Community discussions

MikroTik App
 
dg3feh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Mon Jan 30, 2017 10:52 am

IPsec over L2TP with client-side behind a natted-router

Wed Sep 19, 2018 4:06 pm

Hello!

I run a L2TP Server on my Mikrotik at home (VDSL connection). The Client side is a Mikrotik connected to some kind of WLAN router running NAT. The configuration export without secrets u find here:

Server:
server.txt.rsc
Client:
client.txt.rsc
The L2TP connection seems to work (R for running, uptime is counting). I can ping from one MT the otherone and vice versa by the defined addresses.

Based on that I setup the peers for the IPsec.In the "remote peer" section are two connection which are indicated as established and the uptime is counting. After that I defined a policy to connect both local networks through a tunnel. PH2 state is established and the installed SAs show connections between the peer IPs. So far, so good

BUT, I can't ping the router or a client from one subnet to other. Even if I switch of the final drop rules in both firewalls, no ping goes through the tunnel. Any idea what is wrong? Must be a general problem in the config....

Thx, Holger
You do not have the required permissions to view the files attached to this post.
 
dg3feh
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Mon Jan 30, 2017 10:52 am

Re: IPsec over L2TP with client-side behind a natted-router

Fri Sep 21, 2018 12:15 am

No ideas?
 
User avatar
archerious
Member Candidate
Member Candidate
Posts: 115
Joined: Sun Aug 26, 2018 7:50 am
Location: USA
Contact:

Re: IPsec over L2TP with client-side behind a natted-router

Fri Sep 21, 2018 10:14 am

I have the same question except in my case the IPSec L2TP server is a dedi/VPS with a public IPv4/IPv6, while my client side (home office) is a CG-NAT router.

Like you, I have difficulties.

Output/outgoing works, I can assign the IPSec output to any IP and it's traffic goes through the VPN, but I cannot get anything inbound to my PCs with my Mikrotik router acting as the client.

My VPS can SSH the Mikrotik router, but that's useless to me.

Have you tried running your IPSec client software on your laptop/PCs on different WANs? If I do that I can RDP/SSH the other devices as intranet works.

OpenVPN client-to-client mode also works despite the carrier-NAT, but only if I use my PCs as clients, which isn't ideal (many of my PCs/laptops are lower power).

If I find out anything more I'll share, but hopefully some of my rambling helps.
RB4011 Former: CCR2004, hEX (RB750Gr3), ER4
Aruba 2930F, CSS326, CRS309, CRS112-PoE Former: Ubiquiti XG-16 & ES-10X
Wireless Wire
AT&T Fiber 1000/1000
http://tlopez.cc/images/hex_is_a_beast.PNG
http://tlopez.cc/images/ccr2004_speedtest.png

Who is online

Users browsing this forum: RobSav and 50 guests