic?

... that I could channel all my internet traffic at home through a secure VPN on this router. The seller has thus configured the router to work with L2TP VPN, and it has been up and running since day one. But, I have a couple of questions: 1. Is the current configuration on my router correct and ...
by souravmaiti
Mon Dec 13, 2021 9:56 am
Forum: General
Topic: Tile CCR BGP Crash after 7.1 upgrade
Replies: 1
Views: 2454

Tile CCR BGP Crash after 7.1 upgrade

... set discover-interface-list=!dynamic /ip settings set tcp-syncookies=yes /ipv6 settings set max-neighbor-entries=1024 /interface l2tp-server server set default-profile=default enabled=yes max-mru=1300 max-mtu=1300 /interface ovpn-server server set auth=sha1 certificate=server.crt_0 ...
by florianmulatz
Mon Dec 13, 2021 7:35 am
Forum: RouterOS beta
Topic: Speed drop after update to 7.1stable [SOLVED]
Replies: 39
Views: 17066

Re: Speed drop after update to 7.1stable [SOLVED]

... - even kid control as it does additional monitoring of all traffic. Temporarily disabling kid control may also help. It looks like those L2TP/ipsec tunnels are for remote connections to this router, so they are probably not even in use when this testing is happening, I would imagine. ...
by florianmulatz
Sat Dec 11, 2021 6:05 pm
Forum: RouterOS beta
Topic: Speed drop after update to 7.1stable [SOLVED]
Replies: 39
Views: 17066

Re: Speed drop after update to 7.1stable [SOLVED]

... ] ip-type=ipv4 /interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik /ip ipsec mode-config add name=l2tp-vpn-mode-config static-dns=192.168.100.246 system-dns=no /ip ipsec profile add dh-group=modp1024 enc-algorithm=aes-256,3des name=l2tp-vpn-peer-profile ...
by shah76597
Sun Nov 28, 2021 12:33 pm
Forum: General
Topic: Can't ping mikrotik LAN gateway from internal end users devices
Replies: 6
Views: 2330

Re: Can't ping mikrotik LAN gateway from internal end users devices

... o_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[\ RP]" /ip ipsec peer # This entry is unreachable add name=L2TP passive=yes /ip ipsec profile set [ find default=yes ] dh-group=modp1024 /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-128-cbc ...
by Treart
Wed Nov 03, 2021 12:56 pm
Forum: General
Topic: DHCP acting weird
Replies: 11
Views: 1412

Re: DHCP acting weird

... add bridge=bridge comment=defconf interface=sfp-sfpplus1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set authentication=chap,mschap2 default-profile=norba use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN ...
by pe1chl
Sun Oct 31, 2021 1:00 pm
Forum: RouterOS beta
Topic: v7.1rc5 [development] is released!
Replies: 167
Views: 48149

Re: v7.1rc5 [development] is released!

... One of them is: /routing bgp connection add as=4220406101 connect=yes disabled=no hold-time=15s input.filter=\ hamnet-in listen=yes local.address=l2tp-hamnet .role=ebgp .ttl=1 name=\ gw-44-137-test nexthop-choice=force-self output.default-originate=\ if-installed .filter-chain=hamnet-out .network=bgp-networks ...
by abeluko
Tue Oct 26, 2021 5:18 pm
Forum: Forwarding Protocols
Topic: L2TP with Windows Server Radius
Replies: 7
Views: 5111

Re: L2TP with Windows Server Radius

... 16:09:43 ipsec,info ISAKMP-SA established 192.168.1.120[500]-192.168.1.116[500] spi:5b0ce37769e8ffe2:5a18ebe37ba9279a 16:09:44 l2tp,info first L2TP UDP packet received from 192.168.1.116 16:09:45 l2tp,ppp,info,account abel logged in, 172.26.1.219 from 192.168.1.116 16:09:45 ...
by martinm
Mon Oct 18, 2021 9:56 pm
Forum: General
Topic: L2TP/IPSEC issues with Windows 10
Replies: 4
Views: 4065

Re: L2TP/IPSEC issues with Windows 10

... client and that makes no difference. Cheers, Martin --- INTERFACE TIME NUM DIR SRC-MAC DST-MAC VLAN SRC-ADDRESS DST-ADDRESS PROTOCOL SIZE CPU FP <l2tp-vpn> 14.028 27 <- 10.10.10.254:51365 10.10.1.51:8006 ip:tcp 52 0 no <l2tp-vpn> 14.037 28 <- 10.10.10.254:56219 10.10.1.51:8006 ip:tcp 52 0 no <l2tp-vpn> ...
by martinm
Mon Oct 18, 2021 12:55 am
Forum: General
Topic: L2TP/IPSEC issues with Windows 10
Replies: 4
Views: 4065

L2TP/IPSEC issues with Windows 10

... of my config are: /ip pool add name=vpn ranges=10.10.10.2-10.10.10.255 /ppp profile add dns-server=10.10.10.1 local-address=10.10.10.1 name=L2TP only-one=no \ remote-address=vpn /interface l2tp-server server set default-profile=L2TP enabled=yes ipsec-secret=\ SomethingSecure max-mru=1460 ...
by icepicknz
Mon Oct 11, 2021 5:15 am
Forum: General
Topic: Slow traffic via basic L2TP tunnel
Replies: 1
Views: 1375

Slow traffic via basic L2TP tunnel

... TCP Dup ACK's Router at home doing PPPoE [admin@9DaynaAve] > /interface l2tp-client export # oct/11/2021 15:08:59 by RouterOS 6.44.1 # software id = SCBV-EF7W # # model = 2011iLS # serial number = 608405AEC6A8 /interface ...
by InTheSprawl
Fri Oct 01, 2021 9:08 am
Forum: General
Topic: ROS 6.38 serious DHCP server problem
Replies: 147
Views: 66361

Re: ROS 6.38 serious DHCP server problem

... ] authentication-types=wpa2-psk mode=dynamic-keys \ supplicant-identity=MikroTik /ip ipsec peer # This entry is unreachable add comment=L2TP name=L2TPpeer passive=yes # This entry is unreachable add name=l2tp-in-server passive=yes /ip ipsec profile set [ find default=yes ] enc-algorithm=aes-256,3des ...
by Leolo
Fri Sep 24, 2021 8:10 pm
Forum: General
Topic: Windows XP via L2TP/Ipsec
Replies: 3
Views: 936

Re: Windows XP via L2TP/Ipsec

... ipsec 80.214.39.44 invalid ID payload. I've also seen this documentation: https://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP Which says: Note: Windows XP does not work according to RFC. You need to set main-l2tp exchange mode, otherwise Win XP client will not be able ...
by archerious
Thu Sep 23, 2021 10:04 pm
Forum: Beginner Basics
Topic: IPv6 help [SOLVED]
Replies: 16
Views: 4353

Re: IPv6 help [SOLVED]

... dot1x client add anon-identity=CENSORED certificate=\ Client_CENSORED.pem_0 eap-methods=eap-tls identity=\ CENSORED interface=ether1 /interface l2tp-server server set allow-fast-path=yes authentication=chap,mschap2 enabled=yes max-mru=1460 \ max-mtu=1460 use-ipsec=required /interface list member ...
by auspat
Tue Sep 14, 2021 10:35 pm
Forum: General
Topic: 2 separate networks - no internet access
Replies: 6
Views: 1418

2 separate networks - no internet access

... pfs-group=none /ip pool add comment="VLAN 1 - Intern" name=dhcp ranges=192.168.103.10-192.168.103.50 add comment=L2TP name=L2TP ranges=10.0.10.1-10.0.10.50 add comment="VLAN 20 - Guest" name=dhcp_pool3 ranges=\ 10.18.100.2-10.18.103.254 /ip dhcp-server ...
by auspat
Tue Sep 14, 2021 6:48 pm
Forum: Beginner Basics
Topic: 2 separate networks - no internet access
Replies: 4
Views: 1128

2 separate networks - no internet access

... pfs-group=none /ip pool add comment="VLAN 1 - Intern" name=dhcp ranges=192.168.103.10-192.168.103.50 add comment=L2TP name=L2TP ranges=10.0.10.1-10.0.10.50 add comment="VLAN 20 - Guest" name=dhcp_pool3 ranges=\ 10.18.100.2-10.18.103.254 /ip dhcp-server ...
by dima1002
Sun Sep 05, 2021 12:26 pm
Forum: General
Topic: Firewall Check
Replies: 22
Views: 3430

Firewall Check

... \ src-address=192.168.141.254 add action=accept chain=forward comment="Accept established connections" \ disabled=yes out-interface=l2tp-aa add action=accept chain=forward disabled=yes in-interface=l2tp-aa \ out-interface=bridge_FIRMA add action=accept chain=forward disabled=yes ...
by Solear
Sat Sep 04, 2021 7:59 pm
Forum: Beginner Basics
Topic: Wireguard and VLAN
Replies: 5
Views: 4481

Wireguard and VLAN

... vlan-ids=92 /interface detect-internet set detect-interface-list=all internet-interface-list=WAN wan-interface-list=\ WAN /interface l2tp-server server set l2tpv3-circuit-id="" l2tpv3-cookie-length=0 l2tpv3-digest-hash=md5 /interface list member add interface=ether1 list=WAN ...
by LinuxLarry
Fri Aug 27, 2021 8:17 pm
Forum: General
Topic: L2TP with private ip from DHCP Server Connection Problems [SOLVED]
Replies: 15
Views: 2194

Re: L2TP with private ip from DHCP Server Connection Problems [SOLVED]

Fresh log output. 11:13:57 ipsec,debug ===== received 444 bytes from my.pubip.1[4500] to 10.106.74.190[4500] 11:13:57 ipsec,debug hash(sha1) 11:13:57 ipsec,debug === 11:13:57 ipsec respond new phase 2 negotiation: 10.106.74.190[4500]<=>my.pubip.1[4500] 11:13:57 ipsec,debug begin. 11:13:57 ipsec,debu...
by rjow2021
Wed Aug 18, 2021 12:45 pm
Forum: Beginner Basics
Topic: Failed IPSEC connection every morning from 216.218.206.106 [SOLVED]
Replies: 2
Views: 1168

Failed IPSEC connection every morning from 216.218.206.106 [SOLVED]

... add bridge=bridge comment=defconf interface=sfp-sfpplus1 /ip neighbor discovery-settings set discover-interface-list=none /interface l2tp-server server set enabled=yes use-ipsec=required /interface list member add interface=bridge list=LAN add interface=ether1 list=WAN add interface=pppoe-wan ...
by belits17
Wed Aug 04, 2021 10:47 pm
Forum: General
Topic: PROBLEMA ANCHO DE BANDA EN LAN [SOLVED]
Replies: 19
Views: 10150

Re: PROBLEMA ANCHO DE BANDA EN LAN [SOLVED]

... /ip neighbor discovery-settings set discover-interface-list=all /interface detect-internet set detect-interface-list=all /interface l2tp-server server set authentication=mschap1,mschap2 enabled=yes use-ipsec=yes /interface list member add list=discover add interface=ETH4 list=discover ...
by cezars
Sat Jul 17, 2021 3:19 pm
Forum: Beginner Basics
Topic: How to make Port knocking working on vpn/pptp connection ?
Replies: 25
Views: 7129

Re: How to make Port knocking working on vpn/pptp connection ?

... THAT ACL you can then use to "filter" you rules on VPN ,say L2TP/SSTP/PPTP add action=add-src-to-address-list address-list="Port ... from my config need to be removed # may/30/2020 18:26:00 by RouterOS 6.44 # software id = xxxx-xxxx # # model = RouterBOARD 962UiGS-5HacT2HnT ...
by joffrey575
Thu Jun 10, 2021 3:16 pm
Forum: Beginner Basics
Topic: Unstable connection BGP L2TP IPSec
Replies: 2
Views: 993

Re: Unstable connection BGP L2TP IPSec

I assume you are using L2TP because you are traversing many networks and want to create a single-hop tunnel? I pay my L2TP tunnel to avoid sniff data by big network provider by using IPSec. If so - the performance issues could very well ...
by joffrey575
Thu Jun 10, 2021 11:24 am
Forum: Beginner Basics
Topic: Unstable connection BGP L2TP IPSec
Replies: 2
Views: 993

Unstable connection BGP L2TP IPSec

Hi all, I'm connect with BGP with another AS by L2TP tunneling. When i do an iperf3 on a server, the performance increase and decrease. The same problem appear with nextcloud when i send file on my server since mozilla. Yesterday, my nextcloud talk ...
by Pisanisavich
Sun Jun 06, 2021 10:07 pm
Forum: Beginner Basics
Topic: L2TP/Ipsec into Single VLAN
Replies: 5
Views: 1650

Re: L2TP/Ipsec into Single VLAN

@tdw From reading your correspondence with simonefil. I have turned on proxy-arp on the BR1 Interface. I also added ppp > secret > routes 192.168.44.0/24 0.0.0.1 ?? for user John *The current account I am trying to get to work. I am still unable to ping or connect to any of the computers on the netw...
by Pisanisavich
Sat Jun 05, 2021 4:53 pm
Forum: Beginner Basics
Topic: L2TP/Ipsec into Single VLAN
Replies: 5
Views: 1650

L2TP/Ipsec into Single VLAN

... Mikrotik equipment to RB4011's and With the help of @anav, @mkx and @erlinden. I was able to setup some VLANS. When I connect to the office over L2TP/IPSEC I can ping the Mikrotik but nothing else.Do I need to set up a different type of connection? EOIP? I tried enabling proxy-arp to no avail. ...
by hettonkgb
Fri Jun 04, 2021 3:40 am
Forum: Beginner Basics
Topic: Access Webserver inside Lan - Hairpin NAT [SOLVED]
Replies: 3
Views: 2609

Access Webserver inside Lan - Hairpin NAT [SOLVED]

... local-address=192.168.89.1 \ remote-address=vpn /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add interface=ether1 list=WAN add list=LAN /interface pptp-server server set ...
by reima
Tue May 18, 2021 5:36 pm
Forum: General
Topic: VLAN Problem with Linux
Replies: 1
Views: 670

VLAN Problem with Linux

... ranges=10.0.3.1-10.0.3.100 /ip ipsec mode-config add address-pool=pool_vpn name=vpndhcp /ppp profile add local-address=10.0.254.254 name=l2tp_vpn remote-address=pool_vpn \ use-encryption=required /queue simple add max-limit=1M/10M name=queue1 target=vlan_guest /caps-man access-list add ...
by Pisanisavich
Wed May 12, 2021 11:17 pm
Forum: Beginner Basics
Topic: Need Help with SSTP Connection into VLAN. Also L2TP
Replies: 1
Views: 797

Need Help with SSTP Connection into VLAN. Also L2TP

... from my house back to the office. I am able to connect and I can ping Mikrotik to Mikrotik So I Think I have something wrong with the routing. L2TP- When I connect to the office over L2TP/IPSEC I can ping the Mikrotik but nothing else. I am sending data but not receiving, is this an encapsulation ...
by Jotne
Tue May 04, 2021 9:26 pm
Forum: General
Topic: Feature requests
Replies: 1740
Views: 624907

Re: Feature requests

... bridge,stp MikroTik: wlan2 forwarding dhcp,warning MikroTik: DHCP-vlan1-Home offering lease 192.168.10.206 for D8:BF:C0:50:33:DC without success l2tp,ppp,info MikroTik: <l2tp-Kjell-Ivar>: disconnected ipsec,info MikroTik: ISAKMP-SA deleted 22.20.2.91[4500]-9.19.78.44[4500] spi:46f07f9aaad565f3:4b0b7aaaa22ae161 ...
by rextended
Tue May 04, 2021 12:14 am
Forum: General
Topic: VPN L2TP/IPSEC RouterOS 6.11
Replies: 19
Views: 2239

Re: VPN L2TP/IPSEC RouterOS 6.11

What's new in 6.13 (2014-May-15 16:03): *) l2tp - fixed occasional server lockup; *) pptp - fixed memory leak; What's new in 6.16 (2014-Jul-17 13:12): *) l2tp, pptp, pppoe - fixed possible packet corruption when encryption was enabled; What's ...
by fritzme
Mon Apr 26, 2021 3:50 pm
Forum: General
Topic: IKEv2 + android clients [SOLVED]
Replies: 9
Views: 8898

Re: IKEv2 + android clients [SOLVED]

... connection-state=established,related,untracked add action=accept chain=input in-interface=ether1 log=yes log-prefix=L2TP port=1701,500,4500 protocol=udp add action=accept chain=input in-interface=ether1 log=yes protocol=ipsec-esp add action=drop chain=input comment="defconf: ...
by donnyforbes78
Fri Apr 23, 2021 9:37 pm
Forum: Beginner Basics
Topic: Port Forwarding
Replies: 25
Views: 3123

Re: Port Forwarding

... interface=ether2 add bridge=bridge-wan interface=ether3 add bridge=bridge-mgm interface=ether6 add bridge=bridge-mgm interface=ether5 /interface l2tp-server server set enabled=yes ipsec-secret="\$Atlantaaopsvpn04as" use-ipsec=yes /interface sstp-server server set authentication=mschap2 ...
by estaf
Sun Apr 18, 2021 1:56 pm
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 28
Views: 25876

Re: ROS 6.44 - VPN L2TP not working

watching a " wrong password" msg anyway. There's problem not from any clients. Only over some providers.
by jonmill
Fri Apr 16, 2021 8:38 am
Forum: Beginner Basics
Topic: DST-NAT not opening port
Replies: 14
Views: 2358

Re: DST-NAT not opening port

... interface=ether5 add bridge=bridge comment=defconf interface=sfp1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 ...
by jonmill
Thu Apr 15, 2021 3:29 am
Forum: Beginner Basics
Topic: DST-NAT not opening port
Replies: 14
Views: 2358

Re: DST-NAT not opening port

... interface=ether5 add bridge=bridge comment=defconf interface=sfp1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 ...
by Akuras
Wed Apr 14, 2021 1:39 pm
Forum: General
Topic: no access out of firewall
Replies: 11
Views: 1457

Re: no access out of firewall

... interface=sfp1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface detect-internet set detect-interface-list=all /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=1.SINET ...
by jonmill
Wed Apr 14, 2021 3:34 am
Forum: Beginner Basics
Topic: DST-NAT not opening port
Replies: 14
Views: 2358

DST-NAT not opening port

... interface=ether5 add bridge=bridge comment=defconf interface=sfp1 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 ...
by ramirez
Wed Apr 07, 2021 3:38 pm
Forum: General
Topic: Discovery of external IP address (Noip.com)
Replies: 30
Views: 6113

Re: Discovery of external IP address (Noip.com)

... to assist (and teach) ! A) The way you describe it, you've opted to use a dst-nat rule rather than to restrict the IPsec policy to carry only the L2TP transport packets. Nothing wrong about that. However, it then cannot be a matter of a bypassed dst-nat any more, but there may still be an MTU ...
by rjow2021
Thu Apr 01, 2021 5:12 pm
Forum: Beginner Basics
Topic: A little help with VLANs - CRS328
Replies: 10
Views: 1887

Re: A little help with VLANs - CRS328

... add bridge=bridge tagged=bridge vlan-ids=10 add bridge=bridge tagged=bridge vlan-ids=20 add bridge=bridge tagged=bridge vlan-ids=30 /interface l2tp-server server set one-session-per-host=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add interface=ether1 ...
by ramirez
Tue Mar 30, 2021 1:43 pm
Forum: General
Topic: Discovery of external IP address (Noip.com)
Replies: 30
Views: 6113

Re: Discovery of external IP address (Noip.com)

... through DDNS (WinBox)? If I try from my phone's 4G I can. I understand that this happens because I am connected to that network, that has the L2TP link with the Server (and I can connect using server's 172.21.69.153) but cannot figure out why I am losing connection through DDNS. B) If I unplug ...
by rjow2021
Mon Mar 29, 2021 2:52 pm
Forum: Beginner Basics
Topic: Move WAN from ether1 to ether6? [SOLVED]
Replies: 10
Views: 2104

Re: Move WAN from ether1 to ether6? [SOLVED]

... /ip neighbor discovery-settings set discover-interface-list=LAN /interface detect-internet set detect-interface-list=all /interface l2tp-server server set one-session-per-host=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add interface=ether1 ...
by axel50397
Mon Mar 29, 2021 9:44 am
Forum: General
Topic: Join interface to VPN pool [SOLVED]
Replies: 7
Views: 1078

Re: Join interface to VPN pool [SOLVED]

... used have local address as 192.168.44.1, remote address as pool-vpn (192.168.44.10-192.168.44.200). I looked again, the interfaces created (type L2TP bindings) are independent and not part of any bridge... Is this the root of my problem? Also, don't use PPTP as MSCHAPv2/MPPE authentication/encryption ...
by DrRob
Tue Mar 16, 2021 9:23 pm
Forum: General
Topic: packet loss between CPU and switch [SOLVED]
Replies: 4
Views: 1534

packet loss between CPU and switch [SOLVED]

... an IP address that is shared with other customers so inbound connections aren't possible, so instead I have configured router #3 to establish a L2TP connection to my home router (also a 951G-2HnD), with firewalls set up at both ends to allow only ssh connections. I have ssh client config on ...
by DavidGB
Tue Mar 09, 2021 1:35 pm
Forum: Beginner Basics
Topic: Internet / VPN Problem
Replies: 12
Views: 1913

Re: Internet / VPN Problem

... interface=ether7 add bridge=LAN-Bridge interface=ether8 add bridge=LAN-Bridge interface=ether9 add bridge=LAN-Bridge interface=ether10 /interface l2tp-server server set authentication=mschap2 enabled=yes use-ipsec=required /ip address add address=192.168.2.1/24 interface=LAN-Bridge network=192.168.2.0 ...
by nicolaviale
Thu Mar 04, 2021 9:52 am
Forum: Beginner Basics
Topic: Port forwarding - l2tp client to server - Problems
Replies: 3
Views: 1560

Port forwarding - l2tp client to server - Problems

... tried every tutorial and read all the possible posts. We have an l2tp vpn client to server where the server is M1 and the client is M2. We ... that we have at the moment. - M1 # mar/04/2021 08:14:01 by RouterOS 6.44.6 # software id = 9TLC-VZSA # # model = RB750r2 # serial number = /interface ...
by DavidGB
Mon Feb 15, 2021 2:03 pm
Forum: Beginner Basics
Topic: Internet / VPN Problem
Replies: 12
Views: 1913

Internet / VPN Problem

... connection. In other way, i have a question about VPN connection. My home milkrotik is the server and my office mikrotik is client and I have an L2TP tunnel. I can doing ping to office router and this routers devices from my home router terminal but I can´t doing that from my home "Administrator ...
by rjow2021
Thu Feb 11, 2021 5:53 pm
Forum: Beginner Basics
Topic: not_from_LAN input showing in log. [SOLVED]
Replies: 2
Views: 964

not_from_LAN input showing in log. [SOLVED]

... add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp add action=accept chain=input ...
by szabi
Sun Jan 31, 2021 11:05 pm
Forum: General
Topic: connecting as an l2tp/IPSEC client
Replies: 21
Views: 3730

Re: connecting as an l2tp/IPSEC client

Just one more point, can you disable both the L2TP server on the Mikrotik and the l2tp-out1, wait 3 minutes and a bit, and then enable only the l2tp-out1? I hazily remember someone had a problem with L2TP server and client running simultaneously. ...
by tuan
Sat Jan 30, 2021 6:39 am
Forum: General
Topic: Time Sync with SNTP client and IP Cloud Not Working
Replies: 36
Views: 9937

Re: Time Sync with SNTP client and IP Cloud Not Working

... add bridge=bridge interface=wlan3 add bridge=bridge interface=wlan4 /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf interface=ether1 ...
by szabi
Fri Jan 29, 2021 3:20 pm
Forum: General
Topic: connecting as an l2tp/IPSEC client
Replies: 21
Views: 3730

Re: connecting as an l2tp/IPSEC client

... will try it later. Last night I thicked CHAP and now it is connecting. # jan/29/2021 9:14:41 by RouterOS 6.48 # software id = L809-98LV # 09:14:43 l2tp,ppp,info l2tp-out1: initializing... 09:14:43 l2tp,ppp,info l2tp-out1: connecting... 09:14:43 l2tp,debug tunnel 11 entering state: wait-ctl-reply ...
by szabi
Thu Jan 28, 2021 4:33 pm
Forum: General
Topic: connecting as an l2tp/IPSEC client
Replies: 21
Views: 3730

Re: connecting as an l2tp/IPSEC client

... ipsec proposal rows. When you let RouterOS generate the IPsec initiator configuration dynamically by specifying use-ipsec=yes on the /interface l2tp-client row, it uses profile default ; to generate the policy for the L2TP transport packets, policy group default is used, and the default template ...
by szabi
Thu Jan 28, 2021 1:48 pm
Forum: General
Topic: connecting as an l2tp/IPSEC client
Replies: 21
Views: 3730

Re: connecting as an l2tp/IPSEC client

The logging configuration works different than you assume. /system logging add topics=l2tp,ipsec,!packet is not the same like /system logging add topics=l2tp add topics=ipsec,!packet A log row must match all topics specified on the configuration row in order to be ...
by mafiosa
Fri Jan 08, 2021 9:14 pm
Forum: General
Topic: dual wan PCC loadbalancing with GRE tunnel.
Replies: 12
Views: 2964

dual wan PCC loadbalancing with GRE tunnel.

... set [ find default-name=ether5 ] comment="Data Center" set [ find default-name=ether10 ] comment=Wifi /interface l2tp-server add name=Nabanna-PoP user=nabanna /interface gre add !keepalive local-address=10.28.115.18 name=Bally-PoP remote-address=\ 172.19.65.221 ...
by DavidGB
Tue Dec 29, 2020 9:42 pm
Forum: Beginner Basics
Topic: Firewall Problem
Replies: 7
Views: 1927

Re: Firewall Problem

... in right order. I think now is Ok # dec/29/2020 20:38:27 by RouterOS 6.44.5 # software id = E82L-C64C # # model = RB4011iGS+ /interface bridge ... /interface detect-internet set detect-interface-list=all /interface l2tp-server server set authentication=mschap2 enabled=yes use-ipsec=required ...
by alexsec
Thu Dec 17, 2020 12:27 pm
Forum: General
Topic: Implementation of Hairpin NAT question
Replies: 8
Views: 1479

Re: Implementation of Hairpin NAT question

... ] comment="Interface used for LAN" disabled=\ yes set [ find default-name=ether9 ] comment="Local LAN" /interface l2tp-server add name=l2tp-in1 user="" /interface pptp-server add name=pptp-in1 user="" /interface vlan add interface=EAP-BRIDGE ...
by acte28
Wed Dec 16, 2020 11:05 am
Forum: General
Topic: Mikrotik L2TP VPN - Cannot access internal LAN on MacOS or Linux. Windows OK.
Replies: 7
Views: 2680

Mikrotik L2TP VPN - Cannot access internal LAN on MacOS or Linux. Windows OK.

Hi all, I have an odd issue. I've successfully set up an L2TP VPN which authenticates to a Radius Server using Winbox. The config is set so that all traffic should be tunnelled through the VPN for technicians to access local internal resources as well ...
by tri
Sat Dec 12, 2020 8:48 pm
Forum: General
Topic: Routing mark + masquerade + VPN problem
Replies: 11
Views: 4321

Re: Routing mark + masquerade + VPN problem

/interface list add name=org-a-ppp /ppp profile add interface-list=org-a-ppp name=org-a-ppp use-encryption=required /interface l2tp-client add allow=chap connect-to=12.34.56.78 disabled=no keepalive-timeout=disabled name=l2tp-org-a profile=org-a-ppp use-ipsec=yes user=l2tp-org-b /ip firewall ...
by Martin4
Wed Dec 09, 2020 10:13 pm
Forum: Beginner Basics
Topic: Firewall rules order
Replies: 15
Views: 7436

Re: Firewall rules order

... add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp add action=accept chain=input comment="Permit L2TP 1700 - IPSec 4500 - IKE 500" dst-port=1701,500,4500 protocol=udp add action=accept chain=input comment="Permit sstp" dst-port=443 ...
by agrisvv
Tue Dec 08, 2020 7:21 pm
Forum: General
Topic: clients->ipsec router no internet [SOLVED]
Replies: 3
Views: 1232

clients->ipsec router no internet [SOLVED]

... servers behind router ( pings, responses and more..). *Can see what client connections get to router WAN output. **Internet with other vpns like l2tp/sstp/pptp work normal. Problem: Responses from WAN not reach client. In postrouting i see this: postrouting: in:(unknown 0)(ether10-WAN) out:bridge-WAN, ...
by Yaroslav
Wed Dec 02, 2020 9:50 pm
Forum: General
Topic: Radius_no route to host
Replies: 0
Views: 343

Radius_no route to host

... set use-radius=yes radius add address=IP_NPS secret=*** service=login system identity set name=radius_mikrotik Between the equipment is configured L2TP tunnel. Communication between radius server and mikrotik is available by ICMP. After a long search for a solution to the problem, I could not find ...
by carles
Mon Nov 30, 2020 10:53 am
Forum: Beginner Basics
Topic: Clients get IP from WAN DHCP server side
Replies: 8
Views: 2062

Re: Clients get IP from WAN DHCP server side

... have the ARP setting to Enabled. # nov/30/2020 09:50:31 by RouterOS 6.44.5 # software id = YH18-J680 # # model = RBD52G-5HacD2HnD # serial number ... neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set use-ipsec=yes /interface list member add comment=defconf ...
by carles
Fri Nov 27, 2020 5:02 pm
Forum: Beginner Basics
Topic: Clients get IP from WAN DHCP server side
Replies: 8
Views: 2062

Re: Clients get IP from WAN DHCP server side

Sorry mkx. Here is the config: # nov/27/2020 16:00:08 by RouterOS 6.44.5 # software id = YH18-J680 # # model = RBD52G-5HacD2HnD # serial number ... neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set use-ipsec=yes /interface list member add comment=defconf ...
by DavidGB
Fri Nov 27, 2020 11:53 am
Forum: Beginner Basics
Topic: Firewall Problem
Replies: 7
Views: 1927

Firewall Problem

... port add bridge=LAN_Ppal interface=ether2 add bridge=LAN_Ppal interface=ether5 /interface detect-internet set detect-interface-list=all /interface l2tp-server server set authentication=mschap2 enabled=yes use-ipsec=required /interface pptp-server server set enabled=yes /ip address add address=192.168.2.1/24 ...
by igpetkov
Tue Nov 17, 2020 4:27 pm
Forum: Wireless Networking
Topic: wapAC - CAPsMAN [SOLVED]
Replies: 6
Views: 1689

Re: wapAC - CAPsMAN [SOLVED]

... add interface=2.Guest_VLAN_16 add bridge=LAN interface=sfp5 /ip neighbor discovery-settings set discover-interface-list=!dynamic /interface l2tp-server server set authentication=mschap1,mschap2 enabled=yes use-ipsec=required /ip address add address=10.10.222.1/23 comment=Management_network: ...
by Drageir
Wed Nov 11, 2020 5:15 pm
Forum: Beginner Basics
Topic: Protect a port from my guest WiFi
Replies: 4
Views: 969

Re: Protect a port from my guest WiFi

... profile=profile_1 /ip pool add name=dhcp ranges=192.168.10.121-192.168.10.200 add name=vpn ranges=192.168.10.214-192.168.10.234 add name=l2tp-pool ranges=192.168.10.220-192.168.10.225 add name=dhcp_pool3_invi ranges=192.168.20.2-192.168.20.254 add name=hs-pool-9 ranges=10.5.50.2-10.5.50.254 ...
by tes73com
Thu Nov 05, 2020 2:21 pm
Forum: General
Topic: Need Config Help
Replies: 1
Views: 570

Need Config Help

... enabled=yes /ip neighbor discovery-settings set discover-interface-list=none /interface detect-internet set detect-interface-list=all /interface l2tp-server server set allow-fast-path=yes default-profile=PPTP-Profile enabled=yes use-ipsec=\ yes /interface list member add interface="WAN (ether1)" ...
by horstkevin
Wed Oct 28, 2020 8:59 am
Forum: General
Topic: VPN Server: Problems with L2TP IPsec: failed to pre-process ph2 packet
Replies: 3
Views: 6714

Re: VPN Server: Problems with L2TP IPsec: failed to pre-process ph2 packet

https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-l2tp-ipsec-server-behind-nat-t-device Thanks for that, but unfortunately it doesnt solve the problem yet. (as DWORD-Value I took "2") - Config export (/export hide-sensitive ...
by reima
Tue Oct 20, 2020 10:57 am
Forum: Beginner Basics
Topic: Firewall: Input Accept LAN doesn't work
Replies: 6
Views: 850

Re: Firewall: Input Accept LAN doesn't work

... ] html-directory=flash/hotspot /ip ipsec profile add enc-algorithm=aes-256,3des name=ipsec_ibk /ip ipsec peer # This entry is unreachable add name=l2tp-peer passive=yes profile=ipsec_ibk /ip ipsec proposal add enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des name=\ proposal1_l2tp_vpn_ibk ...
by reima
Mon Oct 19, 2020 11:54 pm
Forum: Beginner Basics
Topic: Firewall: Input Accept LAN doesn't work
Replies: 6
Views: 850

Firewall: Input Accept LAN doesn't work

... ] html-directory=flash/hotspot /ip ipsec profile add enc-algorithm=aes-256,3des name=ipsec_ibk /ip ipsec peer # This entry is unreachable add name=l2tp-peer passive=yes profile=ipsec_ibk /ip ipsec proposal add enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des name=proposal1_l2tp_vpn_ibk pfs-group=none ...
by TroyQ
Mon Oct 19, 2020 12:25 pm
Forum: General
Topic: VLAN DHCP on MAIN router not working to WLAN on AP [SOLVED]
Replies: 13
Views: 2631

Re: VLAN DHCP on MAIN router not working to WLAN on AP [SOLVED]

... /ip neighbor discovery-settings set discover-interface-list=all /ip settings set accept-redirects=yes max-neighbor-entries=16384 /interface l2tp-server server set authentication=mschap1,mschap2 default-profile=vpn138 enabled=yes max-sessions=3 one-session-per-host=yes use-ipsec=yes /interface ...
by rbuserdl
Tue Oct 13, 2020 5:16 pm
Forum: General
Topic: OVPN can not connect
Replies: 4
Views: 2580

OVPN can not connect

... kid=0 sid=02bf969f784e9c52 [0 sid=c8a25672bf5ba817] pid=0 DATA len=0 10:56:44 ovpn,debug,error,1380,3184,4180,54544,23876,65356,720,4176,l2tp,info,4180,critical,79,65535,critical,3720,61868,25488,79,65432,28056,28224,4043,64756,65356,42000,65356,pppoe duplicate packet, dropping 10:56:44 ...
by socada
Sun Oct 11, 2020 10:19 pm
Forum: General
Topic: PPPOE problems
Replies: 3
Views: 1614

Re: PPPOE problems

... set enabled=yes /ip neighbor discovery-settings set discover-interface-list=none /ip settings set rp-filter=loose tcp-syncookies=yes /interface l2tp-server server set authentication=mschap2 default-profile=vpn enabled=yes keepalive-timeout=\ disabled use-ipsec=required /interface list member ...
by bmagic
Tue Oct 06, 2020 8:02 pm
Forum: General
Topic: DNAT is changing the src IP to look like the Router's LAN IP
Replies: 12
Views: 1384

Re: DNAT is changing the src IP to look like the Router's LAN IP

... add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp add action=accept chain=input ...
by florianmulatz
Tue Oct 06, 2020 2:23 pm
Forum: Beginner Basics
Topic: Interface / VLAN Configuration
Replies: 9
Views: 1413

Re: Interface / VLAN Configuration

... # oct/06/2020 13:24:39 by RouterOS 6.47.4 # software id = LVGI-H82J # # model = RouterBOARD 3011UiAS # serial number = B8950BD1D59A /interface l2tp-server add name=l2tp-client-florian.mulatz user=florian.mulatz /interface l2tp-server add name=l2tp-client-martina.mulatz user=martina.mulatz /interface ...
by tomislav91
Sat Oct 03, 2020 12:46 am
Forum: General
Topic: tunnel troubleshoot
Replies: 34
Views: 4771

Re: tunnel troubleshoot

... pfs-group=none /ip firewall connection tracking set tcp-established-timeout=3h /ip settings set rp-filter=loose tcp-syncookies=yes /interface l2tp-server server set authentication=mschap1,mschap2 default-profile=l2tp_Company enabled=yes \ use-ipsec=yes /interface list member add interface=vrrp_WAN_1 ...
by Me4huk
Fri Sep 25, 2020 2:40 pm
Forum: Beginner Basics
Topic: VLAN isolation and cannot access device via winbox on VLANs
Replies: 0
Views: 999

VLAN isolation and cannot access device via winbox on VLANs

... tagged=ether2,bridge vlan-ids=35 add bridge=bridge tagged=ether2,bridge vlan-ids=44 add bridge=bridge tagged=ether2,bridge vlan-ids=199 /interface l2tp-server server set authentication=mschap2 default-profile=l2tp-profile enabled=yes ipsec-secret="~~~~~~~~~~~" use-ipsec=yes /interface ...
by 0xid0
Tue Sep 22, 2020 5:43 pm
Forum: Beginner Basics
Topic: Can't access to my services with my public IP
Replies: 11
Views: 2920

Re: Can't access to my services with my public IP

... add bridge=bridge1 interface=ether5 add bridge=bridge1 interface=wlan1 /interface detect-internet set detect-interface-list=all /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add interface=bridge1 list=LAN add interface=ether1 list=WAN /interface ovpn-server ...
by rkrisi
Sat Aug 29, 2020 10:14 pm
Forum: General
Topic: Configure dual WAN with dynamic IPs
Replies: 8
Views: 2130

Configure dual WAN with dynamic IPs

... vlan-ids=30 /interface detect-internet set detect-interface-list=WAN lan-interface-list=VLAN wan-interface-list=WAN /interface l2tp-server server set authentication=mschap1,mschap2 default-profile=ppp_private /interface list member add interface=ether1 list=WAN add interface=vlan_management ...
by rkrisi
Tue Aug 25, 2020 12:12 am
Forum: General
Topic: openVPN can't access client subnet [SOLVED]
Replies: 3
Views: 1426

openVPN can't access client subnet [SOLVED]

... vlan-ids=30 /interface detect-internet set detect-interface-list=WAN lan-interface-list=VLAN wan-interface-list=WAN /interface l2tp-server server set authentication=mschap1,mschap2 default-profile=ppp_private /interface list member add interface=ether1 list=WAN add interface=vlan_management ...
by UmairHamidani
Sun Aug 23, 2020 11:38 am
Forum: Beginner Basics
Topic: Capmsan with multiple bridges
Replies: 5
Views: 1758

Re: Capmsan with multiple bridges

... Port # 1" add bridge=Bridge-local interface="ether7 // SAP-PRD Internet" add bridge=Bridge-local interface=ether1 /interface l2tp-server server set allow-fast-path=yes use-ipsec=yes /interface list member add interface=ether1 list=WAN add interface="ether2 // IT-AP" ...
by lacibsd
Mon Jul 27, 2020 8:13 pm
Forum: General
Topic: send all traffic through l2tp VPN
Replies: 8
Views: 7119

send all traffic through l2tp VPN

router-A is connected to router-B via L2TP/IPSec. I can connect successfully to router-B, I receive the local network's ... 951Ui-2nD current-firmware: 6.46.5 Router-B model: RB760iGS current-firmware: 6.44.5 Thank you!
by Delid4ve
Tue Jul 21, 2020 3:40 pm
Forum: General
Topic: Bridge - VLANs - Switch Chip
Replies: 14
Views: 3490

Re: Bridge - VLANs - Switch Chip

... disabled=no interface=VLAN_10_VPN name=DHCP_10_VPN /ppp profile add name=Work remote-address=192.168.3.1 use-encryption=yes /interface l2tp-client add allow=mschap2 allow-fast-path=yes connect-to=**.**.**.** disabled=no keepalive-timeout=disabled name=Work profile=Work use-ipsec=yes ...
by dirtyhandz
Tue Jul 21, 2020 11:02 am
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 28
Views: 25876

Re: ROS 6.44 - VPN L2TP not working

... to 6.46.4 while trying VPN clients to connect upgraded router: parsing packet failed, possible cause: wrong password And of course I've got all my L2TP connections dropped and could not be established. So due to your kind replies I've fixed it few minutes ago as follows: PPP-->Interface-->L2TP ...
by testuser12
Tue Jul 14, 2020 8:04 pm
Forum: Beginner Basics
Topic: Android L2TP/IPSec VPN
Replies: 4
Views: 9513

Android L2TP/IPSec VPN

... modem in a bridged mode and dial in with my Mikrotik Router (RouterOS v.6.44.1) via a pppoe interface on the WAN port. My network is configured as ... with 192.168.0.1. I use a pihole as a DNS-Server on 192.168.0.3. l2tp config https://i.ibb.co/wzVZDM4/Unbenannt.png ipsec config https://i.ibb.co/GF1vhM2/Unbenannt2.png ...
by Bowen73
Wed Jul 08, 2020 11:39 am
Forum: General
Topic: RB750G VPN not passing through
Replies: 7
Views: 2067

Re: RB750G VPN not passing through

... interface=LAN3 add bridge=bridge1 interface=ether4 add bridge=bridge1 interface=ether5 /ip firewall connection tracking set enabled=yes /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add interface=ISP1-Static list=WAN add interface=LAN3 list=LAN add interface=pppoe-out1 ...
by robsgax
Sun Jul 05, 2020 9:28 pm
Forum: Wireless Networking
Topic: High Battery usage with 6.47 stable
Replies: 14
Views: 6641

High Battery usage with 6.47 stable

... disabled=no \ interface=ether5-WAN2 name=pppoe-Telnor profile=profileTelnor \ use-peer-dns=yes user=gisselam@prodigy.net.mx /interface l2tp-client add comment=VPN connect-to=98.153.62.16 disabled=no name=TorGuard profile=\ profileTorguard use-ipsec=yes user=recgaxiola@gmail.com /queue ...
by CrimzinZA
Wed Jul 01, 2020 5:03 pm
Forum: Beginner Basics
Topic: Access Mikrotik web gui via internet on thru LTE
Replies: 7
Views: 3302

Re: Access Mikrotik web gui via internet on thru LTE

... \ frequency=auto frequency-mode=manual-txpower installation=outdoor mode=\ ap-bridge ssid=MikroTik-TDOA3 wireless-protocol=802.11 /interface l2tp-client add connect-to=XX.XX.XX.XX name=l2tp-out1 use-ipsec=yes user=test /interface list add comment=defconf name=WAN add comment=defconf name=LAN ...
by Diresta
Tue Jun 30, 2020 6:18 pm
Forum: General
Topic: LAN to LAN forwarding [SOLVED]
Replies: 63
Views: 21513

Re: LAN to LAN forwarding [SOLVED]

... which RouterOS version does your device have? I'm running routerOS 6.44. I try to always run the newest stable release for security reasons. ... /interface detect-internet set detect-interface-list=all /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add ...
by LazyZeroed
Wed Jun 24, 2020 9:30 am
Forum: General
Topic: L2TP Server Binding + Dynamic L2TP Interface duplication
Replies: 16
Views: 9041

Re: L2TP Server Binding + Dynamic L2TP Interface duplication

I've got this issue under ROS 6.44.6

Can somebody suggest me more or less recent ROS version without this problem?
by dwkwong
Mon Jun 15, 2020 7:41 am
Forum: General
Topic: Installation Blocker on using Mikrotik X86 (non CHR)
Replies: 1
Views: 1570

Installation Blocker on using Mikrotik X86 (non CHR)

... is excellent, however, SSTP VPN is very slow (I cannot use OVPN or L2TP due to firewall with DPI). For SSL base VPN on the same WAN, I got 50m/s ... installer or netinstall. Below has been tested with netinstall 6.47 and 6.44. I do not want to use CHR as it adds additional complexity. I have been ...
by AJSG
Sat Jun 13, 2020 5:18 pm
Forum: General
Topic: Unable to update CCR
Replies: 93
Views: 15969

Re: Unable to update CCR

... # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 DS 0.0.0.0/0 ISP-BT 3 1 ADC 10.10.10.0/24 10.10.10.254 bridgeGuest 0 2 ADC 10.10.20.10/32 172.16.105.1 <l2tp-tinos-l2tp> 0 3 ADC 20.20.20.0/24 20.20.20.254 bridgeDRGuest 0 4 ADC 82.17.140.0/24 82.xx.xxx.24 ISP-Virgin 0 5 ADC 172.16.19.220/32 86.xxx.xx.174 ...
by accarda
Sun Jun 07, 2020 10:35 am
Forum: General
Topic: L2TP/IPSec vpn disconnects after a minute or so. [SOLVED]
Replies: 0
Views: 10447

L2TP/IPSec vpn disconnects after a minute or so. [SOLVED]

Hi everyone, I have (used to have) a working L2TP/IPSec setup that was working fine up to now, when I have noticed this problem. This config is using couple of profiles to allow site-to-site (using another MK as VPN client) and road warrior access. ...
by cezars
Sun May 31, 2020 11:57 pm
Forum: Scripting
Topic: Help with firewall
Replies: 12
Views: 11318

Re: Help with firewall

... is there also here is the cfg... # jun/01/2020 00:04:46 by RouterOS 6.44 # software id = xxxx-xxxx # # model = RouterBOARD 962UiGS-5HacT2HnT ... discovery-settings set discover-interface-list=discover /interface l2tp-server server set enabled=yes use-ipsec=yes /interface list member add ...
by cezars
Sat May 30, 2020 6:34 pm
Forum: Beginner Basics
Topic: How to make Port knocking working on vpn/pptp connection ?
Replies: 25
Views: 7129

Re: How to make Port knocking working on vpn/pptp connection ?

# may/30/2020 18:26:00 by RouterOS 6.44 # software id = xxxx-xxxx # # model = RouterBOARD 962UiGS-5HacT2HnT # serial ... dst-port=500 protocol=udp add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp add action=accept chain=input comment="allow ...
by ssantos
Fri May 29, 2020 10:00 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 4907

Re: Think i'm being attacked

... interface=sfp1 add bridge=bridge comment=defconf interface=wifi /ip neighbor discovery-settings set discover-interface-list=LAN /interface l2tp-server server set enabled=yes ipsec-secret=xxx use-ipsec=yes /interface list member add comment=defconf interface=bridge list=LAN add comment=defconf ...
by ssantos
Fri May 29, 2020 7:59 am
Forum: General
Topic: Think i'm being attacked
Replies: 16
Views: 4907

Re: Think i'm being attacked

My VPN connection is a L2TP. Not a PPTP. I don't know why PPTP is open. I'm posting below my config 'cause i'm new and may have some mistakes! # may/29/2020 07:49:53 by RouterOS 6.46.6 # software id = C8B5-GX6M # # model = 2011UiAS-2HnD ...
by Drageir
Wed May 27, 2020 11:21 am
Forum: General
Topic: Mikrotik + Movistar Fusión Empresas
Replies: 38
Views: 8544

Re: Mikrotik + Movistar Fusión Empresas

... profile=profile_1 /ip pool add name=dhcp ranges=192.168.10.121-192.168.10.200 add name=vpn ranges=192.168.10.214-192.168.10.234 add name=l2tp-pool ranges=192.168.10.220-192.168.10.225 /ip dhcp-server add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\ bridge1 ...
by BlindOracle
Sat May 16, 2020 4:45 am
Forum: General
Topic: IPSec issues
Replies: 5
Views: 1365

Re: IPSec issues

... /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-256-cbc,3des pfs-group=none add enc-algorithms=aes-256-cbc,aes-256-ctr,3des name=l2tp-proposal pfs-group=none add auth-algorithms=sha256,md5 enc-algorithms=aes-256-cbc,aes-128-cbc,3des lifetime=8h name=NSG50 pfs-group=none /ip pool ...
by andersfinn
Sat May 09, 2020 12:30 am
Forum: General
Topic: Repeated gateway unreachable issues
Replies: 0
Views: 1312

Repeated gateway unreachable issues

... after that I cannot reach. [code]# may/08/2020 14:22:35 by RouterOS 6.44.5 # software id = K09T-BU80 # # model = RB4011iGS+ # serial number = ... lan-interface-list=none wan-interface-list=none /interface l2tp-server server set allow-fast-path=no authentication=pap,chap,mschap1,mschap2 ...
by pe1chl
Tue May 05, 2020 2:29 pm
Forum: Announcements
Topic: v6.46.6 [stable] is released!
Replies: 68
Views: 54084

Re: v6.46.6 [stable] is released!

Does L2TP_IPSec now work? :?
I had to downgrade from 6.47.rc60 to 6.44.6 in order to find a version that would behave normally.
That problem is only in 6.47.rc60 all lower versions are OK
by howdey57
Mon May 04, 2020 5:10 pm
Forum: General
Topic: Moving config from RB951G-2HnD to RB4011
Replies: 19
Views: 5409

Re: Moving config from RB951G-2HnD to RB4011

... ssid=\ MikroTik-C64D6C wireless-protocol=802.11 /interface l2tp-server add name=l2tp-in-Nexus user=Nexus /caps-man datapath add bridge=bridge ... \n# Change Policy - NOT NEEDED since 6.44\ \n#########################################\ \n#:global policyuid\ ...
by archerious
Mon May 04, 2020 9:05 am
Forum: Beginner Basics
Topic: Slowness for the first few seconds then fast on download
Replies: 17
Views: 4849

Re: Slowness for the first few seconds then fast on download

... dot1x client add anon-identity=CENSORED certificate=\ Client_CENSORED.pem_0 eap-methods=eap-tls identity=\ CENSORED interface=ether1 /interface l2tp-server server set allow-fast-path=yes authentication=chap,mschap2 enabled=yes max-mru=1460 \ max-mtu=1460 use-ipsec=required /interface list member ...
by w0lt
Wed Apr 29, 2020 1:09 am
Forum: Announcements
Topic: v6.46.6 [stable] is released!
Replies: 68
Views: 54084

Re: v6.46.6 [stable] is released!

Does L2TP_IPSec now work? :?
I had to downgrade from 6.47.rc60 to 6.44.6 in order to find a version that would behave normally.
Not sure if I had to go that far but did it by recommendation.
Guess I'm going to wait till someone else gives me an ok wave. 8)

-tp
by w0lt
Tue Apr 28, 2020 3:07 am
Forum: Announcements
Topic: v6.46.5 [stable] is released!
Replies: 72
Views: 48611

Re: v6.46.5 [stable] is released!

... I want to have it but I must make sure before. As I said before: 6.44.6 - not stable on devices with 10+ peers (but other things are stable: ... (IPSec), then a minute later it wouldn't also, difficulties trying to L2TP into my router using IPSec. Mind you my IPSec links had at one time ...
by robsgax
Sun Apr 26, 2020 5:04 am
Forum: Wireless Networking
Topic: hAP AC2, cAP AC, CAPsMAN and Google Smart Home
Replies: 11
Views: 6697

Re: hAP AC2, cAP AC, CAPsMAN and Google Smart Home

... disabled=no \ interface=ether5-WAN2 name=pppoe-Telnor profile=profileTelnor \ use-peer-dns=yes user=user@prodigy.net.mx /interface l2tp-client add comment=VPN connect-to=123.123.123.123 disabled=no name=TorGuard profile=\ default use-ipsec=yes user=user@gmail.com /caps-man access-list ...
by robsgax
Tue Apr 21, 2020 10:52 am
Forum: Wireless Networking
Topic: hAP AC2, cAP AC, CAPsMAN and Google Smart Home
Replies: 11
Views: 6697

hAP AC2, cAP AC, CAPsMAN and Google Smart Home

... disabled=no \ interface=ether5-WAN2 name=pppoe-Telnor profile=profileTelnor \ use-peer-dns=yes user=gisselam@prodigy.net.mx /interface l2tp-client add comment=VPN connect-to=98.153.62.16 disabled=no name=TorGuard profile=\ default use-ipsec=yes user=recgaxiola@gmail.com /caps-man manager ...
by Ryzz
Sun Apr 19, 2020 12:21 pm
Forum: General
Topic: NBN ISP (AussieBB) reporting 30min session reset - ~Daily dropouts [SOLVED]
Replies: 3
Views: 4761

NBN ISP (AussieBB) reporting 30min session reset - ~Daily dropouts [SOLVED]

... I can think of, with no luck. Im running a Routerboard 3011 on RouterOS6.44.3 which runs the home internet on an Australian NBN ISP (FTTH) called ... ports=ether1-gateway switch=switch1 vlan-id=110 /interface l2tp-server server set use-ipsec=yes /interface list member add interface=ether2-master-local ...
by alex32c
Tue Apr 14, 2020 11:51 am
Forum: General
Topic: IPSEC IKE2 connection problem! [SOLVED]
Replies: 14
Views: 7062

IPSEC IKE2 connection problem! [SOLVED]

... \ tcp-syn-sent-timeout=0ms tcp-time-wait-timeout=0ms tcp-unacked-timeout=\ 0ms udp-stream-timeout=0ms udp-timeout=0ms /interface l2tp-server server set authentication=mschap2 use-ipsec=required /interface list member add interface=bridge_LAN list=LAN add interface=ether1_WAN list=WAN ...
by spr41178
Mon Apr 13, 2020 11:39 pm
Forum: General
Topic: L2TP/IPSEC Connectivity Issue [SOLVED]
Replies: 24
Views: 19324

Re: L2TP/IPSEC Connectivity Issue [SOLVED]

... version? My 8.1.0 "Just Works" via both 4G and WiFi... the L2TP/IPsec server is 6.44.6. The ISP blackbox may have its own IPsec handling which interferes with IPsec connections ...
by sindy
Mon Apr 13, 2020 11:10 pm
Forum: General
Topic: L2TP/IPSEC Connectivity Issue [SOLVED]
Replies: 24
Views: 19324

Re: L2TP/IPSEC Connectivity Issue [SOLVED]

... version? My 8.1.0 "Just Works" via both 4G and WiFi... the L2TP/IPsec server is 6.44.6. The ISP blackbox may have its own IPsec handling which interferes with IPsec connections ...
by artrender
Sat Apr 11, 2020 12:56 am
Forum: Beginner Basics
Topic: VPN client acces to LAN pc
Replies: 7
Views: 8093

Re: VPN client acces to LAN pc

... /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des pfs-group=none /ip pool add name=dhcp ranges=192.168.6.10-192.168.6.254 add name=L2TP-Pool ranges=192.168.100.10-192.168.100.30 add name=vpn ranges=192.168.89.2-192.168.89.255 /ip dhcp-server add address-pool=dhcp authoritative=after-2sec-delay ...
by OrcunBaslak
Fri Apr 03, 2020 10:55 pm
Forum: General
Topic: Locating the bottleneck
Replies: 3
Views: 2191

Re: Locating the bottleneck

... add bridge=bridge-local interface=ether10-slave-local /ip neighbor discovery-settings set discover-interface-list=all /interface l2tp-server server set authentication=mschap2 enabled=yes /interface list member add interface=sfp1 list=discover add interface=WiFi5Ghz list=discover ...
by rgrocery
Fri Mar 20, 2020 4:18 pm
Forum: Beginner Basics
Topic: What do these firewall rules do?
Replies: 2
Views: 1781

Re: What do these firewall rules do?

... add bridge=bridge1 interface=ether3 add bridge=bridge1 hw=no interface=ether4 add bridge=bridge1 hw=no interface=ether5 /interface l2tp-server server set allow-fast-path=yes authentication=mschap2 enabled=yes ipsec-secret=" xx.xx.xx." max-mru=\ 1460 max-mtu=1420 use-ipsec=required ...
by Oxtn
Fri Mar 20, 2020 10:37 am
Forum: General
Topic: L2TP tunnel sudden connection problem
Replies: 0
Views: 1584

L2TP tunnel sudden connection problem

HI! I have organized VPN L2TP tunnel between hAP ac^2 (server, white IP) and RB750Gr3 (client, 4G modem). More than a year everything worked fine and tunnel was automatically restoring itself when the connection was dropped on any side. ...
by rgrocery
Mon Mar 16, 2020 10:33 pm
Forum: General
Topic: SPIKES & SLOW LAN PINGS
Replies: 7
Views: 3917

SPIKES & SLOW LAN PINGS

... add bridge=bridge1 hw=no interface=ether4 add bridge=bridge1 hw=no interface=ether5 /interface bridge settings set use-ip-firewall=yes /interface l2tp-server server set authentication=mschap2 enabled=yes ipsec-secret="xxxxxxxxxxxxx" max-mru=1460 max-mtu=1420 use-ipsec=required /interface ...
by take
Sat Mar 14, 2020 10:44 pm
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 28
Views: 25876

Re: ROS 6.44 - VPN L2TP not working

... to 6.46.4 while trying VPN clients to connect upgraded router: parsing packet failed, possible cause: wrong password And of course I've got all my L2TP connections dropped and could not be established. So due to your kind replies I've fixed it few minutes ago as follows: PPP-->Interface-->L2TP ...
by lucas65212
Sun Feb 16, 2020 6:25 pm
Forum: Beginner Basics
Topic: VPN L2TP/IPSEC SHA256 - cannot connect from Windows client to Mikrotik Router
Replies: 1
Views: 3572

VPN L2TP/IPSEC SHA256 - cannot connect from Windows client to Mikrotik Router

Hi MikroTik RouterOS 6.44.5 on RB760iGS SHA1 conection work fine, but whe i change to SHA256 Windows client ... connect VPN from android any ideas how to configure windows to work with sha256 on L2TP/IPSEC
by dairou
Wed Feb 12, 2020 8:27 pm
Forum: General
Topic: L2TP Server Binding + Dynamic L2TP Interface duplication
Replies: 16
Views: 9041

Re: L2TP Server Binding + Dynamic L2TP Interface duplication

I don't think it is. Just had it happen on 6.44.5. I was using the Server Binding for routing and my solution was changing the route to use the IP as gateway, and making this IP static through Remote Address of the PPP Secret.
by screamingservers
Tue Feb 04, 2020 10:36 pm
Forum: General
Topic: Policy Routing - L2TP and multiple WANs
Replies: 14
Views: 13503

Re: Policy Routing - L2TP and multiple WANs

You say fixed in 6.13 but I have a similar problem in 2020 with 6.44.5 Immediately when adding a second wan IP. even with no route on that interface I start getting errors on my l2tp mt to mt vpn. feb/03 16:30:33 ipsec,info respond new phase 1 (Identity Protection): ...
by LaKing
Tue Jan 28, 2020 1:00 am
Forum: Wireless Networking
Topic: Capsman network, enabling Hotspot configuration results is 0,02Mbps download bandwith for clients
Replies: 1
Views: 1998

Capsman network, enabling Hotspot configuration results is 0,02Mbps download bandwith for clients

... add bridge=hangmaffia_vpn_kozpont_bridge interface=vlan-@kozpont add bridge=hangmaffia_vpn_komplex_bridge interface=vlan-@komplex /interface l2tp-server server set default-profile=hangmaffia_vpn enabled=yes ipsec-secret=****** mrru=1600 use-ipsec=required /interface list member add interface=ether1 ...
by sparrow
Mon Jan 27, 2020 10:45 am
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 28
Views: 25876

Re: ROS 6.44 - VPN L2TP not working

Just replace your IPsec "Secret" into L2TP server configuration "IPsec Secret" and it will work. I had the same trouble and I solved it!
by sleriguer
Thu Jan 23, 2020 6:35 pm
Forum: General
Topic: L2TP IPSec behind Internet
Replies: 3
Views: 1743

L2TP IPSec behind Internet

Hey guys, Sorry for my English, I'm in 6.44.6 and behind a livebox with DMZ pointing to my Wan. I have been trying for a few days to connect a vpn for nomadic connections, in l2tp on ipsec. No problem to establish the connection when I am in my lan, same if I connect ...
by obie
Sat Jan 18, 2020 10:34 pm
Forum: General
Topic: ROS 6.44 - VPN L2TP not working
Replies: 28
Views: 25876

Re: ROS 6.44 - VPN L2TP not working

I found that simply disabling and re-enabling the L2TP server resolved the problem.

/interface l2tp-server server set enabled=no
/interface l2tp-server server set enabled=yes
It Worked !!!
My ROS 6.46
by SuperSecret
Thu Jan 16, 2020 4:33 am
Forum: Beginner Basics
Topic: Chromecast From Wifi to LAN?
Replies: 5
Views: 5286

Chromecast From Wifi to LAN?

... > export hide-sensitive verbose # jan/15/2020 20:17:12 by RouterOS 6.44.1 # software id = 5HS3-1Y19 # # model = RBD52G-5HacD2HnD # serial number ... lan-interface-list=none wan-interface-list=none /interface l2tp-server server set allow-fast-path=no authentication=pap,chap,mschap1,mschap2 ...
by NetWorker
Thu Jan 09, 2020 12:10 am
Forum: General
Topic: Double IPsec connection - failing [SOLVED]
Replies: 8
Views: 3297

Double IPsec connection - failing [SOLVED]

... 3011 with a couple of remote offices with 2011s connecting to it via L2TP over IPsec. At one of the remote offices we have two natted conections. ... in the other remote offices). ROS versions are 6.43.16 for the 2011 and 6.44.3 on the 3011 (main office). The connections work just fine when one ...
by GRYyzli
Mon Jan 06, 2020 7:39 pm
Forum: General
Topic: CCR1036-8G-2S+ L2TP/IPSec Disaster Issue
Replies: 1
Views: 1473

Re: CCR1036-8G-2S+ L2TP/IPSec Disaster Issue

Had same issue on CCR1036 with 6.43 and 6.44 versions of ROS. On 6.40 and 6.45 problem does not exist. So for me it seems like some kind of bug in this versions.
MR
by emils
Tue Dec 17, 2019 3:38 pm
Forum: Announcements
Topic: v6.46.1 [stable] is released!
Replies: 71
Views: 59912

v6.46.1 [stable] is released!

... - fixed health reporting on OmniTIK 5 PoE ac; *) ipsec - improved system stability when processing decrypted packet on unregistered interface; *) l2tp - improved system stability when disconnecting many clients at once; *) log - fixed "disk-file-name" parameter validation (introduced ...
by BroganOs
Mon Dec 16, 2019 12:39 pm
Forum: General
Topic: Rb ah 1100 x2 Upgrade recommendations
Replies: 6
Views: 2158

Re: Rb ah 1100 x2 Upgrade recommendations

... WAN2" add bridge=Wan2_Vlan_bridge interface=vlan300 /ip neighbor discovery-settings set discover-interface-list=none /interface l2tp-server server set enabled=yes ipsec-secret=secret-password use-ipsec=yes /interface list member add interface=WAN1-pppoe list=WAN add interface="LAN ...
by CinciTech
Thu Dec 05, 2019 6:46 pm
Forum: General
Topic: Mac-based VLAN on CRS-125, DHCP
Replies: 5
Views: 3985

Re: Mac-based VLAN on CRS-125, DHCP

... 92-cbc,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm" name=\ "L2TP VPN Proposal" /ip pool add name="Unknown Addresses" ranges=192.168.100.100-192.168.100.150 add name="VPN Addresses" ranges=192.168.77.1-192.168.77.254 ...
by pommo
Tue Dec 03, 2019 1:11 pm
Forum: General
Topic: VPN Problem
Replies: 7
Views: 3132

Re: VPN Problem

... detect-internet set detect-interface-list=none internet-interface-list=none lan-interface-list=\ none wan-interface-list=none /interface l2tp-server server set allow-fast-path=no authentication=pap,chap,mschap1,mschap2 caller-id-type=\ ip-address default-profile=default-encryption enabled=no ...
by vodokotlic
Wed Nov 27, 2019 8:43 pm
Forum: General
Topic: Odd GRE connection in ConnTrack [SOLVED]
Replies: 5
Views: 2306

Odd GRE connection in ConnTrack [SOLVED]

... the latest bugfix the day of release internally via Dude (currently on 6.44.6) some have L2TP/IPsec servers running, some dont even respond to ping, and none of them have ever had ...
by JordanReich
Thu Nov 21, 2019 6:27 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 65
Views: 13644

Re: IPSEC/L2TP discconect after one minute

... to match. And I could not see the expected message in it. Take 110 ... L2TP Log... # nov/21/2019 8:20: 8 by RouterOS 6.44.5 # software id = 1SBQ-KUIK # 08:20:09 l2tp,debug,packet rcvd control message (ack) from ...
by JordanReich
Thu Nov 21, 2019 6:10 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 65
Views: 13644

Re: IPSEC/L2TP discconect after one minute

sheeeet... the first log in this topic is with l2tp debug on ( /system logging add topics=l2tp ) but it comes from @076Lucas, ... Alright ... :) L2TP Logging Information... # nov/21/2019 8: 1:21 by RouterOS 6.44.5 # software id = 1SBQ-KUIK # 08:01:24 ipsec,debug ===== received 724 bytes ...
by JordanReich
Thu Nov 21, 2019 5:17 pm
Forum: General
Topic: IPSEC/L2TP discconect after one minute
Replies: 65
Views: 13644

Re: IPSEC/L2TP discconect after one minute

Alright ... L2TP Log: # nov/21/2019 7: 8:45 by RouterOS 6.44.5 # software id = 1SBQ-KUIK # 07:08:49 ipsec,info respond new phase 1 (Identity Protection): ROUTER-IP[500]<=>PHONE-IP[25781] ...
by JordanReich
Tue Nov 19, 2019 12:37 am
Forum: General
Topic: L2TP/IPSEC on mobile drops connection [SOLVED]
Replies: 7
Views: 2948

Re: L2TP/IPSEC on mobile drops connection [SOLVED]

That was highly helpful - thank you! # nov/18/2019 14:33:51 by RouterOS 6.44.5 # software id = 1SBQ-KUIK # 14:33:55 ipsec,info respond new phase ... spi:ab0fc199b48d074b:4e952075cdf09c15 14:33:57 l2tp,info first L2TP UDP packet received from REMOVED-PRIVATE 14:33:57 l2tp,ppp,info,account ...
by bedior
Thu Nov 14, 2019 6:27 am
Forum: General
Topic: Winbox disconnecting CHR
Replies: 2
Views: 1119

Re: Winbox disconnecting CHR

... address-prefix-length=32 name=ike2-conf /ppp profile add dns-server=1.1.1.1 local-address=10.1.10.1 name=vpn remote-address=\ vpn-pool /interface l2tp-server server set authentication=mschap2 ipsec-secret=*** use-ipsec=yes /ip address add address=***.**.**.177/24 interface=ether1 network=***.**.**.0 ...
by Hav0c
Wed Nov 13, 2019 10:35 pm
Forum: General
Topic: L2TP IPSec Client to Site setup
Replies: 20
Views: 10294

L2TP IPSec Client to Site setup

... Reading the following https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP , https://blog.johannfenech.com/mikrotik-l2tp-ipsec-vpn-server/ , https://www.cloudbrigade.com/mikrotik-l2tp-vpn-setup/ ... 2 Router 1 and Router 2 is Factory reset and both running firmware 6.44.5 LTS Base setup of Router ...
by sindy
Fri Nov 08, 2019 4:46 pm
Forum: General
Topic: Problem with Linux and win10 roadwarriors L2TP+IPSeC VPN [SOLVED]
Replies: 12
Views: 5195

Re: Problem with Linux and win10 roadwarriors L2TP+IPSeC VPN [SOLVED]

... 09:48:55 ipsec purged IPsec-SA proto_id=ESP spi=0x2ce69f9 Hence establishment of the IPsec layer has been successful but a) either the L2TP didn't negotiate properly or b) it was unable to negotiate properly because the communication did not get through. So a bit of theory: if there ...
by nixv
Wed Nov 06, 2019 3:36 pm
Forum: General
Topic: Problem with Linux and win10 roadwarriors L2TP+IPSeC VPN [SOLVED]
Replies: 12
Views: 5195

Re: Problem with Linux and win10 roadwarriors L2TP+IPSeC VPN [SOLVED]

... spi=0x8718e8c 10:13:43 ipsec IPsec-SA established: ESP/Transport Y.Y.Y.Y[4500]->X.X.X.X[32774] spi=0xaaf563c 10:13:44 l2tp,info first L2TP UDP packet received from X.X.X.X 10:13:44 l2tp,ppp,info,account nico logged in, 10.10.10.88 10:13:44 l2tp,ppp,info <l2tp-nico>: ...
by angriukas
Tue Nov 05, 2019 7:41 pm
Forum: General
Topic: RB3011 L2TP + IPSec 'kernel failure in previous boot' due to hardware encryption?
Replies: 12
Views: 3918

Re: RB3011 L2TP + IPSec 'kernel failure in previous boot' due to hardware encryption?

Upgraded to 6.44.6, still same behavior - kernel failure.
by angriukas
Tue Nov 05, 2019 3:38 pm
Forum: General
Topic: RB3011 L2TP + IPSec 'kernel failure in previous boot' due to hardware encryption?
Replies: 12
Views: 3918

Re: RB3011 L2TP + IPSec 'kernel failure in previous boot' due to hardware encryption?

... via VPN from PC in LAN : ping 10.50.1.200 -l 10000 After this line I got kernel failure with router reboot. Our hardware CCR1009-7G-1C-1S+ ROS 6.44.5 IPSec VPN Exchange mode: IKE2 Will create support file, knocking to Mikrotik support :(
by Normie
Sun Nov 03, 2019 1:08 am
Forum: General
Topic: IPSec - pre-shared-key-xauth with GroupName
Replies: 15
Views: 7779

Re: IPSec - pre-shared-key-xauth with GroupName

... peers The above used to be true but it isn't any more. Currently (6.44+), you can distinguish the remote initiator peers by the protocol field ... id’s with different shared secrets - and this isn’t work: with psk (for l2tp/ipsec) ROS says “same peer already exist”, with xauth ROS says “can’t ...
by Leon565
Sat Nov 02, 2019 3:21 am
Forum: Announcements
Topic: v6.44.6 [long-term] is released!
Replies: 54
Views: 70999

Re: v6.44.6 [long-term] is released!

to Caci99 All customers use L2TP/IPsec and OVPN, but there is a Keenetic-4GII which has only PPTP! PPTP is dependable on GRE. They have changed how GRE handles first packets ( version 6.44.3 maybe ). If you go to that topic you will see some workarounds how to handle the ...
by Caci99
Fri Nov 01, 2019 4:39 pm
Forum: Announcements
Topic: v6.44.6 [long-term] is released!
Replies: 54
Views: 70999

Re: v6.44.6 [long-term] is released!

to Caci99
All customers use L2TP/IPsec and OVPN, but there is a Keenetic-4GII which has only PPTP!
PPTP is dependable on GRE. They have changed how GRE handles first packets ( version 6.44.3 maybe ).
If you go to that topic you will see some workarounds how to handle the GRE connections.
by Leon565
Fri Nov 01, 2019 1:38 pm
Forum: Announcements
Topic: v6.44.6 [long-term] is released!
Replies: 54
Views: 70999

Re: v6.44.6 [long-term] is released!

to Caci99
All customers use L2TP/IPsec and OVPN, but there is a Keenetic-4GII which has only PPTP!
by Caci99
Fri Nov 01, 2019 10:30 am
Forum: Announcements
Topic: v6.44.6 [long-term] is released!
Replies: 54
Views: 70999

Re: v6.44.6 [long-term] is released!

Hello ! After upgrading from 6.44.2 to 6.44.6, the PPTP stopped working. L2TP and OpenVPN work well. RouterBOARD 750G r3.
Glad that PPTP does not work. It is so outdated and unsecured that undoes the purpose of VPN. Stick to L2TP with IPSEC or OpenVPN.
by Leon565
Thu Oct 31, 2019 3:29 pm
Forum: Announcements
Topic: v6.44.6 [long-term] is released!
Replies: 54
Views: 70999

Re: v6.44.6 [long-term] is released!

Hello ! After upgrading from 6.44.2 to 6.44.6, the PPTP stopped working. L2TP and OpenVPN work well. RouterBOARD 750G r3.
by McSee
Thu Oct 31, 2019 12:04 am
Forum: General
Topic: RB3011 L2TP + IPSec 'kernel failure in previous boot' due to hardware encryption?
Replies: 12
Views: 3918

Re: RB3011 L2TP + IPSec 'kernel failure in previous boot' due to hardware encryption?

Yes, 6.44.6. ( prefer long term unless really need some new features in stable)

No L2TP, just IPsec on this one.
by icsterm
Fri Oct 18, 2019 2:33 pm
Forum: General
Topic: Fastpath on L2TP client only working for RX
Replies: 1
Views: 1819

Fastpath on L2TP client only working for RX

Hi, I'm using a PIA VPN L2TP connection without ipsec, I've enabled NAT (masquerade), fasttrack & accept ... fragmentation, but that's not the issue here. # oct/18/2019 14:27:13 by RouterOS 6.44.5 # software id = 8J6L-XKD7 # # model = RouterBOARD D52G-5HacD2HnD-TC # serial number ...
  • 1
  • 2