Hello,
I have been trying the to get VPN (L2PT IPsec) working for remote workers. I tried 4 or 5 different "walk-throughs" on the wiki and youtube, but none of them seem to work. My setup:
Web <----> Cisco modem <---> Mikrotik (RB2011UiAS-2HND-IN) <---> LAN/WLAN
The mikrotik is in (almost) in the default WISP-AP config, gets it IP address by client-DHCP on ether 1 from the Cisco modem. The lan and wlan are "joined" with the standard bridge-local config.
Sofar the standard config is working ok. Haven't started with routing protocols. I need to get VPN up-and-running first.
Help is needed and appreciated.
Re: Cannot get VPN working
What is in your client logs? Does IPSec connects and fails it on L2TP? If yes, there is already a thread: http://forum.mikrotik.com/viewtopic.php?f=2&t=75049
Re: Cannot get VPN working
What have you tried and what specifically isn't working?
Are there connection attempts in the log?
Have you configured IP pools and assigned them to the PPP Profile?
Have you configured secrets and assigned the appropriate service and PPP Profile?
I just got PPTP VPN working on my RB951 (v6.23) and these are the steps I took (using WinBox). Not sure how different the IPSEC L2TP setup would be but maybe this will help.
Are there connection attempts in the log?
Have you configured IP pools and assigned them to the PPP Profile?
Have you configured secrets and assigned the appropriate service and PPP Profile?
I just got PPTP VPN working on my RB951 (v6.23) and these are the steps I took (using WinBox). Not sure how different the IPSEC L2TP setup would be but maybe this will help.
- Go to IP-->Pools and create a new pool (I called mine VPN). Assign a range of addresses. Since my setup is very basic I just gave it the entire 192.168.89.0/24.
I already had a DHCP pool for 192.168.1.0/24
Next go to PPP and select PPTP Server. Make sure the check box to enable is marked and select the default-encryption profile. Click OK.
Select the Profiles tab and double click the default-encryption profile. For Local Address choose your DHCP pool. For Remote Address choose the VPN pool created earlier.
Next go to secrets tab and create users. Probably best to create a single test user for now. Give them a username, set a password and set service to any or choose the specific service from the drop down. Select the default-encryption profile and click OK.
Now go to the Interface tab and click the + and select PPTP Server Binding from the list. Give it a name or leave the default and click OK.
Next is to create a firewall rule to allow PPTP traffic into your public facing interface. Go to IP-->Firewall and create a new rule. Chain is Input, In Interface should be your public facing (WAN) interface. Protocol is TCP and Dest. Port for PPTP will be 1723,47. Action is to accept. Check the box to enable logging and add a tag if you'd like so you can search (depends on how verbose your logging is). Click OK and place the rule above default deny all rule.
Re: Cannot get VPN working
Hi,
I think this is going to help. I can see in the logs that IPSec is trying it's best, but there is no connection made from the L2TP-server. So I going to try this. Thanks a lot.
I think this is going to help. I can see in the logs that IPSec is trying it's best, but there is no connection made from the L2TP-server. So I going to try this. Thanks a lot.
What is in your client logs? Does IPSec connects and fails it on L2TP? If yes, there is already a thread: http://forum.mikrotik.com/viewtopic.php?f=2&t=75049
Re: Cannot get VPN working
Hi,
Thanks for answering. I got PPTP VPN working ok, but I'm having troubles with the L2TP-IPSec VPN and that's what I want to use for remote workers. I may have found a clue in the answer above, so I'm back to trying and figuring out the logs.
Thanks for answering. I got PPTP VPN working ok, but I'm having troubles with the L2TP-IPSec VPN and that's what I want to use for remote workers. I may have found a clue in the answer above, so I'm back to trying and figuring out the logs.
What have you tried and what specifically isn't working?
Are there connection attempts in the log?
Have you configured IP pools and assigned them to the PPP Profile?
Have you configured secrets and assigned the appropriate service and PPP Profile?
I just got PPTP VPN working on my RB951 (v6.23) and these are the steps I took (using WinBox). Not sure how different the IPSEC L2TP setup would be but maybe this will help.
You should now be able to log in via PPTP VPN connection. Try and you should see entries in the log. If you don't then a firewall rule is likely killing the connection. Move the firewall rule created earlier above any deny rules that could be interfering. Hopefully some other, more seasoned folks can chime in with some better help.
- Go to IP-->Pools and create a new pool (I called mine VPN). Assign a range of addresses. Since my setup is very basic I just gave it the entire 192.168.89.0/24.
I already had a DHCP pool for 192.168.1.0/24
Next go to PPP and select PPTP Server. Make sure the check box to enable is marked and select the default-encryption profile. Click OK.
Select the Profiles tab and double click the default-encryption profile. For Local Address choose your DHCP pool. For Remote Address choose the VPN pool created earlier.
Next go to secrets tab and create users. Probably best to create a single test user for now. Give them a username, set a password and set service to any or choose the specific service from the drop down. Select the default-encryption profile and click OK.
Now go to the Interface tab and click the + and select PPTP Server Binding from the list. Give it a name or leave the default and click OK.
Next is to create a firewall rule to allow PPTP traffic into your public facing interface. Go to IP-->Firewall and create a new rule. Chain is Input, In Interface should be your public facing (WAN) interface. Protocol is TCP and Dest. Port for PPTP will be 1723,47. Action is to accept. Check the box to enable logging and add a tag if you'd like so you can search (depends on how verbose your logging is). Click OK and place the rule above default deny all rule.
Re: Cannot get VPN working
Hi,
I stopped trying and am using OpenVPN instead. On youtube there is a good "tutorial" for the OVPN setup from Pascom:
https://www.youtube.com/channel/UCSnsMv ... agJREg9EdA
Works ok for my situation with "road-warriors".
I stopped trying and am using OpenVPN instead. On youtube there is a good "tutorial" for the OVPN setup from Pascom:
https://www.youtube.com/channel/UCSnsMv ... agJREg9EdA
Works ok for my situation with "road-warriors".
Re: Cannot get VPN working
Does your Mkt get a public IP from the cisco modem? Othewise L2TP/IPsec server doesn't work behind a NAT. Clients can be behind a NAT but not the server.
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
Re: Cannot get VPN working
Hi,
I didn't get a "public" IP-address, but one that was assigned to it by the modem/router form the "private" range.
I didn't get a "public" IP-address, but one that was assigned to it by the modem/router form the "private" range.
Who is online
Users browsing this forum: STMT and 103 guests