Community discussions

MikroTik App
 
rasimoes
just joined
Topic Author
Posts: 11
Joined: Wed Nov 14, 2012 10:06 pm

L2TP + IPsec crashes on 4011

Fri Sep 10, 2021 11:17 pm

Hello,

Anyone experiencing L2TP over IPsec crashes on 7.1? Tested on 7.1rc3 and 7.1rc2... A brief about the issue:

On my setup, I’ve a couple of L2TP + IPsec clients; For each tunnel, a NAT masquerade rule for output.

Then I start to transfer data thought the VPNs (SSH, Winbox, etc.), the tunnel hangs, *ALL* my L2TP + IPsec tunnels drops and can't reconnect anymore…just after rebooting the system.

Important/relevant points:
This issue doesn't affect L2TP without IPsec (MPPE128) tunnels
This issue doesn't affect PPTP tunnels

I’ve tried this same setup/steps on hAP ac2 (7.1rc3 with exported config.) and the issue doesn't occur
 
oreggin
Member Candidate
Member Candidate
Posts: 172
Joined: Fri Oct 16, 2009 9:21 pm

Re: L2TP + IPsec crashes on 4011

Sat Sep 11, 2021 8:28 pm

Hi! I have a 4011 and it terminates three L2TPoIPSec. Not with the embedded PSK option but with separate IPSec config (IKEv2 with certificate). I can use it without any problem with RC2 and RC3. The difference is I don't use NAT on it.
 
User avatar
pthunya
Trainer
Trainer
Posts: 35
Joined: Mon Jun 24, 2013 9:54 pm

Re: L2TP + IPsec crashes on 4011

Fri Sep 24, 2021 6:18 pm

I've found the same problem on RouterOS7rc4 and CCR1009-7G, all l2tp connection both with and without ipsec can't connect after running just fine for few days. After reboot all L2TP connections now working just fine.
 
oreggin
Member Candidate
Member Candidate
Posts: 172
Joined: Fri Oct 16, 2009 9:21 pm

Re: L2TP + IPsec crashes on 4011

Sat Oct 02, 2021 11:43 am

Do you using any special in the config? I using L2TP over native ethernet IF and Vlan IF also and I have stable L2TP connections on my RB4011 (ARM) and RB1100AHx2 (PPC) with 7.1RC4.
Here is my config about the L2TP client side:
ppp/profile/print where name="default-encryption"
Flags: * - default 
 2 * name="default-encryption" bridge-learning=default use-ipv6=yes use-mpls=yes use-compression=no use-encryption=required only-one=default 
     change-tcp-mss=no use-upnp=no address-list="" on-up="" on-down=""

interface/l2tp-client/print where name="L2TP"
Flags: X - disabled; R - running 
 0  R name="L2TP" max-mtu=1376 max-mru=1376 mrru=2564 connect-to=a.b.c.d user="pppuser" password="ppppass" profile=default-encryption 
      keepalive-timeout=10 use-peer-dns=no use-ipsec=no ipsec-secret="" allow-fast-path=yes add-default-route=no dial-on-demand=no allow=mschap2 
      l2tp-proto-version=l2tpv2 l2tpv3-digest-hash=md5
L2TP server side:
ppp/profile/print where name="default-encryption"
Flags: * - default 
 4 * name="default-encryption" local-address=10.1.1.1 bridge-learning=default use-ipv6=yes use-mpls=yes use-compression=no use-encryption=required 
     only-one=default change-tcp-mss=no use-upnp=no address-list="" on-up="" on-down=""

interface/l2tp-server/server/print 
                 enabled: yes
                 max-mtu: 1384
                 max-mru: 1384
                    mrru: 2564
          authentication: mschap2
       keepalive-timeout: 10
            max-sessions: 16
         default-profile: default-encryption
               use-ipsec: no
            ipsec-secret: 
          caller-id-type: ip-address
    one-session-per-host: yes
         allow-fast-path: yes
       l2tpv3-circuit-id: 
    l2tpv3-cookie-length: 0
      l2tpv3-digest-hash: md5
  accept-pseudowire-type: all
    accept-proto-version: all
The 1376byte MTU is calculated to L2TP over IPSec tunnel on ISP's PPPoE.
 
negge
newbie
Posts: 43
Joined: Fri Jul 10, 2009 11:05 am

Re: L2TP + IPsec crashes on 4011

Sun Oct 10, 2021 7:39 pm

I've found the same problem on RouterOS7rc4 and CCR1009-7G, all l2tp connection both with and without ipsec can't connect after running just fine for few days. After reboot all L2TP connections now working just fine.
I have a similar problem when using L2TP/IPsec to connect from a device running 7.1rc3 to a device running 6.48.3. Everything works just fine for a couple of days, then suddenly the L2TP part stop working completely (IPsec part seems to work, SAs are being created and there are no errors in any logs).
 
rasimoes
just joined
Topic Author
Posts: 11
Joined: Wed Nov 14, 2012 10:06 pm

Re: L2TP + IPsec crashes on 4011

Sun Oct 10, 2021 10:57 pm

I've found the same problem on RouterOS7rc4 and CCR1009-7G, all l2tp connection both with and without ipsec can't connect after running just fine for few days. After reboot all L2TP connections now working just fine.
I have a similar problem when using L2TP/IPsec to connect from a device running 7.1rc3 to a device running 6.48.3. Everything works just fine for a couple of days, then suddenly the L2TP part stop working completely (IPsec part seems to work, SAs are being created and there are no errors in any logs).
If you're using an 4011, try to lower down MTU/MRU to 1400 on each tunnel. This will solve this issue for now...
 
oreggin
Member Candidate
Member Candidate
Posts: 172
Joined: Fri Oct 16, 2009 9:21 pm

Re: L2TP + IPsec crashes on 4011

Wed Nov 03, 2021 7:12 am



I have a similar problem when using L2TP/IPsec to connect from a device running 7.1rc3 to a device running 6.48.3. Everything works just fine for a couple of days, then suddenly the L2TP part stop working completely (IPsec part seems to work, SAs are being created and there are no errors in any logs).
If you're using an 4011, try to lower down MTU/MRU to 1400 on each tunnel. This will solve this issue for now...
If MTU causing this issue then you need to start with 1280 and if it is stable you need to calculate the proper MTU and set it. The latter is strongly recommended.

Who is online

Users browsing this forum: No registered users and 20 guests