Page 1 of 1

L2TP fails when enabling IPsec

Posted: Tue May 30, 2017 10:47 am
by artka54
Hello everybody!

I have two Mikrotik routers. I created L2TP server on the first router and L2TP client on the second router. I added routes and I can successfully ping all the devices from one router to another.

However when I enable IPsec on both the server and the client the L2TP stops, and I can not ping devices anymore.

I followed guides in Mikrotik wiki with slight variations.

This is my first time using Mikrotik products and the first time creating such a setup in general.

On the L2TP server I added user through /ppp secret add name=...
And enabled L2TP server with /interface l2tp-server server set enabled=yes
I also added filters for the firewall and routes.

On the L2TP client I added a user
/interface l2tp-client add user=...

L2TP connection is successful as I can see in the logs and also I am able to ping everything.

Then to enable IPsec I set
/interface l2tp-server set use-ipsec=yes ipsec-secret=thesecret

and afterwards the same thing on the client

/interface l2tp-client set use-ipsec=yes ipsec-secret=thesecret

This is what I see in the logs on the server side when I enable set use-ipsec=yes on the client router

10:38:55 l2tp,ppp,info <l2tp-RouterAsClient>: terminating...
10:38:55 l2tp,ppp,info,account RouterAsClient logged out, 424 1122 58 15 7
10:38:55 l2tp,ppp,info <l2tp-RouterAsClient>: disconnected
10:38:55 ipsec,info respond new phase 1 (Identity Protection): 1.1.1.1[500]<=>2.2.2.2[500]
10:38:56 ipsec,info ISAKMP-SA established 1.1.1.1[500]-2.2.2.2[500] spi:8d04c53fc25d46d8:f79f26d925c91be5


Thank you!

Re: L2TP fails when enabling IPsec

Posted: Tue May 30, 2017 3:44 pm
by artka54
I found out that I was missing a firewall filter.
So for future reference, I fixed my problem with this line of code:
/ip firewall filter add chain=input protocol=ipsec-esp

Re: L2TP fails when enabling IPsec

Posted: Wed May 31, 2017 8:23 pm
by mukeshchaubey
Hi
I am facing similar problem . I have configured l2tp client .it get connected and able to ping all private ip of remote .but i get disconnected after every 1:14 sec. i try to set keepalive time and session time .but still issue is same . on every 1.14 sec it get disconnected and reconnected .it take 4 to 5 sec to get connected . during this link break ..plz help me to get out this issue .

Re: L2TP fails when enabling IPsec

Posted: Thu Jun 01, 2017 4:23 pm
by artka54
Hi
I am facing similar problem . I have configured l2tp client .it get connected and able to ping all private ip of remote .but i get disconnected after every 1:14 sec. i try to set keepalive time and session time .but still issue is same . on every 1.14 sec it get disconnected and reconnected .it take 4 to 5 sec to get connected . during this link break ..plz help me to get out this issue .
Are you using L2TP over IPsec? If so, then check if you have the same NTP servers as the documentation for IPsec in Mikrotik wiki warns:

Ipsec is very sensitive to time changes. If both ends of the IpSec tunnel are not synchronizing time equally(for example, different NTP servers not updating time with the same timestamp), tunnels will break and will have to be established again.