/ ppp secret
add name = simone_vpn password = "****" profile = L2TP_IPsec_simone service = l2tp
add name = simone_hp850 password = "****" profile = L2TP_IPsec_simone service = l2tp
By configuring the Windows 10 VPN client on my notebooks it connects immediately and surfs without problems, when I access the VPN from the second account the first stops receiving packets, the navigation stops and even Winbox disconnects, while the second PC just connected navigates correctly . The VPN stays Up.
If I disconnect the VPN from the first PC and reconnect it, the PC resumes surfing, but consequently the second PC stops surfing and Winbox also disconnects, the VPN also in this case remains UP.
I honestly don’t understand where the problem could be.
I ask for help from you.
Thanks a lot in advance everyone
You can only have 1 VPN client per source IP. So if your PC and Laptop are both on the same LAN behind the same public IP, then you can’t have both connected at the same time.This is because IPSec doesn’t use ports, so the VPN server can’t differentiate between the laptop and PC. You can try the SSTP VPN if you only use Windows clients. However the SSTP encryption/decryption is done in the CPU and not offloaded to hardware acceleration. If your CPU maxes out, you’ll have packet loss.
Hi!
Thank you very much, I did not know this limitation of the l2tp architecture, I thought it was my mistake in the configuration. At the moment I can continue like this. Multiple clients with the same source IP was just a test. In case I encounter this problem in the future I will use SSTP. I currently have a Routerboard 3011, roughly how many SSTP connections could it handle?
Thank you so much for your help
Are you bombenfest that those multiple users can be connected to the Mikrotik L2TP/IPsec server from behind the same public IP? Because that’s the actual issue here, and the resource you’ve linked doesn’t address it in any way.
My suggestion would be to use another VPN type if you want multiple Road warriors behind the same Public IP to connect to a specific VPN server…
That could be wireguard ( ROS v7 ) OVPN ( TCP on ROS v6 or TCP and UDP on ROS v7 ), IKEv2 etc. …
The CPU will max out because of the encryption/decryption, so your limit will be throughput rather than the number of connections.
I used a HEX at a client with 5 SSTP users. The users mainly use Word and Excel, so load was always light. It worked fine for them and they still use it.
At another site I tried to do a site-to-site VPN with SSTP, it would max out at 8 mbps.
And a side note, when the CPU maxes out, everything grinds to a halt. I couldn’t even log into my HEX when the CPU was maxed out.