Community discussions

MikroTik App
 
petrik1
just joined
Topic Author
Posts: 18
Joined: Sat Jul 29, 2017 12:18 pm

a problem with VPN

Sat Jul 18, 2020 12:57 pm

I use Winbox v.6.40. I tried to set VPN. VPN is working now, but... One colleague from his IP connected to the VPN, but for me not. I tried to use two computers (W10, W7), two different internet providers, but no success. I got this error message "The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.?" Why,? Why does he connect and I don't.
 
pe1chl
Forum Guru
Forum Guru
Posts: 6919
Joined: Mon Jun 08, 2015 12:09 pm

Re: a problem with VPN

Sat Jul 18, 2020 3:28 pm

Well at least you can try to upgrade... 6.40 is very old.
But also you will see that debugging L2TP/IPsec is quite difficult, either it works perfectly or it fails with unclear messages like that.
Also note that you cannot connect at the same time with two users with the same IP. So first try if it works when only you connect.
 
petrik1
just joined
Topic Author
Posts: 18
Joined: Sat Jul 29, 2017 12:18 pm

Re: a problem with VPN

Sat Jul 18, 2020 4:27 pm

Each of us use other provider, so IP addresses are different.
Well at least you can try to upgrade... 6.40 is very old.
But also you will see that debugging L2TP/IPsec is quite difficult, either it works perfectly or it fails with unclear messages like that.
Also note that you cannot connect at the same time with two users with the same IP. So first try if it works when only you connect.
 
erlinden
Long time Member
Long time Member
Posts: 501
Joined: Wed Jun 12, 2013 1:59 pm

Re: a problem with VPN

Sat Jul 18, 2020 6:14 pm

Can you please first upgrade (security reasons) and then, if it's still not working, share your config (/export hide-sensitive)?
First the problem, then the solution
 
pe1chl
Forum Guru
Forum Guru
Posts: 6919
Joined: Mon Jun 08, 2015 12:09 pm

Re: a problem with VPN

Sat Jul 18, 2020 8:38 pm

Yes, first re-test after upgrade. There is some issue when connecting via double-nat in old versions that I think has been fixed now.
 
petrik1
just joined
Topic Author
Posts: 18
Joined: Sat Jul 29, 2017 12:18 pm

Re: a problem with VPN

Sat Jul 18, 2020 9:04 pm

I tried to check log:
When I tried to connect there is this:
memory, ipsec, error 195.28.133.162 failed to get valid proposal.
memory, ipsec, error 195.28.133.162 failed to pre-process ph1 packet (side 1, status 1)
memory, ipsec, erTOf 195.28.133.162 phase 1 negotiation failed
 
Hiji56
just joined
Posts: 11
Joined: Mon Aug 06, 2018 10:21 pm

Re: a problem with VPN

Sun Jul 19, 2020 1:20 am

As I see you made settings and someone can connect but not you.
There need more logs and and hide-sensitive config (btw hide your IP)

Run this in terminal
This will create new topics under System->Logging with debug option with flood your log with debug messages
system logging add topics=ipsec,debug


You mention Windows machine, do you fix Windows encapsulation vpn problem?
run this in cmd
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 2 /f

Moreover,maybe this help,
I find my old file with make settings for vpn,
You need fix Name, IP and password within file and rename it to VPN_IPSEC_Settings.bat
and it will set up new connection for your VPN under Win10 (it use powershell)
You do not have the required permissions to view the files attached to this post.
 
petrik1
just joined
Topic Author
Posts: 18
Joined: Sat Jul 29, 2017 12:18 pm

Re: a problem with VPN

Sun Jul 19, 2020 2:06 pm

As I see you made settings and someone can connect but not you.
There need more logs and and hide-sensitive config (btw hide your IP)

Run this in terminal
This will create new topics under System->Logging with debug option with flood your log with debug messages
system logging add topics=ipsec,debug


You mention Windows machine, do you fix Windows encapsulation vpn problem?
run this in cmd
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 2 /f

Moreover,maybe this help,
I find my old file with make settings for vpn,
You need fix Name, IP and password within file and rename it to VPN_IPSEC_Settings.bat
and it will set up new connection for your VPN under Win10 (it use powershell)
I ran by terminal system logging add topics=ipsec,debug. I saw many info with errors, but how can i save it?
Other offer with registry finished with error Access is denied
I don't know, can it be problem cos I use Windows 10 Edu? Cos my colleague used Windows 10 prof and I tried other computer with Windows 7 prof and it worked too. And how can I allow RDP in VPN? Many questions? thx a lot
 
pe1chl
Forum Guru
Forum Guru
Posts: 6919
Joined: Mon Jun 08, 2015 12:09 pm

Re: a problem with VPN

Sun Jul 19, 2020 6:40 pm

Did you already update the router?
 
petrik1
just joined
Topic Author
Posts: 18
Joined: Sat Jul 29, 2017 12:18 pm

Re: a problem with VPN

Sun Jul 19, 2020 9:47 pm

No yet. (to update router)
 
petrik1
just joined
Topic Author
Posts: 18
Joined: Sat Jul 29, 2017 12:18 pm

Re: a problem with VPN

Mon Jul 20, 2020 3:54 pm

Friends I found out this, When you upgrade Win7 (8) to Win 10, VPN is not working. Simply you can not achieve it. OK, so I have to instal new Win10. OK. But I need to connect to L2TP/IPSec VPN by Windows. So, VPN (pool on it) gives me local address and I can use disks in this LAN. Now, VPN (DHCP) gves me an address, routing is OK, it gives me net masdk 255.255.255.0, but I can not do anything. :(
 
petrik1
just joined
Topic Author
Posts: 18
Joined: Sat Jul 29, 2017 12:18 pm

Re: a problem with VPN

Tue Jul 21, 2020 8:45 pm

I upgraded it to new version and I set router and VPN is working
 
petrik1
just joined
Topic Author
Posts: 18
Joined: Sat Jul 29, 2017 12:18 pm

Re: a problem with VPN

Fri Jul 24, 2020 1:06 pm

But I have a problem. Somebody tried to come into our VPN. Ok he was refused by phase 1, but my question, how to change VPN type L2TP/IPsec verification 1st phase by a certificate. Thx, my friends.

Who is online

Users browsing this forum: No registered users and 36 guests