I’m not a Mikrotik expert, but I know some basics. Yesterday, my sysadmin friend came over, who taught me how to use a Mikrotik, to set up a VPN server. We started with PPTP, but in iOS 10 (and macOS Sierra), Apple will remove it. So we moved onto L2TP/IPSec. We spent an hour trying to set it up, but it wasn’t working on iOS 10. Then we tried it on iOS 9.3.5 and it was working perfectly. iOS 10 still returned an error that “The L2TP-VPN server did not respond.”. The log had the error “phase1 negotiation failed due to time up”
The latest OS X and iOS betas work fine with L2TP/IPSec VPN. If configured properly what works in iOS 9 should work fine in iOS 10. On iOS you sometimes need to delete and re-add the profile even if you have all setting entered correctly.
I’ve managed to set it up again, so I can connect to it with iOS 10 too. I thibk the problem was with one of the encryption setting. However, I still have problems with the connection. I can send data (I can see that the router receives the packages), but I don’t get anything back, unless I want to reach a local address. (I can connect to the NAS on the network, but can’t use Google.)
I’m going to experiment with it on Monday, the problem must be one of the settings.
I’ve changed my settings to @WillMoore’s but it’s still not working properly. I can connect to it now, but I can’t access the devices on the network. I have two Synology NASs and I can only open one of them even though they’re on separate IP. I can’t connect to the router either with VPN. I tried to open some websites too but none of them worked.
I am running iOS10, I can connect via L2TP/IPSEC to my Mikrotik - further I can access any device within my network as well as being allowed to access the internet through my Mikrotik.
I was able to set mine up, settings the same as above going by memory, and it works fine from my phone over wi-fi, but not over cellular. I think there may be an issue with the cell provider that fouls up the connection. I’m not sure exactly what it is, but in the router I can see the SAs. One direction has an incrementing byte counter and the other stays at zero. I think without TCP it’s not going to work. My guess is the phones port isn’t stable with the cell connection and the router doesn’t have a path back to the phone. Just guessing, but I think OpenVPN may be the only viable option for me when all I have is a cell connection. I rarely need it over a cell connection, but it would be nice to have it as a backup.
You do need to open ports on the input chain as described in the wiki.
For those of you having issues connecting to local network - The interfaces must be set to Proxy-ARP on the LAN Side.
Also - there does seem to be an issue with PPTP and L2TP/ipSEC when using the iPhone to tether.
Yes - Apple pulled PPTP from supported VPN’s - but that does not mean you should not be able to use PPTP on your PC laptop while tethering.
Apple is aware of the issue an currently evaluating it.
I was able to set my Mac to do L2TP without ipSEC and can use my iPhone to tether fine. Of course, since the Mikrotik doesn’t support multiple users on same remote network with L2TP with ipSEC - without ipSEC is about the only option I have right now - until ROS is updated.
Hopefully Apple gets the Tethering option fixed - and Mikrotik gets ROS update going with L2TP with ipSEC fixed.
So I see in 6.38 rc29 that “ipsec - added support unique policy generation which will allow multiple peers behind same NAT (cli only)”
So it seems ipSEC will not work properly - but must be configured from CLI?
i have still the problem that my L2TP/IPsec VPN runs on 2 iPhones without any problem but my Windows 8.1 PC can not connect… I need an idea how to go on… is there a instruction how i can create a IPSec VPN without L2TP only für die PC? I want to use Shrewsoft or another VPN client… it seems that Windows hat a problem… however?
I already tried the fix but without success. I am still getting 789 error. I allowed Firewall and i have no idea. I tried on one Win7 and one Win 8.1 and both had the same problem. They are waiting at “Connecting to xxxxxx”… takes a very long time and after that system told me there where problems by authenticating. But it works on the iphones perfectly. Maybe i forgot something on the config or i had to change something on the RB3011? Any idea ?
