Hi everyone, my first post here - but would really appreciate some help and guidance…
I am trying (for the first time) to configure a client device (in this case an access point) against my Mikrotik 750GL which is currently running an L2TP server install.
So far I have created an L2TP interface and under the user field have tried entering a password (and not)
Under PPP SECRET I have also configured a PPP username and password, have chosen the service as L2TP, set the DEFAULT profile to be used and set the Local/remote IP addresses. In my case these are: - 10.240.0.1 and 10.240.0.10
The DEFAULT profile (I have edited) also contains the local and remote address information (not sure if this is required).
My client device has a fairly simple set-up… its pointing to the L2TP server, i have the L2TP server password set and also the PPP user and password set.
–
OK - So, the output that I get is that it looks as though the tunnel is establishing, but then I receive an unsupported protocol error (please see attached) - its as if the tunnel is trying to build, but never does… I have attached a screenshot of the log file (I have omitted my IP address).
The logs repeat themselves with the same message…
Strangely, I do see an active connection on the PPP interface… but this seems to have a countdown timer (minutes) and once reached, it seems to reset…
Ok - I think we have managed to get a little further now… as I have discovered that the connection requires BCP.
We have done the following:-
Created a Bridge interface and have bound this to our local Ether2 (DMZ interface) setting the Admin MAC to match the Ether2 MAC.
Enabled RSTP on the bridged interface.
Gone into ports, selected Ether2 and then chosen the “bridge_local” in the Bridge drop down box.
–
We’ve then gone to PPP and set the Name and Password fields to match those we are entering into the client device and we are setting the Local and Remote addresses to be in the same subnet (in this case 10.10.10.1 and 10.10.10.2).
–
We are using the default encryption profile - and within this have chosen the respective bridge_local bridge.
Use encryption has been enabled under the PPP profile.
The attached screenshot shows the logs from this session… but I still cannot get the tunnel to build!
It looks like the IPSec portion of the tunnel gets built, since you’re seeing PPP logs…BUT…would you check and make sure that encrypted SA’s are created by IPSec? [I just want to make sure the first part of the L2TP session is in place and working first.
Also, I’ve seen L2TP bork everything up, and not work - and a restart of the RB fixes it, without any other changes.
Please forgive my unfamiliarity - do you mean the Phase1/Phase 2 parameters… or something else…
Is there something in the RB that I possible could not have configured…?
Open on the IPSec section in Winbox.
Flip to the SA tab.
Now connect that L2TP client.
Does an encrypted SA show up for that client?
If so, you know that the IPSec portion of the tunnel came up.
[L2TP is outer-wrapped in IPSec, with L2TP inside an MPPE/ms-chapv2 wrapper.]
I’m wanting to make sure the IPSec tunnel is getting built correctly before we go on to trying to resolve the inner tunnel. If the outer tunnel isn’t built right, then nothing else will work.
So, I’m just trying to verify what we know got built right in steps.
