Community discussions

 
artka54
just joined
Topic Author
Posts: 5
Joined: Mon May 29, 2017 12:53 pm
Location: Latvia

L2TP fails when enabling IPsec

Tue May 30, 2017 10:47 am

Hello everybody!

I have two Mikrotik routers. I created L2TP server on the first router and L2TP client on the second router. I added routes and I can successfully ping all the devices from one router to another.

However when I enable IPsec on both the server and the client the L2TP stops, and I can not ping devices anymore.

I followed guides in Mikrotik wiki with slight variations.

This is my first time using Mikrotik products and the first time creating such a setup in general.

On the L2TP server I added user through /ppp secret add name=...
And enabled L2TP server with /interface l2tp-server server set enabled=yes
I also added filters for the firewall and routes.

On the L2TP client I added a user
/interface l2tp-client add user=...

L2TP connection is successful as I can see in the logs and also I am able to ping everything.

Then to enable IPsec I set
/interface l2tp-server set use-ipsec=yes ipsec-secret=thesecret

and afterwards the same thing on the client

/interface l2tp-client set use-ipsec=yes ipsec-secret=thesecret

This is what I see in the logs on the server side when I enable set use-ipsec=yes on the client router

10:38:55 l2tp,ppp,info <l2tp-RouterAsClient>: terminating...
10:38:55 l2tp,ppp,info,account RouterAsClient logged out, 424 1122 58 15 7
10:38:55 l2tp,ppp,info <l2tp-RouterAsClient>: disconnected
10:38:55 ipsec,info respond new phase 1 (Identity Protection): 1.1.1.1[500]<=>2.2.2.2[500]
10:38:56 ipsec,info ISAKMP-SA established 1.1.1.1[500]-2.2.2.2[500] spi:8d04c53fc25d46d8:f79f26d925c91be5


Thank you!
 
artka54
just joined
Topic Author
Posts: 5
Joined: Mon May 29, 2017 12:53 pm
Location: Latvia

Re: L2TP fails when enabling IPsec

Tue May 30, 2017 3:44 pm

I found out that I was missing a firewall filter.
So for future reference, I fixed my problem with this line of code:
/ip firewall filter add chain=input protocol=ipsec-esp
 
mukeshchaubey
newbie
Posts: 30
Joined: Wed May 31, 2017 8:13 pm

Re: L2TP fails when enabling IPsec

Wed May 31, 2017 8:23 pm

Hi
I am facing similar problem . I have configured l2tp client .it get connected and able to ping all private ip of remote .but i get disconnected after every 1:14 sec. i try to set keepalive time and session time .but still issue is same . on every 1.14 sec it get disconnected and reconnected .it take 4 to 5 sec to get connected . during this link break ..plz help me to get out this issue .
 
artka54
just joined
Topic Author
Posts: 5
Joined: Mon May 29, 2017 12:53 pm
Location: Latvia

Re: L2TP fails when enabling IPsec

Thu Jun 01, 2017 4:23 pm

Hi
I am facing similar problem . I have configured l2tp client .it get connected and able to ping all private ip of remote .but i get disconnected after every 1:14 sec. i try to set keepalive time and session time .but still issue is same . on every 1.14 sec it get disconnected and reconnected .it take 4 to 5 sec to get connected . during this link break ..plz help me to get out this issue .
Are you using L2TP over IPsec? If so, then check if you have the same NTP servers as the documentation for IPsec in Mikrotik wiki warns:

Ipsec is very sensitive to time changes. If both ends of the IpSec tunnel are not synchronizing time equally(for example, different NTP servers not updating time with the same timestamp), tunnels will break and will have to be established again.

Who is online

Users browsing this forum: No registered users and 14 guests