Hi guys,
I am setting up home L2PT server and need some help with setup of L2PT on My HAP AC3.
It is clearly something in my setup, any idea is highly appreciated.
I think I have done all setup on MK to enable L2TP, but I fail even connect a local network Windows machine and always end up with general error 651.
It must be a MK setup problem - the client machine is perfectly fine which I tested on a public free l2pt server which I connected from the same machine without any issues
DE Server : de.freel2tpvpn.com
DE Account: freel2tpvpn.com
DE Password: 1069
PSK: freel2tpvpn.com
When I try to connect to my local network MK, I end up with this
Free L2TP Connected
And it fails in phase 1
Log connection fail
This is my setup
# dec/01/2020 22:31:59 by RouterOS 6.47.7
# software id = B8RB-MITG
#
# model = RBD53iG-5HacD2HnD
# serial number = D96C0C4CC55D
/ip hotspot profile
set [ find default=yes ] login-by=cookie,http-chap,https
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 pfs-group=none
/ip pool
add comment="Local DHCP" name=dhcp ranges=192.168.2.2-192.168.2.30
add comment="VPN Pool" name=vpn-pool ranges=192.168.10.2-192.168.10.30
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge name=defconf
/ppp profile
set *FFFFFFFE local-address=192.168.10.1 remote-address=vpn-pool
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface detect-internet
set detect-interface-list=all
/interface l2tp-server server
set enabled=yes one-session-per-host=yes use-ipsec=yes
/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile=default enabled=yes
/ip address
add address=192.168.2.1/24 comment=defconf interface=ether2 network=192.168.2.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.2.0/24 comment=defconf gateway=192.168.2.1 netmask=24
/ip dns static
add address=192.168.2.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="allow PPTP" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow L2TP" dst-port=1701,500,4500 \
protocol=udp
add action=accept chain=input comment="allow ipsec-esp" protocol=ipsec-esp
add action=accept chain=input comment="allow ipsec-ah" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=input comment="GRE for WOL" protocol=gre
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=\
out,none out-interface-list=WAN
/ip route
/ppp l2tp-secret
add comment="L2TP Preshared Key"
/ppp secret
add name=test-user profile=default-encryption
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
