Community discussions

MikroTik App
just joined
Topic Author
Posts: 1
Joined: Wed Dec 30, 2015 6:20 pm

Problems in l2tp-client and ovpn-client

Wed Dec 30, 2015 7:28 pm

Struggling to establish working vpn connections with mikrotik routers as clients (satellite offices with dynamic IPs) and linux servers (static IP).

My attempts so far:

(routed openvpn). ovpn-client to linux openvpn server was working as of 5.**. After upgrading to 6.32 ovpn-client seems to be broken. According to linux logs, connections get established correctly, but no pings get through. I.e., far-end end-points do not respond to pings on either side. As the endpoints are added directly to the routing tables, this is not a routing issue.

Mikrotik client to mikrotik server works.

When attempting to connect to linux server, xl2tpd has a lot to complain about in the logs but this is what seems the most critical:
Dec 29 14:09:28 vps xl2tpd[30468]: result_code_avp: avp is incorrect size.  8 < 10
Dec 29 14:09:28 vps xl2tpd[30468]: handle_avps: Bad exit status handling attribute 1 (Result Code) on mandatory packet.
Dec 29 14:09:28 vps xl2tpd[30468]: Terminating pppd: sending TERM signal to pid 5751
As of 6.33; it is impossible to establish l2tp connections between mikrotik clients and linux servers.

The only thing working in 6.32 is ipsec tunnels, however:
  • They are too slow (half the transfer rate of unencrypted using aes128)
  • They are only initiated on demand from the client side
  • SAs need to be manually flushed for one of the connections after it goes down periodically
Overall; upgrading to 6.33 and getting new routerboards has been a disappointment. Openwrt would have been a better choice at this point, although much less convenient. The configuration interfaces in routeros is the best I've seen.

Wish you best of luck in improving routeros and fixing these problems.
just joined
Posts: 4
Joined: Sat Jan 16, 2016 2:54 pm

Re: Problems in l2tp-client and ovpn-client

Mon Jan 25, 2016 1:11 pm

I have exactly the same problem when using mikrotik as L2TP client.
Error-Massage="Result Code: expected at least 10, got 8"
So far, no solution for 6.33 :(

Ok, It seems I have found solution. Use "chap" as an authentication protocol on L2TP Client Interface (Dial-Out tab) in Mikrotik. That worked for me.

Who is online

Users browsing this forum: arm920t and 128 guests