failed to begin ipsec sa negotiation.

RouterOS Beginner Basics
1

Hello,

since the update to 6.11 the problem of the router randomly hanging up completely was gone but now I have an issue that 2-3 times a week the VPN via L2TP/IPSec won’t work anymore.
The log says:
failed to begin ipsec sa negotiation.

I have no idea what’s wrong since these settings worked fine until 6.10. I wish I had never updated from 5.x, it was all fine back then :frowning:

RouterOS version is 6.11
Model is 2011LS
Firmware 3.12

2

I have the very same problem. The L2TP over IPSEC VPN does not work(on Linux) anymore after update to 6.11.
It works on windows and Mac but I can not connect using Ubuntu 12.04(It get stuck at the last line of the below log) . Everything used to work with Router OS 6.10

Here is the log from my Ubuntu connection:
Apr 11 11:09:44.126 ipsec_setup: Stopping Openswan IPsec…
Apr 11 11:09:46.246 Stopping xl2tpd: xl2tpd.
Apr 11 11:09:46.249 xl2tpd[2068]: death_handler: Fatal signal 15 received
Apr 11 11:09:46.273 ipsec_setup: Starting Openswan IPsec U2.6.37/K3.5.0-44-generic…
Apr 11 11:09:46.365 ipsec__plutorun: Starting Pluto subsystem…
Apr 11 11:09:46.376 recvref[30]: Protocol not available
Apr 11 11:09:46.382 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr 11 11:09:46.383 xl2tpd[22865]: This binary does not support kernel L2TP.
Apr 11 11:09:46.385 Starting xl2tpd: xl2tpd.
Apr 11 11:09:46.399 xl2tpd[22867]: xl2tpd version xl2tpd-1.3.1 started on ubuntu PID:22867
Apr 11 11:09:46.400 xl2tpd[22867]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
Apr 11 11:09:46.400 xl2tpd[22867]: Forked by Scott Balmos and David Stipp, (C) 2001
Apr 11 11:09:46.400 xl2tpd[22867]: Inherited by Jeff McAdams, (C) 2002
Apr 11 11:09:46.400 xl2tpd[22867]: Forked again by Xelerance (www.xelerance.com) (C) 2006
Apr 11 11:09:46.400 xl2tpd[22867]: Listening on IP address 0.0.0.0, port 1701
Apr 11 11:09:46.601 ipsec__plutorun: 002 added connection description “myvpn”

3

I am also experiencing this after upgrading to 6.15 from 6.04. The site-to-site tunnel connection establishes, and I can access resources on each network from the routers, but whenever I try, for example, to ping an IP address across the tunnel from behind the routers, I get ‘request timeout’ and see ‘ipsec,warning,critical failed to begin ipsec sa negotiation.’ in the logs. Everything worked fine before the upgrade.