Community discussions

MikroTik App
 
Hell0Kitty
just joined
Topic Author
Posts: 5
Joined: Fri Jun 05, 2015 3:29 pm

L2TP IPSec VPN = not working.

Fri Jun 05, 2015 3:51 pm

IPSec_log_.txt
I can't connect to my VPN(L2TP IPSec) from my iPhone.

Connection failed after this
Jun/04/2015 21:49:54 ipsec,error phase1 negotiation failed due to time up "My ext. static IP(WAN)"[500]<=>"Random dynamic IP, any devices can try connect"[1197] 86dd3e3d2affc4f8:67c23982425b761b
As if authentication fails on IPSec to continue to put in L2TP tunnel.
Time on the router and on the same iPhone. In the statistics of IPSec Peer Connected seen that there is a connection that to my external address from another address (Cell 3G). Passwords for L2TP and IPSec did just that to test. The rules Firewall packages running on the rule where the port 500 UDP. Package on regulation to UDP 1701 and 4500, and ipsec-esp packages 0.
Log IPSec in atachments


I tried to disable and enable the "tunnel" clean aes256 and install it. NAT-T and off. Not what helps. Where to drip? And then the logs do not understand, like, not what is not visible.

Just a couple of questions to the following conditions that must be given to anyone (with an unknown IP) access to LAN itself.
WAN - XXXX - white static IP address; Bridge-local - local net 192.168.1.0/24; DHCP - 192.168.1.2-254.

Image
Local Address - What is it? This is the local address of the router? Do I need to enter it? What to enter?
Remote Address - What is it? Address of \ which should get the device that connects to a VPN? Do I need to enter it? What to enter? Is it possible to specify the DHCP pool if a lot of devices, or you can specify a static IP of 192.168.1.0/24 subnet?

Image
Local Address - What is it? Do I need to enter it? And what to enter?
Remote Address - What is it? Do I need to enter it? And what to enter?

Image
Address - the IP address of the device that you want to give access and to put in a tunnel? Ie 0.0.0.0/0 when any unknown device may try to join?
Local Address - What is it? Do I need to enter it? And what to enter?

Image
Src. Address - What is it? Do I need to enter it? And what to enter? :: / 0 - leave the default?
Dst. Address - What is it? Do I need to enter it? And what to enter? :: / 0 - leave the default?

Image
SA Src. Address - What is it? Do I need to enter it? And what to enter? 0.0.0.0 - left by default?
SA Dst. Address - What is it? Do I need to enter it? And what to enter? 0.0.0.0 - left by default?

Me read a bunch of articles, wiki, guides for configuring L2TP -IPSec, all the same. Apparently very little that is where "tuning" about which simply forget to mention in the description of the setting. And because of that, I do not what does not go :(

PS: I use this and this guide.
You do not have the required permissions to view the files attached to this post.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7041
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: L2TP IPSec VPN = not working.

Fri Jun 05, 2015 3:59 pm

http://wiki.mikrotik.com/wiki/Manual:IP ... behind_NAT
Also all properties are described in reference tables.
 
Hell0Kitty
just joined
Topic Author
Posts: 5
Joined: Fri Jun 05, 2015 3:29 pm

Re: L2TP IPSec VPN = not working.

Fri Jun 05, 2015 4:14 pm

Thx. But i see and read http://wiki.mikrotik.com/wiki/Manual:IP/IPsec and this don't solved my problem.
Rly need good answer from appreciatory and well knowledgeable man.
 
wcsnet
Frequent Visitor
Frequent Visitor
Posts: 64
Joined: Mon Apr 29, 2013 12:43 pm
Location: South Africa

Re:

Sat Jun 06, 2015 2:54 pm

I also tried l2tp config for ios but could never get it to work pptp works fine thougj


Sent from my iPhone using Tapatalk
 
Hell0Kitty
just joined
Topic Author
Posts: 5
Joined: Fri Jun 05, 2015 3:29 pm

Re: L2TP IPSec VPN = not working.

Tue Jun 09, 2015 9:23 am

There is at least one expert or a professional who can paint everything clearly and to help solve the problem? Ready for a gratuity.
Three days changed the configuration and testing, and fail.
 
mikelynchgames
just joined
Posts: 2
Joined: Wed Aug 05, 2015 5:09 am

Re: L2TP IPSec VPN = not working.

Wed Aug 05, 2015 6:37 am

I have the same issue as the original poster:
ipsec,error phase1 negotiation failed due to time up
and the same random ip after my external IP. Is this due to a filter issue maybe?
 
Hell0Kitty
just joined
Topic Author
Posts: 5
Joined: Fri Jun 05, 2015 3:29 pm

Re: L2TP IPSec VPN = not working.

Mon Aug 31, 2015 2:31 pm

I search my problem and i fix her. Error in firewall rules, i add three filter for UDP 4500, UDP 500 and UDP 1701. But need add one filter for all port together for one rules. And VPN working ;)
 
Jivo
newbie
Posts: 35
Joined: Wed Jun 08, 2011 11:44 pm

Re: L2TP IPSec VPN = not working.

Thu Jan 28, 2016 11:00 pm

Hello,

If I undestood you right, you say that you have fixed the problem by combining the spec for all three ports in one rule?
It does not make sense to me. Have anyone else solved this problem in this way?

I also have 3 separate rules - something I consider a good practice because traffic is counted separately. It works after router restart, than IPSec tunnel dies after some time, then again it works after reboot.

If rules were wrong, those would be wrong all the time, wouldn't they?
 
jaytcsd
Member
Member
Posts: 332
Joined: Wed Dec 29, 2004 9:50 am
Location: Pittsboro IN
Contact:

Re: L2TP IPSec VPN = not working.

Sat Jan 30, 2016 8:17 am

/ip firewall filter> pr
Flags: X - disabled, I - invalid, D - dynamic

;;; L2TP
chain=input action=accept protocol=udp src-port=500,1701,4500 log=no
log-prefix=""

this works just as well as 3 separate rules, one for each port.
 
User avatar
MadEngineer
Member Candidate
Member Candidate
Posts: 141
Joined: Mon May 02, 2011 10:47 am
Location: New Zealand

Re: L2TP IPSec VPN = not working.

Sat Jan 30, 2016 8:33 am

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot] and 55 guests