L2TP / IPSec Useable

RouterOS General
1

Hi,

I purchased my first RouterBoard today (RB751G-2HnD) running v5.6. I have managed to set it up pretty much as I want. I have been able to set ip PPTP VPN access from my iPhone. I would ideally like to run L2TP as it is more secure. I have tried setting it up without much luck. I have been reading various forums saying that it does not work very well. At this point I don’t know if this is the case or I have not set it up correctly.

My settings are:-

[admin-user@r1] > /interface l2tp-server server print 
          enabled: yes
          max-mtu: 1460
          max-mru: 1460
             mrru: disabled
   authentication: mschap1,mschap2
  default-profile: VPN-Profile




[admin-user@r1] > /ppp secret print detail 
Flags: X - disabled 
 1   name="user" service=l2tp caller-id="" password="password" 
     profile=VPN-Profile routes="" limit-bytes-in=0 limit-bytes-out=0




[admin-user@r1] > /ppp profile print detail 
Flags: * - default 
 0 * name="default" use-mpls=default use-compression=default 
     use-vj-compression=default use-encryption=default only-one=default 
     change-tcp-mss=yes 

 1   name="VPN-Profile" local-address=VPN-Pool remote-address=VPN-Pool 
     use-mpls=default use-compression=default use-vj-compression=default 
     use-encryption=default only-one=default change-tcp-mss=default 
     dns-server=172.16.0.1 

 2 * name="default-encryption" use-mpls=default use-compression=default 
     use-vj-compression=default use-encryption=yes only-one=default 
     change-tcp-mss=yes




[admin-user@r1] > /ip pool print detail 
 0 name="dhcp_pool1" ranges=172.16.0.100-172.16.0.254 

 1 name="VPN-Pool" ranges=172.16.0.220-172.16.0.230




[admin-user@r1] > /ip ipsec peer print detail 
Flags: X - disabled 
 0   address=0.0.0.0/0 port=500 auth-method=pre-shared-key secret="sharedkey" 
     generate-policy=yes exchange-mode=main send-initial-contact=yes 
     nat-traversal=no my-id-user-fqdn="" proposal-check=obey 
     hash-algorithm=sha1 enc-algorithm=3des dh-group=modp1024 lifetime=1d 
     lifebytes=0 dpd-interval=2m dpd-maximum-failures=5




[admin-user@r1] > /ip firewall filter print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=input action=accept protocol=udp dst-port=500 

 1   chain=input action=accept protocol=udp dst-port=1701 

 2   chain=input action=accept protocol=udp dst-port=4500 

 3   chain=input action=accept protocol=ipsec-esp

Any advice given would be very much appreciated