Hi
I try to set up a RB450G as a VPN L2TP Client, The problem is my i need setup a L2TP key (shared secret) plus Username and password.
how i do that? I cant find how i set up L2TP key (shared secret) in L2TP Client Interface.
I test it on a Windows box and the account have no problem.
Please Help.
hi
if your request is user name and password for L2TP Client,you can do this in L2TP Client configuration.
example of this config is :
name=user name of your account
password=password of your account
[admin] /interface l2tp-client>add name=l2tp-hm user=l2tp-hm password=123
... connect-to=10.1.101.100 disabled=no
[admin] /interface l2tp-client> print detail
Flags: X - disabled, R - running
0 name=“l2tp-hm” max-mtu=1460 max-mru=1460 mrru=disabled
connect-to=10.1.101.100 user=“l2tp-hm” password=“123”
profile=default-encryption add-default-route=no dial-on-demand=no
allow=pap,chap,mschap1,mschap2
for more learn about l2tp configuration,go to this address : http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP
also, for learn about ppp profile you can go to this address : http://wiki.mikrotik.com/wiki/Manual:PPP_AAA#User_Profiles
PPP profiles are used to define default values for user access records stored under /ppp secret submenu. Settings in /ppp secret User Database override corresponding /ppp profile settings except that single IP addresses always take precedence over IP pools when specified as local-address or remote-address parameters
hi perspetolis
tanx for your reply.
but my problem actually is i cant find where i set L2TP key (shared secret) that i need it to set in connection.
in windows we can set it in L2TP Connection Properties/Security/Advanced Settings/ “Use preshared key for authentication”
I assume that you want to make L2TP/IPsec connection.
Shared secret is in ipsec configuration,
http://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP
Hi mrz,
Yes. i want make a L2TP/IPsec connection.
but in my network RB450G is the L2TP client not the server. is this supported?
can i set secret ket with ip ipsec peer when the RB450G is client that make connection?
Yes It is possible. Proper ipsec peer and policy configuration is required.
well, my connection work on windows. base on that what is proper setup.
excuse me i,m not a mikrotik pro.
here is my config so far:
/interface l2tp-client
add add-default-route=yes allow=mschap1,mschap2 connect-to=...
dial-on-demand=no disabled=no max-mru=1460 max-mtu=1460 mrru=disabled
name=l2tp-out1 password=****** profile=default-encryption user=****
/ip ipsec peer
add address=.../32 auth-method=pre-shared-key dh-group=modp1024
disabled=no dpd-interval=disable-dpd dpd-maximum-failures=1
enc-algorithm=3des exchange-mode=main generate-policy=yes hash-algorithm=
sha1 lifebytes=0 lifetime=1d my-id-user-fqdn=“” nat-traversal=no port=500
proposal-check=obey secret=******* send-initial-contact=yes
i have no ipsec policy what should be policy setting?
tanx a lot for your help
in peer configuration set generate-policy=no
and add policy manually
src and dst addresses should be public l2tp client address(src) and server address (dst)
hi again
Transport Filter
Source Address : 192.168.0.22
Destination Address : SERVER_IP_ADDRESS
Protocol : UDP
Source Port : 1701
Destination Port : 1701
Direction : Outbound
Encapsulation Type : Other
Source UDP Encap port : 4500
Dest UDP Encap port : 4500
Peer Private Addr : 0.0.0.0
Offer Used
Offer Used
AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
None None SHA1
StrongCRLCheck : 1
IPsecexempt : 3
and here is what Connection detail say:
Hi, I’m still looking for help.
You can make new Peers and Proposal in IPsec menu at Mikrotik, same as like you made on L2TP server side..
The secret key can you enter on “secret” line..
In “IPsec” menu, you can add new “Peers” and “Proposal” on Mikrotik L2TP client same as like you made on L2TP server side..
The secret key can enter on “Secret” line on “Peers” tab.. Remember to change “Excahange Mode” to “Main l2tp” when you make new “Peers”
See this video, but on client you implement on Mikrotik with the same as “Peers” and “Proposal” like on server side..
http://www.youtube.com/watch?v=OBlUaZw9uNU
Hello,
I have some peoblem. "How to setting L2TP/ IPSec Client on Mikrotik with Pre Shared key ? "
Anyone have solution ?
Thats the same issue i have in here.
I need to know how i set the shared secret, where i can paste it?
Also, the VPN interface keeps asking for a username, wich i dont have cause my vpn uses a shared secret.
Any idea?
In ros v6 it is very easy. Enable checkbox “use-ipsec” and specify ipsec secret.
Ipsec peer and policy will be automatically generated that works with most of devices, tested iphones, macos, windows xp-10 and androids.
(at least) On 6.36.3 we can defer the creation of the IPSec peer and policy to ROS, for setting up either a L2TP/IPSec server or client.
I need to set up both. Setting up the server works fine and I can connect from our target road warrior devices, iOS and Mac OS X.
But I also need to make our Mikrotik routers to connect to a L2TP/IPSec server running Ubuntu (do not ask me why, no my choice here). I can connect to that server from iOS, MacOS and Windows.
From the Mikrotik router it simply stays “connecting” forever and I see no clues with the router.
Any ideas?
Thanks in advance!
I exactly have the same problem.
I try to connect with mikrotik l2tp client and ipsec secret to our cisco vpn server.
Connecting with Android, Windowa whatsoever is no problem.
Tried everything on the mikrotik…
When it does not connect, it usually means there are no common authentication and encryption methods
that both sides accept. When both sides accept sha1 and aes-128-cbc there is no problem, but these days
you have those security fanatics that say those codes are broken and need to be replaced by something
better, and then you are at the mercy of the guys that setup the configuration for your OS.
Ok my l2tp ipsec client connection to the cisco vpn server is working now.
I had a phase 2 qm fsm error on the logs from the cisco server.
You were right about the encryption methods pe1chl.
I had to change some ispec proposal encryption things.
I attach a picture if someone is interested.
Now I have internet access (ping) from the l2tp-out1 interface to the internet.
But I don’t have access to the internet from wlan1 and eth1 interface.
How can I forward the traffic from the l2tp-out1 interface to the wlan1 interface?
I already checked the NAT box on the quick set page.
I don’t have any firewall rules enabled.
Thanks in advance!