I cannot get L2TP/IPSec working with ROS 5.8 on x86. I did contact support, they replied once but did not answer my followup…
Edit: ROS 5.9 does not work either.
PPTP, SSTP is fine. I have tried the L2TP/IPSec from Win, Mac, iPhone clients and all have failed. Tried clients from both behind NAT and directly connected to internet, different ISPs etc, no difference. Server is not behind NAT.
[dave@MikroTik] > /ip ipsec peer print
Flags: X - disabled
0 address=0.0.0.0/0 port=500 auth-method=pre-shared-key
secret="<redacted>" generate-policy=yes exchange-mode
send-initial-contact=yes nat-traversal=yes my-id-user-fqdn=""
proposal-check=obey hash-algorithm=sha1 enc-algorithm=3des
dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m
dpd-maximum-failures=5
[dave@MikroTik] > /ip ipsec proposal print
Flags: X - disabled
0 name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
pfs-group=modp1024
[dave@MikroTik] > /interface l2tp-server server print
enabled: yes
max-mtu: 1460
max-mru: 1460
mrru: disabled
authentication: pap,chap,mschap1,mschap2
default-profile: <redacted>
Here’s an example of a Mac OS X Lion connection log
11/30/11 9:07:40.469 PM pppd: pppd 2.4.2 (Apple version 560.12) started by dave, uid 501
11/30/11 9:07:40.475 PM pppd: L2TP connecting to server '<redacted>' (<redacted>)...
11/30/11 9:07:40.476 PM pppd: IPSec connection started
11/30/11 9:07:40.487 PM racoon: Connecting.
11/30/11 9:07:40.487 PM racoon: IPSec Phase1 started (Initiated by me).
11/30/11 9:07:40.488 PM racoon: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
11/30/11 9:07:40.506 PM racoon: IKE Packet: receive success. (Initiator, Main-Mode message 2).
11/30/11 9:07:40.511 PM racoon: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
11/30/11 9:07:40.549 PM racoon: IKE Packet: receive success. (Initiator, Main-Mode message 4).
11/30/11 9:07:40.560 PM racoon: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
11/30/11 9:07:40.584 PM racoon: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6).
11/30/11 9:07:40.584 PM racoon: IKE Packet: receive success. (Initiator, Main-Mode message 6).
11/30/11 9:07:40.584 PM racoon: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode).
11/30/11 9:07:40.584 PM racoon: IPSec Phase1 established (Initiated by me).
11/30/11 9:07:40.835 PM configd: network configuration changed.
11/30/11 9:07:41.584 PM racoon: IPSec Phase2 started (Initiated by me).
11/30/11 9:07:41.585 PM racoon: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
11/30/11 9:07:41.610 PM racoon: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
11/30/11 9:07:41.610 PM racoon: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
11/30/11 9:07:41.610 PM racoon: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
11/30/11 9:07:41.610 PM racoon: IPSec Phase2 established (Initiated by me).
11/30/11 9:07:41.611 PM pppd: IPSec connection established
11/30/11 9:08:01.611 PM pppd: L2TP cannot connect to the server
11/30/11 9:08:01.626 PM racoon: IKE Packet: transmit success. (Information message).
11/30/11 9:08:01.626 PM racoon: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA).
11/30/11 9:08:01.628 PM racoon: IKE Packet: transmit success. (Information message).
11/30/11 9:08:01.628 PM racoon: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
I also have supout and l2tp/ipsec debug log but I can only give those out to staff.