Community discussions

MikroTik App
 
User avatar
lopar
just joined
Topic Author
Posts: 23
Joined: Mon Jan 30, 2017 5:47 pm

[l2tp ipsec] ipsec issue

Tue Nov 13, 2018 2:15 pm

hi @all,
I'm making basic roadwarrior vpn setup, as written on wiki:
 /interface l2tp-server server> print 
               enabled: yes
               max-mtu: 1450
               max-mru: 1450
                  mrru: disabled
        authentication: mschap2
     keepalive-timeout: 30
          max-sessions: unlimited
       default-profile: L2TP
             use-ipsec: required
          ipsec-secret: **********
        caller-id-type: ip-address
  one-session-per-host: no
       allow-fast-path: no
 > /ppp profile print where name="L2TP" 
   Flags: * - default 
   0   name="L2TP" local-address=192.168.10.3 remote-address=vpn10 idle-timeout=30m use-mpls=default use-compression=default use-encryption=default 
     only-one=default change-tcp-mss=default use-upnp=default address-list="" dns-server=192.168.10.3 wins-server=192.168.10.4 on-up="" on-down=""
For a couple times/day the whole setup goes wrong, writing errors:
Image

The only one solution for this is turning L2TP server off and on again. After such "reboot" system starts working without any problems and work till something strange happens and all stuck again with same error.

Is there any way to fix this? Thanx in advance.
 
User avatar
emils
Forum Veteran
Forum Veteran
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: [l2tp ipsec] ipsec issue

Tue Nov 13, 2018 2:50 pm

Which version are you using? Can you check '/ip ipsec peer print' when the issue is present? Can you send supout.rif file from your router to support@mikrotik.com?
 
User avatar
lopar
just joined
Topic Author
Posts: 23
Joined: Mon Jan 30, 2017 5:47 pm

Re: [l2tp ipsec] ipsec issue

Tue Nov 13, 2018 2:54 pm

6.43.4. Okay, I'll wait till issue start and post peer print here and send email.
 
User avatar
lopar
just joined
Topic Author
Posts: 23
Joined: Mon Jan 30, 2017 5:47 pm

Re: [l2tp ipsec] ipsec issue

Tue Nov 13, 2018 5:36 pm

Can you check '/ip ipsec peer print' when the issue is present?
Gotcha! Default dynamic peer rule completely dissapear from time to time. And appers when l2tp restarts.
I think, it is a bug.
Making static peer rule solved the problem for now.
 
User avatar
emils
Forum Veteran
Forum Veteran
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: [l2tp ipsec] ipsec issue

Wed Nov 14, 2018 8:04 am

That is very nice, but you could have generate a supout.rif file so we can take a look and find out how and why that happens.

Who is online

Users browsing this forum: GoogleOther [Bot], infabo and 43 guests