I have just added L2TP with IPsec to a router which has been only doing PPTP VPNs. I stayed connected as long as I liked with PPTP. But PPTP is bad. So, I switched to L2TP with IPsec. I checked the use IPsec box in the L2TP server configuration and added my IPsec secret. Before I did so, /ip ipsec export showed nothing, so I think I had it at the defaults. This router was upgraded to 6.18 a few days ago. I believe it was running 6.7 before. I did not use IPsec/L2TP with it before today.
Thanks go to MikroTik for making it very easy to setup the L2TP with IPsec combination now. It took approximately 5 seconds to setup and worked the first time I tried with my Mac running OS X Maverick.
However, I seem to be getting disconnected every 48 minutes and 30 seconds.
I have found that the installed-sa for my connection shows “add-lifetime=48m/1h”. I do not see that specified in the routeros configuration anywhere. I suspect that an IPsec rekey is supposed to happen every 48 minutes but is not succeeding. I suspect the 30 seconds is just the sa negotiation timeout while it tries to rekey.
I wonder if this could be related to this entry from the 6.19 changelog:
*) ipsec - when peer config is changed kill only relevant SAs;
I had a reboot everytime I logged in with winbox issue when I tried upgrading my home RB951 to 6.19 which I haven’t had time to chase down. So, I can’t bring myself to try it on the office RB450G, yet.
04:01:42 l2tp,info first L2TP UDP packet received from endpointA
04:01:42 l2tp,ppp,info,account lambert logged in, 192.168.1.228
04:01:42 l2tp,ppp,info <l2tp-lambert>: authenticated
04:01:42 l2tp,ppp,info <l2tp-lambert>: connected
04:50:12 ipsec,error failed to begin ipsec sa negotiation.
04:50:17 l2tp,ppp,info <l2tp-lambert>: terminating... - peer is not responding
04:50:17 l2tp,ppp,info,account lambert logged out, 2915 503336 18052173 9081 16871
04:50:17 l2tp,ppp,info <l2tp-lambert>: disconnected
04:56:40 l2tp,info first L2TP UDP packet received from endpointA
04:56:41 l2tp,ppp,info,account lambert logged in, 192.168.1.228
04:56:41 l2tp,ppp,info <l2tp-lambert>: authenticated
04:56:41 l2tp,ppp,info <l2tp-lambert>: connected
05:44:51 ipsec,error failed to begin ipsec sa negotiation.
05:45:41 ipsec,error failed to begin ipsec sa negotiation.
05:45:46 l2tp,ppp,info <l2tp-lambert>: terminating... - peer is not responding
05:45:46 l2tp,ppp,info,account lambert logged out, 2945 397545 14520806 7264 13697
05:45:46 l2tp,ppp,info <l2tp-lambert>: disconnected
06:19:17 l2tp,info first L2TP UDP packet received from endpointA
06:19:17 l2tp,ppp,info,account lambert logged in, 192.168.1.228
06:19:17 l2tp,ppp,info <l2tp-lambert>: authenticated
06:19:17 l2tp,ppp,info <l2tp-lambert>: connected
07:07:47 ipsec,error failed to begin ipsec sa negotiation.
07:07:52 l2tp,ppp,info <l2tp-lambert>: terminating... - peer is not responding
07:07:52 l2tp,ppp,info,account lambert logged out, 2915 516223 16271189 8799 15613
07:07:52 l2tp,ppp,info <l2tp-lambert>: disconnected
07:14:19 l2tp,info first L2TP UDP packet received from endpointA
07:14:19 l2tp,ppp,info,account lambert logged in, 192.168.1.228
07:14:19 l2tp,ppp,info <l2tp-lambert>: authenticated
07:14:19 l2tp,ppp,info <l2tp-lambert>: connected