We have an old computer that I’d like to connect to our modern (latest 6.47 OS) router. I found things about the exchange needing to be set to main-l2tp, which doesn’t seem to be an option in the later versions of RouterOS. Is there any hope or do I have to upgrade this beast to a newer version of windows?
I’ve done everything I can find, and I get error 792 when I try to connect.
The exchange-mode value main-l2tp has been removed because it wasn’t actually necessary, plain main is sufficient. The Win XP embedded VPN client is likely to use older=weaker ciphers so they may not be permitted in the /ip ipsec profile and /ip ipsec proposal items you use. Mikrotik log will show you what ciphers the XP is offering:
/system logging add topics=ipsec,!packet
/system logging add topics=l2tp
/log print follow-only file=l2tp-ipsec-start where topics~“ipsec|l2tp”
Now press Connect at the Win XP; once it gives you the error, break the /log print …, download the file l2tp-ipsec-start.txt and start reading it.
Not easy since the XP machine is on the same remote network as working machines, and I can’t connect two machines simultaneously to watch the log.
I’m upgrading it to Win10.
Hi, has anyone configured this? I need to connect an older Windows XP machine to a Mikrotik hAP lite.
I’ve captured the logs recommended by Sindy, and I see mainly this error:
ipsec Expecting IP address type in main mode when using preshared key for authorization (see RFC 2409 section 5.4),but FQDN.
ipsec 80.214.39.44 invalid ID payload.
I’ve also seen this documentation:
https://wiki.mikrotik.com/wiki/MikroTik_RouterOS_and_Windows_XP_IPSec/L2TP
Which says:
Note: Windows XP does not work according to RFC. You need to set main-l2tp exchange mode, otherwise Win XP client will not be able to establish Phase 1.
Does this mean that I have to downgrade the firmware in the Mikrotik? What was the last version supporting main-l2tp mode??