I am using a fairly new router with 6.40.3. I have setup L2TP/IPSec many times but am killing myself on this current implementation. Reading the forums it seems like L2TP has gone off the rails in recent versions revolving around the policy-template-group setting in your peer (seen the solution of entering *FFFFFFFF in a terminal window).
Does anyone have this working in this version of RouterOS - no matter what I try I get the ‘x.x.x.x failed to pre-process ph2 packet’ - attempting with a Windows client.
First of all, please make sure you have Policy Group with name ‘randomname’ configured under ‘/ip ipsec policy group’ menu. Then make sure you have a policy template which would match L2TP policies with the same Policy Group configured.
You can also enable IPsec debug logs that will reveal extra debug information about the issue.
/system logging add topics=ipsec,!debug
If you are not able to resolve the issue yourself, please post your ‘/ip ipsec policy’ and ‘/ip ipsec policy group’ prints too.
My proposal:
name=“default” auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc lifetime=30m pfs-group=modp1024
It was working with 6.40.3 on both sides. Now it is working with 6.40.4 on the server and 6.40.3 or 6.40.4 on the clients. Don’t remember if worked with nat-traversal=yes. This is not an issue in my case, so I left it disabled.