[l2tp ipsec] ipsec issue

lopar · November 13, 2018, 12:15pm

hi @all,
I’m making basic roadwarrior vpn setup, as written on wiki:

 /interface l2tp-server server> print 
               enabled: yes
               max-mtu: 1450
               max-mru: 1450
                  mrru: disabled
        authentication: mschap2
     keepalive-timeout: 30
          max-sessions: unlimited
       default-profile: L2TP
             use-ipsec: required
          ipsec-secret: **********
        caller-id-type: ip-address
  one-session-per-host: no
       allow-fast-path: no

 > /ppp profile print where name="L2TP" 
   Flags: * - default 
   0   name="L2TP" local-address=192.168.10.3 remote-address=vpn10 idle-timeout=30m use-mpls=default use-compression=default use-encryption=default 
     only-one=default change-tcp-mss=default use-upnp=default address-list="" dns-server=192.168.10.3 wins-server=192.168.10.4 on-up="" on-down=""

For a couple times/day the whole setup goes wrong, writing errors:

The only one solution for this is turning L2TP server off and on again. After such “reboot” system starts working without any problems and work till something strange happens and all stuck again with same error.

Is there any way to fix this? Thanx in advance.

emils · November 13, 2018, 12:50pm

Which version are you using? Can you check ‘/ip ipsec peer print’ when the issue is present? Can you send supout.rif file from your router to support@mikrotik.com?

lopar · November 13, 2018, 12:54pm

6.43.4. Okay, I’ll wait till issue start and post peer print here and send email.

lopar · November 13, 2018, 3:36pm

Can you check ‘/ip ipsec peer print’ when the issue is present?

Gotcha! Default dynamic peer rule completely dissapear from time to time. And appers when l2tp restarts.
I think, it is a bug.
Making static peer rule solved the problem for now.

emils · November 14, 2018, 6:04am

That is very nice, but you could have generate a supout.rif file so we can take a look and find out how and why that happens.