Hi guys,
I have two l2tp connections at the same time to two different L2tp servers, after about 10 hours both connections are dropping and not connecting till manual reboot,
these errors appears on the log : “initiator can’t find identity for peer” and “duplicate packet, dropping”
Haplite , v6.48.6
have same problem.
RouterBOARD 941-2nD (hAP lite), RouteOS 6.49.6.
sometimes l2tp+ipsec connection are disconnected and reconnect with “ipsec error: initiator can’t find identity for peer: l2tp-out1”
dynamic ipsec peer is present, but dynamic identity is not.
after delete dynamic ipsec peer l2tp reconnect successfully
You can create all the necessary IPsec settings manually (the easiest way is to copy the dynamic ones under different names) and then setting use-ipsec to no in the L2TP client configuration. You also have to set a different address for the manually added peer when copying it because ROS won’t allow you to configure two peers with same local-address and address; once you disable IPsec auto-creation in L2TP configuration, you have to set the peer’s address to the correct one. Something like
/ip ipsec peer add copy-from=[find address=x.x.x.x/32] name=my-static-peer address=tem.po.ra.ry
/ip ipsec identity add copy-from=[find peer=[/ip ipsec peer get [find address=x.x.x.x/32] name]] peer=my-static-peer
/ip ipsec policy add copy-from=[find peer=[/ip ipsec peer get [find address=x.x.x.x/32] name]] peer=my-static-peer
Once you disable IPsec in L2TP, do this:
/ip ipsec peer set [find address=tem.po.ra.ry] address=x.x.x.x