Since Apple discontinued to support PPTP with its iOS10 and MacOS Sierra , I have to find another VPN solution to access my home internet.
I am already spent at least four sleepless nights trying to troubleshoot and find the answer to my problem - WHY I could not even pass the PHASE1 on IPSEC.
I follow the manual for the configuration , below is my exact configuration ( with user/pass changed) and router details . Logs following.
This is RB450G , with freshly upgraded RouterOS 6.37.1 , Firmware type : ar7100 , factory firmware: 2.39, current/upgrade firmware 3.24
L2TP/IPSEC/Firewall configuration :
/ip pool
add name=l2tp ranges=10.10.11.10-10.10.11.100
/ppp profile> print
name=“l2tp_profile” local-address=l2tp remote-address=l2tp use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=yes use-upnp=default address-list=“” dns-server=8.8.8.8 on-up=“” on-down=“”
/interface l2tp-server server
set authentication=mschap2 default-profile=l2tp_profile enabled=yes ipsec-secret=myipsecsecret max-mru=1460 max-mtu=1460 use-ipsec=yes
/ppp secret
add name=user password=password profile=l2tp_profile service=l2tp
/ip ipsec policy group
set
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-256-ctr,aes-128-cbc,aes-128-ctr,3des pfs-group=none
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-128,3des exchange-mode=main-l2tp generate-policy=port-override passive=yes secret=myipsecsecret
/ip ipsec user
add name=user password=password
/ip firewall filter
add action=accept chain=input comment=“default configuration” protocol=icmp
add action=accept chain=input comment=“default configuration” connection-state=“”
add action=accept chain=input comment=“default configuration” connection-state=“”
add action=accept chain=input dst-port=1723 protocol=tcp
add action=accept chain=input log=yes port=1701,500,4500 protocol=udp
add action=accept chain=input log=yes protocol=ipsec-esp
add action=drop chain=input comment=“default configuration” in-interface=Public
Here some log when I was trying to connect from iPhone 6 . Preatty much the same as with MacOS or Windows 7
[admin@MikroTik] /log> print
oct/05 20:54:36 ipsec,debug,packet 3b89f5cf 02628622 102e3290 36aff1f1 9fd955b6
oct/05 20:54:36 ipsec,debug,packet hmac(hmac_sha1)
oct/05 20:54:36 ipsec,debug,packet SKEYID_d computed:
oct/05 20:54:36 ipsec,debug,packet deeaad3d dd24cb71 067661b5 dfd0b80a 9f592ade
oct/05 20:54:36 ipsec,debug,packet hmac(hmac_sha1)
oct/05 20:54:36 ipsec,debug,packet SKEYID_a computed:
oct/05 20:54:36 ipsec,debug,packet 1a4ce15c 3a221952 fe5c5f0c c8eee04d e66fb48e
oct/05 20:54:36 ipsec,debug,packet hmac(hmac_sha1)
oct/05 20:54:36 ipsec,debug,packet SKEYID_e computed:
oct/05 20:54:36 ipsec,debug,packet 9bf6eb72 5a96a764 d652fd58 ea1c24d5 c95c4e01
oct/05 20:54:36 ipsec,debug,packet encryption(aes)
oct/05 20:54:36 ipsec,debug,packet hash(sha1)
oct/05 20:54:36 ipsec,debug,packet len(SKEYID_e) < len(Ka) (20 < 32), generating long key (Ka = K1 | K2 | …)
oct/05 20:54:36 ipsec,debug,packet hmac(hmac_sha1)
oct/05 20:54:36 ipsec,debug,packet compute intermediate encryption key K1
oct/05 20:54:36 ipsec,debug,packet 00
oct/05 20:54:36 ipsec,debug,packet 383901c5 9244208d b8ee4a49 c04d14c0 41f1cee5
oct/05 20:54:36 ipsec,debug,packet hmac(hmac_sha1)
oct/05 20:54:36 ipsec,debug,packet compute intermediate encryption key K2
oct/05 20:54:36 ipsec,debug,packet 383901c5 9244208d b8ee4a49 c04d14c0 41f1cee5
oct/05 20:54:36 ipsec,debug,packet a24a1234 b10401dc 9034e59d b217cbb0 9b63ed97
oct/05 20:54:36 ipsec,debug,packet final encryption key computed:
oct/05 20:54:36 ipsec,debug,packet 383901c5 9244208d b8ee4a49 c04d14c0 41f1cee5 a24a1234 b10401dc 9034e59d
oct/05 20:54:36 ipsec,debug,packet hash(sha1)
oct/05 20:54:36 ipsec,debug,packet encryption(aes)
oct/05 20:54:36 ipsec,debug,packet IV computed:
oct/05 20:54:36 ipsec,debug,packet 1cce3284 3d724d08 62923a92 c2ed41d6
oct/05 20:54:39 ipsec,debug,packet ==========
oct/05 20:54:39 ipsec,debug,packet 228 bytes message received from 24.114.64.181[53256] to 198.200.99.76[500]
oct/05 20:54:39 ipsec,debug,packet e4add6b8 2c0206b0 64c3bb26 8ddc2cde 04100200 00000000 000000e4 0a000084
oct/05 20:54:39 ipsec,debug,packet 6acd923e 00ef79e6 0ffcfb02 daf91ad2 f7c634f9 2d70860f 19511553 635d09ef
oct/05 20:54:39 ipsec,debug,packet abe7f97f 33cb76ee bda7b45f 09e49a6d 773fcf4e 7f429e08 d81a35a1 eba17f24
oct/05 20:54:39 ipsec,debug,packet ad4e0f79 a09195f6 da567f6a b4e85baa fb96de51 8b1d94d3 9aefe1f6 a5eb758a
oct/05 20:54:39 ipsec,debug,packet dd783fc1 5616f31d 205e0486 98daf6ab f9fd511e 193a6216 fa5567ff 4c14f7e5
oct/05 20:54:39 ipsec,debug,packet 14000014 1e84c88e accf01b8 d36f670a acfaf1ea 14000018 cc452bba 7076cac4
oct/05 20:54:39 ipsec,debug,packet 3022838f 491f14d8 6088cd80 00000018 d0f81eec 47909d75 75f9969b 9dde59d4
oct/05 20:54:39 ipsec,debug,packet 7b5585b8
oct/05 20:54:39 ipsec,debug,packet sockname 198.200.99.76[500]
oct/05 20:54:39 ipsec,debug,packet send packet from 198.200.99.76[500]
oct/05 20:54:39 ipsec,debug,packet send packet to 24.114.64.181[53256]
oct/05 20:54:39 ipsec,debug,packet src4 198.200.99.76[500]
oct/05 20:54:39 ipsec,debug,packet dst4 24.114.64.181[53256]
oct/05 20:54:39 ipsec,debug,packet 1 times of 236 bytes message will be sent to 24.114.64.181[53256]
oct/05 20:54:39 ipsec,debug,packet e4add6b8 2c0206b0 64c3bb26 8ddc2cde 04100200 00000000 000000ec 0a000084
oct/05 20:54:39 ipsec,debug,packet 43877872 1519f7da af63458b e8c8f702 2e7eed99 f66e35cf 55d9f1c1 82e101d7
oct/05 20:54:39 ipsec,debug,packet add5f975 861afa60 15d29a59 6cec9c0c d9a8b6be 93774dc8 66ca983d 617084d3
oct/05 20:54:39 ipsec,debug,packet 10e0572d d38ac75f 90a0bfb7 949a9103 a9cce1c0 646e9d97 bee5f436 019be194
oct/05 20:54:39 ipsec,debug,packet ed5a3be0 7d8dfdb4 37430588 62bbfc91 09f7202e 5ffc2292 0882387a e3bf519d
oct/05 20:54:39 ipsec,debug,packet 1400001c a1933fad db4c50de 4877d97d f13bd526 c1612f6e 43e8c940 14000018
oct/05 20:54:39 ipsec,debug,packet 3c503182 4c036783 91752a26 73ddbcb3 5de1c1b0 00000018 cc452bba 7076cac4
oct/05 20:54:39 ipsec,debug,packet 3022838f 491f14d8 6088cd80
oct/05 20:54:39 ipsec the packet is retransmitted by 24.114.64.181[53256].
oct/05 20:54:45 ipsec,debug,packet 236 bytes from 198.200.99.76[500] to 24.114.64.181[53256]
oct/05 20:54:45 ipsec,debug,packet sockname 198.200.99.76[500]
oct/05 20:54:45 ipsec,debug,packet send packet from 198.200.99.76[500]
oct/05 20:54:45 ipsec,debug,packet send packet to 24.114.64.181[53256]
oct/05 20:54:45 ipsec,debug,packet src4 198.200.99.76[500]
oct/05 20:54:45 ipsec,debug,packet dst4 24.114.64.181[53256]
oct/05 20:54:45 ipsec,debug,packet 1 times of 236 bytes message will be sent to 24.114.64.181[53256]
oct/05 20:54:45 ipsec,debug,packet e4add6b8 2c0206b0 64c3bb26 8ddc2cde 04100200 00000000 000000ec 0a000084
oct/05 20:54:45 ipsec,debug,packet 43877872 1519f7da af63458b e8c8f702 2e7eed99 f66e35cf 55d9f1c1 82e101d7
oct/05 20:54:45 ipsec,debug,packet add5f975 861afa60 15d29a59 6cec9c0c d9a8b6be 93774dc8 66ca983d 617084d3
oct/05 20:54:45 ipsec,debug,packet 10e0572d d38ac75f 90a0bfb7 949a9103 a9cce1c0 646e9d97 bee5f436 019be194
oct/05 20:54:45 ipsec,debug,packet ed5a3be0 7d8dfdb4 37430588 62bbfc91 09f7202e 5ffc2292 0882387a e3bf519d
oct/05 20:54:45 ipsec,debug,packet 1400001c a1933fad db4c50de 4877d97d f13bd526 c1612f6e 43e8c940 14000018
oct/05 20:54:45 ipsec,debug,packet 3c503182 4c036783 91752a26 73ddbcb3 5de1c1b0 00000018 cc452bba 7076cac4
oct/05 20:54:45 ipsec,debug,packet 3022838f 491f14d8 6088cd80
oct/05 20:54:45 ipsec,debug resent phase1 packet 198.200.99.76[500]<=>24.114.64.181[53256] e4add6b82c0206b0:64c3bb268ddc2cde
oct/05 20:54:55 ipsec,debug,packet 236 bytes from 198.200.99.76[500] to 24.114.64.181[53256]
oct/05 20:54:55 ipsec,debug,packet sockname 198.200.99.76[500]
oct/05 20:54:55 ipsec,debug,packet send packet from 198.200.99.76[500]
oct/05 20:54:55 ipsec,debug,packet send packet to 24.114.64.181[53256]
oct/05 20:54:55 ipsec,debug,packet src4 198.200.99.76[500]
oct/05 20:54:55 ipsec,debug,packet dst4 24.114.64.181[53256]
oct/05 20:54:55 ipsec,debug,packet 1 times of 236 bytes message will be sent to 24.114.64.181[53256]
oct/05 20:54:55 ipsec,debug,packet e4add6b8 2c0206b0 64c3bb26 8ddc2cde 04100200 00000000 000000ec 0a000084
oct/05 20:54:55 ipsec,debug,packet 43877872 1519f7da af63458b e8c8f702 2e7eed99 f66e35cf 55d9f1c1 82e101d7
oct/05 20:54:55 ipsec,debug,packet add5f975 861afa60 15d29a59 6cec9c0c d9a8b6be 93774dc8 66ca983d 617084d3
oct/05 20:54:55 ipsec,debug,packet 10e0572d d38ac75f 90a0bfb7 949a9103 a9cce1c0 646e9d97 bee5f436 019be194
oct/05 20:54:55 ipsec,debug,packet ed5a3be0 7d8dfdb4 37430588 62bbfc91 09f7202e 5ffc2292 0882387a e3bf519d
oct/05 20:54:55 ipsec,debug,packet 1400001c a1933fad db4c50de 4877d97d f13bd526 c1612f6e 43e8c940 14000018
oct/05 20:54:55 ipsec,debug,packet 3c503182 4c036783 91752a26 73ddbcb3 5de1c1b0 00000018 cc452bba 7076cac4
oct/05 20:54:55 ipsec,debug,packet 3022838f 491f14d8 6088cd80
oct/05 20:54:55 ipsec,debug resent phase1 packet 198.200.99.76[500]<=>24.114.64.181[53256] e4add6b82c0206b0:64c3bb268ddc2cde
oct/05 20:55:05 ipsec,debug,packet 236 bytes from 198.200.99.76[500] to 24.114.64.181[53256]
oct/05 20:55:05 ipsec,debug,packet sockname 198.200.99.76[500]
oct/05 20:55:05 ipsec,debug,packet send packet from 198.200.99.76[500]
oct/05 20:55:05 ipsec,debug,packet send packet to 24.114.64.181[53256]
oct/05 20:55:05 ipsec,debug,packet src4 198.200.99.76[500]
oct/05 20:55:05 ipsec,debug,packet dst4 24.114.64.181[53256]
oct/05 20:55:05 ipsec,debug,packet 1 times of 236 bytes message will be sent to 24.114.64.181[53256]
oct/05 20:55:05 ipsec,debug,packet e4add6b8 2c0206b0 64c3bb26 8ddc2cde 04100200 00000000 000000ec 0a000084
oct/05 20:55:05 ipsec,debug,packet 43877872 1519f7da af63458b e8c8f702 2e7eed99 f66e35cf 55d9f1c1 82e101d7
oct/05 20:55:05 ipsec,debug,packet add5f975 861afa60 15d29a59 6cec9c0c d9a8b6be 93774dc8 66ca983d 617084d3
oct/05 20:55:05 ipsec,debug,packet 10e0572d d38ac75f 90a0bfb7 949a9103 a9cce1c0 646e9d97 bee5f436 019be194
oct/05 20:55:05 ipsec,debug,packet ed5a3be0 7d8dfdb4 37430588 62bbfc91 09f7202e 5ffc2292 0882387a e3bf519d
oct/05 20:55:05 ipsec,debug,packet 1400001c a1933fad db4c50de 4877d97d f13bd526 c1612f6e 43e8c940 14000018
oct/05 20:55:05 ipsec,debug,packet 3c503182 4c036783 91752a26 73ddbcb3 5de1c1b0 00000018 cc452bba 7076cac4
oct/05 20:55:05 ipsec,debug,packet 3022838f 491f14d8 6088cd80
oct/05 20:55:05 ipsec,debug resent phase1 packet 198.200.99.76[500]<=>24.114.64.181[53256] e4add6b82c0206b0:64c3bb268ddc2cde
oct/05 20:55:05 ipsec,debug,packet 3c503182 4c036783 91752a26 73ddbcb3 5de1c1b0 00000018 cc452bba 7076cac4
oct/05 20:55:05 ipsec,debug,packet 3022838f 491f14d8 6088cd80
oct/05 20:55:05 ipsec,debug resent phase1 packet 198.200.99.76[500]<=>24.114.64.181[53256] e4add6b82c0206b0:64c3bb268ddc2cde
oct/05 20:55:15 ipsec,debug,packet 236 bytes from 198.200.99.76[500] to 24.114.64.181[53256]
oct/05 20:55:15 ipsec,debug,packet sockname 198.200.99.76[500]
oct/05 20:55:15 ipsec,debug,packet send packet from 198.200.99.76[500]
oct/05 20:55:15 ipsec,debug,packet send packet to 24.114.64.181[53256]
oct/05 20:55:15 ipsec,debug,packet src4 198.200.99.76[500]
oct/05 20:55:15 ipsec,debug,packet dst4 24.114.64.181[53256]
oct/05 20:55:15 ipsec,debug,packet 1 times of 236 bytes message will be sent to 24.114.64.181[53256]
oct/05 20:55:15 ipsec,debug,packet e4add6b8 2c0206b0 64c3bb26 8ddc2cde 04100200 00000000 000000ec 0a000084
oct/05 20:55:15 ipsec,debug,packet 43877872 1519f7da af63458b e8c8f702 2e7eed99 f66e35cf 55d9f1c1 82e101d7
oct/05 20:55:15 ipsec,debug,packet add5f975 861afa60 15d29a59 6cec9c0c d9a8b6be 93774dc8 66ca983d 617084d3
oct/05 20:55:15 ipsec,debug,packet 10e0572d d38ac75f 90a0bfb7 949a9103 a9cce1c0 646e9d97 bee5f436 019be194
oct/05 20:55:15 ipsec,debug,packet ed5a3be0 7d8dfdb4 37430588 62bbfc91 09f7202e 5ffc2292 0882387a e3bf519d
oct/05 20:55:15 ipsec,debug,packet 1400001c a1933fad db4c50de 4877d97d f13bd526 c1612f6e 43e8c940 14000018
oct/05 20:55:15 ipsec,debug,packet 3c503182 4c036783 91752a26 73ddbcb3 5de1c1b0 00000018 cc452bba 7076cac4
oct/05 20:55:15 ipsec,debug,packet 3022838f 491f14d8 6088cd80
oct/05 20:55:15 ipsec,debug resent phase1 packet 198.200.99.76[500]<=>24.114.64.181[53256] e4add6b82c0206b0:64c3bb268ddc2cde
oct/05 20:55:25 ipsec,debug,packet 236 bytes from 198.200.99.76[500] to 24.114.64.181[53256]
oct/05 20:55:25 ipsec,debug,packet sockname 198.200.99.76[500]
oct/05 20:55:25 ipsec,debug,packet send packet from 198.200.99.76[500]
oct/05 20:55:25 ipsec,debug,packet send packet to 24.114.64.181[53256]
oct/05 20:55:25 ipsec,debug,packet src4 198.200.99.76[500]
oct/05 20:55:25 ipsec,debug,packet dst4 24.114.64.181[53256]
oct/05 20:55:25 ipsec,debug,packet 1 times of 236 bytes message will be sent to 24.114.64.181[53256]
oct/05 20:55:25 ipsec,debug,packet e4add6b8 2c0206b0 64c3bb26 8ddc2cde 04100200 00000000 000000ec 0a000084
oct/05 20:55:25 ipsec,debug,packet 43877872 1519f7da af63458b e8c8f702 2e7eed99 f66e35cf 55d9f1c1 82e101d7
oct/05 20:55:25 ipsec,debug,packet add5f975 861afa60 15d29a59 6cec9c0c d9a8b6be 93774dc8 66ca983d 617084d3
oct/05 20:55:25 ipsec,debug,packet 10e0572d d38ac75f 90a0bfb7 949a9103 a9cce1c0 646e9d97 bee5f436 019be194
oct/05 20:55:25 ipsec,debug,packet ed5a3be0 7d8dfdb4 37430588 62bbfc91 09f7202e 5ffc2292 0882387a e3bf519d
oct/05 20:55:25 ipsec,debug,packet 1400001c a1933fad db4c50de 4877d97d f13bd526 c1612f6e 43e8c940 14000018
oct/05 20:55:25 ipsec,debug,packet 3c503182 4c036783 91752a26 73ddbcb3 5de1c1b0 00000018 cc452bba 7076cac4
oct/05 20:55:25 ipsec,debug,packet 3022838f 491f14d8 6088cd80
oct/05 20:55:25 ipsec,debug resent phase1 packet 198.200.99.76[500]<=>24.114.64.181[53256] e4add6b82c0206b0:64c3bb268ddc2cde
oct/05 20:55:35 ipsec,error phase1 negotiation failed due to time up 198.200.99.76[500]<=>24.114.64.181[53256] e4add6b82c0206b0:64c3bb268ddc2cde