Hello, I`m new in mikrotik configuration. I try to configure a L2tp VPN, when try to connect say error 789 and can´t connect.

I configured a PPT VPN and work fine, then I think that the firewall rules may be ok.

My configuration is:

aug/27/2018 18:35:03 by RouterOS 6.42.7

software id = 0ZG4-YIUP

model = RouterBOARD 952Ui-5ac2nD

serial number = 6CBA06D4E0F8

/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp name=ether1-Wan
set [ find default-name=ether2 ] arp=proxy-arp name=ether2-Lan
/interface wireless
set [ find default-name=wlan1 ] ssid=MikroTik
set [ find default-name=wlan2 ] ssid=MikroTik
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=0s
pfs-group=none
/ip pool
add name=dhcp_pool0 ranges=192.168.1.2-192.168.1.254
add name=vpn_pool ranges=172.16.0.1-172.168.0.20
add name=vpn_pool_l2tp ranges=10.10.0.1-10.10.0.20
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether2-Lan lease-time=3d
name=dhcp1
/ppp profile
add dns-server=8.8.8.8 local-address=vpn_pool name=Vpn_Profile_PPTP
remote-address=vpn_pool use-encryption=yes
add dns-server=8.8.8.8 local-address=vpn_pool name=L2TP remote-address=vpn_pool
use-encryption=required
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=L2TP enabled=yes
ipsec-secret=testing use-ipsec=required
/interface pptp-server server
set authentication=chap,mschap1,mschap2 default-profile=Vpn_Profile_PPTP
enabled=yes
/ip address
add address=192.168.1.1/24 interface=ether2-Lan network=192.168.1.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add disabled=no interface=ether1-Wan use-peer-ntp=no
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=
190.160.0.15,200.30.192.14,200.83.1.5,8.8.8.8,8.8.4.4 gateway=192.168.1.1
/ip firewall filter
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input protocol=gre
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input disabled=yes dst-port=1701 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp2048 enc-algorithm=aes-256,aes-128,3des
exchange-mode=main-l2tp generate-policy=port-override local-address=
192.168.1.1 secret=test1
/ppp secret
add name=user2 password=test profile=Vpn_Profile_PPTP service=pptp
add name=user1 password=test1 profile=L2TP service=l2tp
/system clock
set time-zone-name=America/Santiago
/system routerboard settings
set silent-boot=no
/tool traffic-monitor
add interface=ether2-Lan name=tmon1 threshold=0

Can you help me to know what is the problem please?

Thanks

Marco.

Try setting the iftetime of your IPsec proposal to 8h.
-Chris

Thanks Chris. I already solved the problem and it was because I needed to route the DMZ from the router of my ISP to the IP of the Mikrotik.

Now I can connect from a Mac osx device without problem.

But when I want to connect from a computer with windows I get error 809 and it does not let me connect.

Do you know what this error can be?

Marco.

Hell, maybe phase2 proposals not correct.

Thanks evince, then what is the correct then?

Marco

Hi Marco,

I was troubleshooting VPN-issues on Windows (10) earlier today with Mac OS working fine, but Windows giving me shit. I saw similar error messages.

I found this post very useful (https://superuser.com/questions/1298513/l2tp-ipsec-vpn-fails-to-connect-on-windows-10-works-fine-on-ios). I also had to remove the connection and create it another time before it would work properly.