MT RB L2TP server and Cisco L2TP client ?

zhhlyes · March 31, 2010, 7:09am

dear Sir/Madam,

I am trying to establish a l2tp VPn connection between MT RB (v2.9.26) [l2tp server]
and a Cisco 2821 [l2tp client]. The server config seems to be very
easy (not a lot of parameters) ,now ,i have a l2tp username ,password ,remote IP of l2tp server

how to configure or write command script in cisco 2821
Is there anybody who is able to provide some simple cisco config
lines?Thanx in advance.

normis · March 31, 2010, 7:12am

you should try v4.6 instead, it has many fixes and improvements. licenses users upgrade for free

zhhlyes · April 7, 2010, 5:56am

before the day.establish a l2tp VPn connection between MikroTik route and MikroTik route .
but the one of MikroTik route ( L2tp sever )is not of me ,and i must acess it with cisco 2821 instead of MikroTik route now,

i have a l2tp username: test ,password :test ,remote IP: 10.10.10.2 of l2tp server of MikroTik route

how to configure or write command script in cisco 2821 access it ? help me ,please!

zerxen · April 22, 2010, 6:52pm

Hi, I am currently trying to do the same thing (MK as l2tp server and cisco router as l2tp client).

So far I managed to try this successfully only between two cisco routers (by following cisco docs on l2tp). I also have one functional L2Tp setup between two microtics which is working and one of these will be server for the cisco machine.

However, I then pointed the cisco setup of l2tp client to l2tp server on mikrotic, ppp did not make it through LCP stage.

My current config is this for microtic (hostname Arachnid):

/ppp profile print;   
Flags: * - default
 3   name="l2tp_cisco" use-compression=default use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default

/ppp secret print;
Flags: X - disabled
 #   NAME                                     SERVICE CALLER-ID                                  PASSWORD                                  PROFILE                                  
 3   Cisco                                    any                                                cisco                                     l2tp_cisco

/interface l2tp-server print;
Flags: X - disabled, D - dynamic, R - running
 #     NAME                                            USER         MTU        CLIENT-ADDRESS                                           UPTIME   ENCODING
 1     l2tp-in-cisco                                   Cisco

/interface l2tp-server server print;
          enabled: yes
          max-mtu: 1460
          max-mru: 1460
             mrru: disabled
   authentication: mschap2
  default-profile: l2tp_cisco

On cisco side, I have this (192.168.10.130 is an IP address of mikrotic l2tp server)

l2tp-class l2tpclass1
 authentication
!
hostname Cisco
username Arachnid password 0 cisco
!
pseudowire-class pwclass1
 encapsulation l2tpv2
!
interface Loopback1
 no ip address
!
interface FastEthernet0/0
 ip address dhcp
 duplex auto
 speed auto
!
interface Virtual-PPP1
 ip address negotiated
 no shutdown
 no cdp enable
 ppp authentication ms-chap-v2
 pseudowire 192.168.10.130 10 pw-class pwclass1
!

This configuration is not working, even the first phase of PPP (LCP) will not negotiate on configuration parameters, in wireshark, i see something like this:

– output ommited—
LCP Configuration Request
LCP Configuration Reject
LCP Configuration Request
LCP Configuration Reject
LCP Configuration Request
LCP Configuration Reject
LCP Configuration Request
LCP Configuration Reject
LCP Configuration Request
LCP Configuration Reject
LCP Termination Request
LCP Termination Ack
– output ommited—

I anyone can help or has a functional L2TP setup with cisco beeing client to mikrotic, I would like to see the configs.

PS: Mikrotik version 4.7.

cegner · June 18, 2013, 1:44pm

zerxen, did you succeed?

savage · April 2, 2014, 6:39pm

Been at this for months now through virtually every single ROS version from the v5 RC releases…

LCP never makes it through authentication. PAP/CHAP doesn’t matter - it simply REFUSES to authenticate.

20:14:16 l2tp,ppp,debug <x.x.255.225>: LCP timer
20:14:16 l2tp,ppp,debug,packet <198.19.255.225>: sent LCP ConfReq id=0x5
20:14:16 l2tp,ppp,debug,packet <mru 1450>
20:14:16 l2tp,ppp,debug,packet <magic 0x6d8046e3>
20:14:16 l2tp,ppp,debug,packet
20:14:21 l2tp,ppp,debug <x.x.255.225>: LCP timer
20:14:21 l2tp,ppp,debug,packet <198.19.255.225>: sent LCP ConfReq id=0x6
20:14:21 l2tp,ppp,debug,packet <mru 1450>
20:14:21 l2tp,ppp,debug,packet <magic 0x6d8046e3>
20:14:21 l2tp,ppp,debug,packet
20:14:29 l2tp,ppp,debug <x.x.255.225>: LCP timer
20:14:29 l2tp,ppp,debug,packet <198.19.255.225>: sent LCP ConfReq id=0x7
20:14:29 l2tp,ppp,debug,packet <mru 1450>
20:14:29 l2tp,ppp,debug,packet <magic 0x6d8046e3>
20:14:29 l2tp,ppp,debug,packet
20:14:30 l2tp,ppp,debug <x.x.255.225>: LCP timer
20:14:30 l2tp,ppp,debug,packet <198.19.255.225>: sent LCP ConfReq id=0x9
20:14:30 l2tp,ppp,debug,packet <mru 1450>
20:14:30 l2tp,ppp,debug,packet <magic 0x3aa14387>
20:14:30 l2tp,ppp,debug,packet
20:14:40 l2tp,ppp,debug <x.x.255.225>: LCP timer
20:14:40 l2tp,ppp,debug,packet <198.19.255.225>: sent LCP ConfReq id=0x8
20:14:40 l2tp,ppp,debug,packet <mru 1450>
20:14:40 l2tp,ppp,debug,packet <magic 0x6d8046e3>
20:14:40 l2tp,ppp,debug,packet

I’m pretty much at the point where I’m giving up on MT as a NAS device. Even PPPoE is better handled through something like a cheap 7200 VXR