I setup l2tp/ipsec server on MikroTik RB951G-2HnD, os version is 5.25. And after reboot router it works fine - I can connect, disonnect, connect again to l2tp server (I’m checking it with my iphone). But if I wait about 10 minutes, I can’t connect to server anymore! Due to error in log:
ipsec debug - phase1 negotitation failed due to time up.
If I restart router, I can connect to server again.
How to solve that problem?
My config for l2tp/ipsec server is here:
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des,aes-256 lifetime=1h pfs-group=
none
/ip ipsec peer
add exchange-mode=main-l2tp generate-policy=yes hash-algorithm=sha1
nat-traversal=yes secret=1234567890 send-initial-contact=no
/ppp profile
add change-tcp-mss=yes local-address=192.168.88.1 name=L2TP-Profile
remote-address=l2tp-pool use-ipv6=no
/interface l2tp-server server
set authentication=mschap2 default-profile=L2TP-Profile enabled=yes
/ppp secret
add name=testuser password=pAssWord profile=L2TP-Profile service=l2tp
/ip pool
add name=l2tp-pool ranges=192.168.88.11-192.168.88.20
/ip firewall filter
add chain=input comment=“l2tp router server” connection-state=new dst-port=
500,1701 in-interface=ether1 protocol=udp src-port=“”
add chain=input in-interface=ether1 protocol=ipsec-esp
add chain=input dst-port=4500 in-interface=ether1 protocol=udp