help on setup tunnel

farhadhelix · January 2, 2018, 4:57pm

hello guys

this is the situation

i have a d link router witch is connected to internet

i bough a mikrotik router and pluged with ethernet to the dlink router

i have a l2tp account .

i want to setup a vpn connection on mikrotik so clients which is connected to my mikrotik router can use this vpn tunnel

what i should exacly do?

here some information

dlink modem has an ethernet ip : 192.168.1.200

guid me something please so i can finish this senario

thank you

p3rad0x · January 4, 2018, 8:21am

Hi,

If you already created the l2tp tunnel and it is connected then all you will need to do is decide who can use the vpn, will it be anyone connected or specific users.

If its everyone you can tick add default route on the l2tp interface and just add a src nat rule on that interface and you should be good.

If you want to route only clients connected on wlan you will need to add routing marks to those packets and create a default route using the mark and use the l2tp interface as the gateway.

farhadhelix · January 4, 2018, 1:05pm

thank you buddy

i solved the above issues .

i just have 1 more problem here

when i connect lt2p “without” preshare key it connects

but as i set preshared key into my vpn client it wont connect

whats the matter?

p3rad0x · January 4, 2018, 5:18pm

Do you get any errors in the log?

farhadhelix · January 4, 2018, 6:18pm

its not connection normal mode either..

log says no suitable proposal mode found

farhadhelix · January 4, 2018, 6:20pm

no suitable proposal found

farhadhelix · January 4, 2018, 6:33pm

i upgradec to 6.40

its totally not connecting using certificate and no log error

but on preshared key it gives failed to pre process ph2 packet

farhadhelix · January 10, 2018, 5:02pm

no one know what to do..

sindy · January 11, 2018, 7:41pm

If you want a useful answer, go to the terminal window of your Mikrotik and post here the output of command “export” after replacing all sensitive information by xxxxxxxx.

Right now I can only guess by the symptoms that you haven’t configured any IPsec proposal and that the default one doesn’t contain a common encryption and/or authentication method with the remote peer.

Other than that - your “L2TP” account is probably an “IPSec over L2TP” one, and it is intended for a single IP address assigned to your device by the remote peer to which you connect.

Therefore, if you wish to let more than one device connect via that account, you have to configure a srcnat rule so that all packets from these devices would get their source IP address changed to the one your Mikrotik got assigned from the remote peer.