Scenario:
[Win10_l2tp/ipsec]--------crs125----------------(internet)----------------isp_router_full_natted_to_RB----------rb3011
From iPhone to rb3011 the l2tp/ipsec works immediately
From Win10 behind crs125 , ike phase fails due to timeout
Same credentials/secrets configured in both clients
Please note that crs125 has already a gre/ipsec tunnel with another remote RB2011
Is there any macro issue/mistake to check ??
Thank you
Same issue :
Connecting a remote routerboard in L2TP/IPSEC works from a 3g/4g client as well a windows10 client with a comon DSL router
Whe the client is behind a MT device the L2TP connection to a remote mikrotik L2TP/IPSEC server fails
Phase 1 and 2 seems to be completed but L2TP is not even started (looking at L2TP server log)
Any hint please ??
I would verify your Windows client is behaving properly. It appears Microsoft has a sorted history with NAT-T technologies.
It looks like you need to monkey with the registry. Alternatively you could look at native IPv6 on both sides if it is deployed to you or another VPN technology.
It works !!!
Thank you !
Briefly for who needs:
regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
add new DWORD (32-bit) value named AssumeUDPEncapsulationContextOnSendRule
give it a value of 2
reboot
Idlemind, a great Thank You
No problem, glad it worked.