VPN L2tp connection problem

maxxiuu · September 29, 2023, 5:22am

Hey,
So i start new work in company where is mikrotik installed with VPN connection.
I know nothing about mikrotik so here is my problem
Some ppl from company cant connect throught VPN and some ppl can.
I find explanation for that coz ppl who cant connect got same Net Provider as Company has
And ppl who can connect got diffrence.

Guy from company try to connect for test and send me this photo :

Can someone help me ?

Makololom · September 29, 2023, 6:22am

Good day

I am also experiencing the same issue, hoping to get assistance.

maxxiuu · October 2, 2023, 11:23am

any help ?

maxxiuu · October 11, 2023, 12:50pm

Any suggestions ?

leoquadrado · October 11, 2023, 2:54pm

Hey guys
My English is not very good, I need to use a translator.
Windows generally has problems resolving this type of connection through the native Windows feature.
I suggest you do the configuration via OpenVPN, this way your VPN client will use the OpenVPN disk and no longer need to use the Windows one.
It works correctly on several of my clients.

Below are the settings I have here.

The first step is to update the RB to version 7.10 or higher, with this we will be able to generate the Certificate that we will place on the client's computer through the interface itself.

1
#-- Set a DHCP for a VPN
#-- For the VPN to resolve names within the network, the DNS server for AD must be specified
#-- If you don't have AD, you need to point out the DNS of the router or template

/ip pool add name=ovpn ranges=172.10.25.100-172.10.25.199

/ip dhcp-server network add address=172.10.25.0/24 comment=vpn dns-server=192.168.15.1 gateway=\ 0.0.0.0 netmask=24

\

2
#-- Create authentication certificates
#-- After executing the commands, go to Files> and download the last 3 files
#-- Before executing it is necessary to replace the name of the current company (YourEntrerprise for the name of the company that will be configured)

/certificate add name=CA country="BR" state="SP" locality="YourCity" organization="YourEntrerprise" unit="dz" common-name="CA" key-size=4096 days-valid=3650 key-usage=crl-sign,key-cert-sign

/certificate sign CA ca-crl-host=127.0.0.1 name="CA"

/certificate add name=server country="BR" state="SP" locality="YourCity" organization="YourEntrerprise" unit="dz" common-name="Server" key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server

/certificate sign server ca="CA" name="server"

/certificate add name=client country="BR" state="BR" locality="YourCity" organization="YourEntrerprise" unit="dz" common-name="client" key-size=4096 days-valid=3650 key-usage=tls-client

/certificate sign client ca="CA" name="client"

/certificate add name=client1 copy-from="client" common-name="client1"

/certificate sign client1 ca="CA" name="client1"

/certificate export-certificate CA export-passphrase=""

/certificate export-certificate client1 export-passphrase=12345678

\

3
#-- Configuring OVPN
#-- In Bridge it is necessary to put the same name as the bridge created for lan, if it is not a bridge it is necessary to put the lan Interface.
#-- Also put the DNS server in the command server=10.0.10.200 This is usually the client's AD

/ppp profile add bridge=bridge dns-server=10.0.10.200 local-address=ovpn name=open_vpn \ remote-address=ovpn use-compression=no use-encryption=required

/interface ovpn-server server set enabled=yes
/interface ovpn-server server set default-profile=open_vpn
/interface ovpn-server server set certificate=server
/interface ovpn-server server set require-client-certificate=yes

PPP> INTERFACE> OVPN Server, put this form

enabled: yes
port: 1194
mode: ip
protocol: tcp
netmask: 24
mac-address: Put your mac (automaticaly)
max-mtu: 1500
keepalive-timeout: 60
default-profile: open_vpn
certificate: server
require-client-certificate: yes
tls-version: any
auth: sha1
cipher: aes256-cbc
reneg-sec: 3600
redirect-gateway: disabled
enable-tun-ipv6: no
tun-server-ipv6: ::
ipv6-prefix-len: 64

\

4
#-- In this command we are releasing the communication port for the VPN within Mikrotik's internal routes

/ip firewall filter add action=accept chain=input comment=VPN dst-port=1194 protocol=tcp

5
#-- In this command we are creating users to access a VPN
#-- A line must be created for each user.

/ppp secret add name=risit_ovpn password=123456 profile=open_vpn service=ovpn

6
#--Go to PPP>INTERFACES>OPENVPN
#--Below Apply there is a button to download the certificate that will be placed within the OpenVPN client on your VPN client's certified computer, this must be placed within the 'CONFIG' folder on the opem VPN client.
#--Suggested for version 2.5.8

I suggest that you do this configuration on a Microtik that you are not using in production, after getting it to work, you apply it to one that is in production.

Remember to backup your current mikrotik
Go to Terminal, run the 'export' command and save all the lines, in case of problem you have a backup

maxxiuu · October 16, 2023, 8:46am

Great Advice.
I will try it asap.
But The biggest problem is They only bought 1 Mikrotik

erlinden · October 16, 2023, 9:00am

Would be usefull to have some information:

current config: /export file=anynameyoulike → Make sure to remove serial and any other private information
Client OS
Client configuration

In addition you might want to test a non-functioning client on a functioning site.

maxxiuu · October 24, 2023, 8:52am

all works thanks guys

karlisi · October 24, 2023, 1:19pm

The most hated reply in all technical forums

leoquadrado · October 25, 2023, 7:53pm

Yess!!!
It would be nice to know what was applied!

leoquadrado · October 25, 2023, 7:54pm

Maxxiuu
What action was taken to resolve it?
Share to us