L2TP over IPSec (using certificates) with authentication against NPS using RADIUS on 6.20­rc6.

Hello

I have been working on getting an L2TP server up and running, with L2TP over PSK IPSec with authentication against NPS using RADIUS.
This setup works, and authenticates against a Windows 2012 AD over NPS over RADIUS.

Where things get tricky are when IPSec PSK is replaced with IPSec certificate authentication.

This seems to break the accepted authentication that the Mikrotik router receives from RADIUS. Using Wireshark I can see that Windows returns a RADIUS message indicating authentication success the the Mikrotik router, but the Mikrotik router sends a 691 to the L2TP VPN client, logging a CHAP authentication failure. The windows machine logs a successful authentication attempt.

This is very strange, and I cannot work out why this happens.
Any input would be much appreciated.

Regards
-Nikolaj

Nikolaj,

Please upgrade your MikroTik router to 6.27 version. Make sure the same problem is present.

Run authentication procedure with PSK that works fine, make sniffer output and support output file.
Run authentication with certificates that does not work, make sniffer output and support output file too.
Send 4 files to MikroTik support (support@mikrotik.com). We will see how we can help you.