As per the subject, I have a site with a Mikrotik router and I want to create a VPN connection to it for a client. The Mikrotik is a secondary router and sits behind the client’s ISP router and I have all the necessary ports forwarded to it (500, 1701 & 4500).
I can connect to it from another Mikrotik router and from Android, but I have now tried multiple Windows machines and none of them want to connect. It eventually times out and tells me I have to check the network settings. On one of my tests I connected my local Mikrotik router to it and forgot to disconnect, then tried to connect my Windows machine’s VPN and it actually worked. This obviously means that by going through the existing tunnel I bypassed whatever was causing my issue, but I still don’t know what this issue is and why neither Mikrotik nor Android is bothered by it
In IPsec there are some connection profiles that indicate the allowed modes of encryption, hashing, DH group, and key management (psk, certificate) and in PPP (used by L2TP) there are also several settings for authentication, compression, encryption etc.
This whole set of profiles has to be acceptable to the client, and if there is some detail that is wrong you can expect Windows and other devices with limited user interface to issue a vague or incorrect error message that is hard to debug.
This is what makes networking interesting
(on top of this, there is a limitation that allows only a single device to connect between a pair of external IP addresses. so when you are trying with different devices at the same time, it becomes even more interesting…)
