Hi!
Im having issues connecting to L2TP/IPSEC server hosted on rb750gl ROS version .. i tried 6.0. Rc14/ 6.24 and 6.30.2.
I can connect to it fine with windows PC, but when i try to connect from android or ios device … no connection is happening. MT router is behind WatchGuard and it have public ip assigned via static-nat. Firewall is not blocking it, but there is some notifications about IKE..something. Btw its intended to be Road Warrior VPN setup.
Try unchecking the IPsec box in L2TP server and in IPsec >peer select generate policy >override
Still not working.
“2015-07-31 13:13:36 iked (80.233.199.4<->85.254.158.77)Invalid exchange type in ISAKMP HDR from 85.254.158.77:46898 Cookies: i=874bdfc7 e58750be r=2cc3b866 70439fd2 Expecting aggressive mode Debug”
This is what my firewall says about this.
Problem with port-strict will be fixed in 6.31rc12.
Hi. I have just run into this same problem. My hEX is running 6.31.
L2TP/IPsec was failing using both iOS 8.4 and Mac OS X 10.10 clients (I think they share the same VPN implementation) with the exact symptoms detailed in this page:
https://netidy.com/blog/mikrotik-auto-generated-ipsec-working-ios
I had to uncheck “Use IPsec” in the L2TP Server config, and create a peer with “Generate policy” set to “port override” instead of “port strict”.
Also, I found confusing that the “Use VPN” quick setting added firewall rules to accept L2TP, PPTP and SSTP ports, but not for accepting IKE ports (UDP 500 and 4500).