I use Winbox v.6.40. I tried to set VPN. VPN is working now, but… One colleague from his IP connected to the VPN, but for me not. I tried to use two computers (W10, W7), two different internet providers, but no success. I got this error message “The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.?” Why,? Why does he connect and I don’t.
Well at least you can try to upgrade… 6.40 is very old.
But also you will see that debugging L2TP/IPsec is quite difficult, either it works perfectly or it fails with unclear messages like that.
Also note that you cannot connect at the same time with two users with the same IP. So first try if it works when only you connect.
Each of us use other provider, so IP addresses are different.
Can you please first upgrade (security reasons) and then, if it’s still not working, share your config (/export hide-sensitive)?
Yes, first re-test after upgrade. There is some issue when connecting via double-nat in old versions that I think has been fixed now.
I tried to check log:
When I tried to connect there is this:
memory, ipsec, error 195.28.133.162 failed to get valid proposal.
memory, ipsec, error 195.28.133.162 failed to pre-process ph1 packet (side 1, status 1)
memory, ipsec, erTOf 195.28.133.162 phase 1 negotiation failed
As I see you made settings and someone can connect but not you.
There need more logs and and hide-sensitive config (btw hide your IP)
Run this in terminal
This will create new topics under System->Logging with debug option with flood your log with debug messages
system logging add topics=ipsec,debug
You mention Windows machine, do you fix Windows encapsulation vpn problem?
run this in cmd
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 2 /f
Moreover,maybe this help,
I find my old file with make settings for vpn,
You need fix Name, IP and password within file and rename it to VPN_IPSEC_Settings.bat
and it will set up new connection for your VPN under Win10 (it use powershell)
VPN_IPSEC_Settings.doc (1.08 KB)
I ran by terminal system logging add topics=ipsec,debug. I saw many info with errors, but how can i save it?
Other offer with registry finished with error Access is denied
I don’t know, can it be problem cos I use Windows 10 Edu? Cos my colleague used Windows 10 prof and I tried other computer with Windows 7 prof and it worked too. And how can I allow RDP in VPN? Many questions? thx a lot
Did you already update the router?
No yet. (to update router)
Friends I found out this, When you upgrade Win7 (8) to Win 10, VPN is not working. Simply you can not achieve it. OK, so I have to instal new Win10. OK. But I need to connect to L2TP/IPSec VPN by Windows. So, VPN (pool on it) gives me local address and I can use disks in this LAN. Now, VPN (DHCP) gves me an address, routing is OK, it gives me net masdk 255.255.255.0, but I can not do anything. 
I upgraded it to new version and I set router and VPN is working
But I have a problem. Somebody tried to come into our VPN. Ok he was refused by phase 1, but my question, how to change VPN type L2TP/IPsec verification 1st phase by a certificate. Thx, my friends.