L2TP/IPSEC keeps failing

Pericynthion · October 2, 2018, 6:05pm

Hi everyone! So I had a L2TP/IPSEC tunnel via a VPN provider, that was working and has recently started having problems. I’m trying to figure out if this is down to something they changed at their end, or something in one of the later RouterOS releases. I’m currently on RouterOS 6.44beta14

The initial connection is fine;

07:07:18 ipsec,info initiate new phase 1 (Identity Protection): 70.95.93.xx[500]<=>104.237.61.xxx[500] 
07:07:19 ipsec,info ISAKMP-SA established 70.95.93.xx[500]-104.237.61.xxx[500] spi:e34571107a98e1cc:06d0dbbedf8c9ba8 
07:07:21 l2tp,ppp,info l2tp-out1: authenticated 
07:07:22 l2tp,ppp,info l2tp-out1: connected

and then after a random period of time (can be anywhere from 30 mins to 3hrs+) , I see this is the log;

10:50:13 l2tp,ppp,info l2tp-out1: terminating... - hungup 
10:50:13 l2tp,ppp,info l2tp-out1: disconnected 
10:50:13 l2tp,ppp,info l2tp-out1: initializing... 
10:50:13 l2tp,ppp,info l2tp-out1: connecting... 
10:50:13 l2tp,ppp,info l2tp-out1: authenticated 
10:50:13 l2tp,ppp,info l2tp-out1: connected

The L2TP interface is up, the SA’s look to be there - but it doesnt pass any traffic. If I manually drop and restablish the connection, then it works fine again for a while. I can’t easily tell if the ‘hungup’ is from my end or the remote server?

Running pretty much a standard config - due to the remote provider, I can’t use PFS but everything else is pretty standard

/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 pfs-group=none

Basic L2TP interface

/interface l2tp-client
add add-default-route=yes allow=mschap2 connect-to=104.237.61.xxx ipsec-secret=mysecret keepalive-timeout=disabled max-mru=1400 max-mtu=1400 name=l2tp-out1 password=yyyyyyy use-ipsec=yes user=zzzzzzz

As I say, I havent changed anything recently in the config - so wondered if this rang any bells with anyone who has an IPSEC peer ‘sort of working’ , or could suggest the next layer of debugging.

Pericynthion · October 3, 2018, 2:36am

So managed to catch it dropping - if my understanding is correct, the LCP ProtRej are because I am running IPv6 on the Mikrotik, but the VPN server only supports IPV4.
From the state of the hungup, it looks like my end (70.95.93.xx) sent the termination - and if I read the CDN message (result-code=1) then it believes it lost connection. I’ve triple checked my end and the uplink doesnt seem to experience any interruptions, so the only thing I can interpret is that the remote end (which I dont control is having an intermittend connection / routing issue).

Anyone read anything else different here?

o

ct/02 19:12:21 l2tp	ppp	debug	packet l2tp:  l2tp-out1: rcvd proto=0xfff1 f6 f3 12 80 d2 72 26 c2...		
oct/02 19:12:21 l2tp	ppp	debug l2tp: l2tp-out1: received unsupported protocol 0xfff1			
oct/02 19:12:21 l2tp	ppp	debug	packet l2tp:  l2tp-out1: sent LCP ProtRej id=0xf0		
oct/02 19:12:21 l2tp	ppp	debug	packet l2tp:      ff f1 f6 f3 12 80 d2 72 26 c2 4b 6b df d9 99 d8...		
oct/02 19:12:21 l2tp	ppp	debug	packet l2tp:  l2tp-out1: rcvd proto=0xb612 cd 98 94 dd d8 12 79 b7...		
oct/02 19:12:21 l2tp	ppp	debug l2tp: l2tp-out1: received unsupported protocol 0xb612			
oct/02 19:12:21 l2tp	ppp	debug	packet l2tp:  l2tp-out1: sent LCP ProtRej id=0xf1		
oct/02 19:12:21 l2tp	ppp	debug	packet l2tp:      b6 12 cd 98 94 dd d8 12 79 b7 81 67 76 6a 51 70...		
oct/02 19:12:23 l2tp	ppp	debug	packet l2tp:  l2tp-out1: rcvd proto=0x50d f8 d3 8c a1 0b 7b 87 42...		
oct/02 19:12:23 l2tp	ppp	debug l2tp: l2tp-out1: received unsupported protocol 0x50d			
oct/02 19:12:23 l2tp	ppp	debug	packet l2tp:  l2tp-out1: sent LCP ProtRej id=0xf2		
oct/02 19:12:23 l2tp	ppp	debug	packet l2tp:      05 0d f8 d3 8c a1 0b 7b 87 42 e2 e0 dc f3 0a 2c...		
oct/02 19:12:23 l2tp	ppp	debug	packet l2tp:  l2tp-out1: rcvd proto=0xaa68 1c f3 42 fc 27 2e b1 23...		
oct/02 19:12:23 l2tp	ppp	debug l2tp: l2tp-out1: received unsupported protocol 0xaa68			
oct/02 19:12:23 l2tp	ppp	debug	packet l2tp:  l2tp-out1: sent LCP ProtRej id=0xf3		
oct/02 19:12:23 l2tp	ppp	debug	packet l2tp:      aa 68 1c f3 42 fc 27 2e b1 23 09 76 80 79 03 c6...		
oct/02 19:12:24 l2tp	ppp	debug	packet l2tp:  l2tp-out1: rcvd proto=0xeef4 fc b7 02 1c ef b0 80 1a...		
oct/02 19:12:24 l2tp	ppp	debug l2tp: l2tp-out1: received unsupported protocol 0xeef4			
oct/02 19:12:24 l2tp	ppp	debug	packet l2tp:  l2tp-out1: sent LCP ProtRej id=0xf4		
oct/02 19:12:24 l2tp	ppp	debug	packet l2tp:      ee f4 fc b7 02 1c ef b0 80 1a ad a7 23 38 41 b2...		
oct/02 19:12:24 l2tp	ppp	debug	packet l2tp:  l2tp-out1: rcvd proto=0xb509 1d 17 18 05 fd 49 15 05...		
oct/02 19:12:24 l2tp	ppp	debug l2tp: l2tp-out1: received unsupported protocol 0xb509			
oct/02 19:12:24 l2tp	ppp	debug	packet l2tp:  l2tp-out1: sent LCP ProtRej id=0xf5		
oct/02 19:12:24 l2tp	ppp	debug	packet l2tp:      b5 09 1d 17 18 05 fd 49 15 05 54 51 6a e3 4b 32...		
oct/02 19:12:25 l2tp	ppp	debug	packet l2tp:  l2tp-out1: rcvd LCP EchoReq id=0xca		
oct/02 19:12:25 l2tp	ppp	debug	packet l2tp:     <magic 0xa4ea830b>		
oct/02 19:12:25 l2tp	ppp	debug	packet l2tp:  l2tp-out1: sent LCP EchoRep id=0xca		
oct/02 19:12:25 l2tp	ppp	debug	packet l2tp:     <magic 0x45ee2a58>		
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: LCP lowerdown			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: LCP closed			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: CCP lowerdown			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: BCP lowerdown			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: BCP down event in starting state			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: IPCP lowerdown			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: IPCP closed			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: IPV6CP lowerdown			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: MPLSCP lowerdown			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: CCP close			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: BCP close			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: IPCP close			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: IPV6CP close			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: MPLSCP close			
oct/02 19:12:25 l2tp	ppp	info l2tp-out1: terminating... - hungup			
oct/02 19:12:25 l2tp	ppp	info l2tp: l2tp-out1: terminating... - hungup			
oct/02 19:12:25 l2tp	debug	packet l2tp: sent control message to 104.237.61.xx:1701 from 70.95.93.xx:1701			
oct/02 19:12:25 l2tp	debug	packet l2tp:     tunnel-id=44054	session-id=56634	ns=489	nr=487
oct/02 19:12:25 l2tp	debug	packet l2tp:     (M) Message-Type=CDN			
oct/02 19:12:25 l2tp	debug	packet l2tp:     (M) Result-Code=1			
oct/02 19:12:25 l2tp	debug	packet l2tp:     (M) Assigned-Session-ID=1			
oct/02 19:12:25 l2tp	debug l2tp: session 1 entering state: stopping				
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: LCP lowerdown			
oct/02 19:12:25 l2tp	ppp	debug l2tp: l2tp-out1: LCP down event in starting state			
oct/02 19:12:25 l2tp	ppp	info l2tp-out1: disconnected			
oct/02 19:12:25 l2tp	ppp	info l2tp: l2tp-out1: disconnected

I suppose the good news is that it doesn’t look like a IPSEC issue for a change!