L2TP/IPsec server behind NAT

nejko · October 28, 2011, 8:40am

Dear community,

I have a RouterOS (x86, but have tried with RB750G as well) behind a NAT device (I tried Check Point firewall and another MikroTik with masquerading). I configured L2TP with IPsec and the IPsec SAs get established seamlessly. However, the L2TP tunnel doesn’t get established.

Here is the log excerpt:

Oct/28/2011 10:25:06 l2tp,info first L2TP UDP packet received from 188.198.114.190
Oct/28/2011 10:25:06 l2tp,debug tunnel 19 entering state: wait-ctl-conn
Oct/28/2011 10:25:06 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:06 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:06 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:06 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:07 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:07 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:07 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:07 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:08 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:08 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:08 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:08 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:08 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:08 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:08 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:08 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:10 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:10 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:10 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:10 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:10 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:10 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:10 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:10 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:12 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:12 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:12 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:12 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:14 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:14 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:14 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:14 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:14 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:14 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:14 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:14 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:16 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:16 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:16 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:16 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:18 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:18 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:18 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:18 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:20 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:20 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:20 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:20 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:22 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:22 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:22 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:22 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:22 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:22 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:22 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:22 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:24 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:24 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:24 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:24 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:24 l2tp,debug tunnel 19 received no replies, disconnecting
Oct/28/2011 10:25:24 l2tp,debug tunnel 19 entering state: dead

If I remove the NAT device and give the L2TP/IPsec RouterOS server a public IP address, then the connection gets established.

Thanks,
Nejc

jandafields · November 6, 2011, 4:26am

nejko:

Dear community,

I have a RouterOS (x86, but have tried with RB750G as well) behind a NAT device (I tried Check Point firewall and another MikroTik with masquerading). I configured L2TP with IPsec and the IPsec SAs get established seamlessly. However, the L2TP tunnel doesn’t get established.

Here is the log excerpt:

Oct/28/2011 10:25:06 l2tp,info first L2TP UDP packet received from 188.198.114.190
Oct/28/2011 10:25:06 l2tp,debug tunnel 19 entering state: wait-ctl-conn
Oct/28/2011 10:25:06 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:06 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:06 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:06 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:06 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:07 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:07 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:07 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:07 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:07 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:08 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:08 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:08 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:08 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:08 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:08 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:08 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:08 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:08 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:10 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:10 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:10 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:10 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:10 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:10 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:10 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:10 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:10 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:12 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:12 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:12 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:12 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:12 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:14 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:14 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:14 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:14 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:14 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:14 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:14 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:14 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:14 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:16 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:16 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:16 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:16 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:16 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:18 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:18 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:18 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:18 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:18 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:20 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:20 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:20 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:20 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:20 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:22 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:22 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:22 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:22 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:22 l2tp,debug,packet sent control message to 188.198.114.190:51123
Oct/28/2011 10:25:22 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=0, nr=1
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Message-Type=SCCRP
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Framing-Capabilities=0x1
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
Oct/28/2011 10:25:22 l2tp,debug,packet     Firmware-Revision=0x1
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Host-Name="mt-novavas"
Oct/28/2011 10:25:22 l2tp,debug,packet     Vendor-Name="MikroTik"
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Assigned-Tunnel-ID=19
Oct/28/2011 10:25:22 l2tp,debug,packet     (M) Receive-Window-Size=4
Oct/28/2011 10:25:24 l2tp,debug,packet rcvd control message from 188.198.114.190:51123
Oct/28/2011 10:25:24 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Message-Type=SCCRQ
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Protocol-Version=0x01:00
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Host-Name="anonymous"
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Framing-Capabilities=0x3
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Assigned-Tunnel-ID=59332
Oct/28/2011 10:25:24 l2tp,debug,packet     (M) Receive-Window-Size=1
Oct/28/2011 10:25:24 l2tp,debug,packet sent control message (ack) to 188.198.114.190:51123
Oct/28/2011 10:25:24 l2tp,debug,packet     tunnel-id=59332, session-id=0, ns=1, nr=1
Oct/28/2011 10:25:24 l2tp,debug tunnel 19 received no replies, disconnecting
Oct/28/2011 10:25:24 l2tp,debug tunnel 19 entering state: dead

If I remove the NAT device and give the L2TP/IPsec RouterOS server a public IP address, then the connection gets established.

Thanks,
Nejc

IPSEC+L2TP+NAT was broken in v3, v4, and at least the first few builds of v5. I don’t know if it ever actually got fixed. I got tired of waiting and stopped trying it.
http://forum.mikrotik.com/t/ipsec-and-nat-t-problem/30115/1

HaPe · August 22, 2013, 11:54am

Does L2TP/IPsec client behind NAT will work in 5.25?