Your client, the Mac, has to connect to the IP address on the mikrotik which will be the preferred source IP for packets returned to your client.
The MikroTik does not reply from the IP address to which your client connected. It’s an annoying bug. If you have multiple paths out of the MikroTik, the client has to connect to the preferred source IP on the MikroTik for the interface closest to the client. If the client moves around, this is a big annoyance.
Negative. Both of them are in my lab setup. The client and server are in 10.0.0.0/24. The server has an internal network of 10.0.1.0/24… I’m planning to install it this Sunday and I can continue to troubleshoot it after its installed… I was just trying to figure it out now..
KNOWN ISSUE: IPsec AES-CBC 256 Bit encryption algorithm doesn’t work in some cases. Use 128 bit AES, or hold on for v6.11
I have no idea how that problem would present in MacOS X errors.
What are the ppp-in/ppp-out filters?
Does the router have multiple 10.0.0.0/24 IPs on that interface?
I have given up on 6.7 and up for IPSec. I have actually back-leveled anything that needs to be a VPN server to 6.4 or 5.26. I do not have a lot of VPN experience but have run into a lot of problems with VPN and MikroTik lately.
I would enable IPsec and L2TP debug on the tik and watch the /var/log/system.log on the Mac. I even went so far as to enable /ip firewall filter log rules for the IPSec and L2TP ports.
When I was fighting the error you are getting, everything looked good in all of that but until I hit the IP listed in /ip route for the routes pointing back at my Mac, all I got was the message you seem to be getting.
Well thats good to know. Eventually I’ll have to get 6.12 or 6.13 on this so I can get all of the CRS switch chip to work.
But thanks for the info. I’m going to test it again after I install the router. Thankfully the VPN needs are minimal right now. I can install it and then just use a firewall allow to let just my home ip in to play with it.