I have added dst-nat for UDP 500 and UDP 4500 from the Public IP 70.x.x.x to my server 192.168.3.252.
Internally I can connect to the L2TP VPN from Mac and Windows clients.
However, externally (from home), I can not connect to the L2TP VPN.
I see some traffic hit port 500 but that is it.
What am I missing?
CCR1009-8G-1S-1S+
L2TP runs on 500, 4500,1701 UDP and IP-ESP protocol 50( protocol 50 not port 50)
Sent from my SM-N910C using Tapatalk
1701 didn’t make a difference. protocol 50 isn’t needed from what I have read.
I have also tried setting up the Mikrotik VPN - and sometimes it works, sometimes it doesn’t.
I had it working. Then it stopped. I reloaded old config. Reset from scratch. It worked. Then it stopped.
I am not sure if this is an issue with my ISP blocking L2TP connections on my business Fiber Line - or something else.
it seems to me you have packet size problem try to to go the ppp profile and go to the appropriate profile and in general tab change TCP MSS to yes.
otherwise send your export here for further inspection
Sent from my SM-N910C using Tapatalk
yes it is very needed if you dont use NAT for your ipsec
Sent from my SM-N910C using Tapatalk
So - I’d be happy to get the Mikrotik VPN going. It fulfills our need and the Radius Auth was working fine.
TCP MSS is on.
https://www.dropbox.com/s/cop548c7uxiurha/supout.rif?dl=0
Thanks for your guidance.
the file you have shared it is not readable by other 3rd parties.
you have to send this file to mikrotik and mikrotik it self is able to open that. otherwise as i have mentioned earlier send your ipsec config through typing this command in CLI
/ip ipsec export file=“give it a name” and find it in Files section in RouterOS then you are able to send it here
Sent from my SM-N910C using Tapatalk
EDIT → I finally got connections going - set the IPsec peer Generate Policy to “port override”.
One guy has been on for 3 hours from his home.
Another 2 guys on and off from the same remote office.
Me and someone else tried using a shared Verizon hotspot - and it was hit or miss. I would get kicked off about every 2 minutes.