Community discussions

MikroTik App
 
TimGuyUK
just joined
Topic Author
Posts: 24
Joined: Fri Jul 29, 2016 11:36 am

Azure VPN in 6.34

Fri Jul 29, 2016 2:41 pm

I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them.

https://blogs.technet.microsoft.com/rha ... -routeros/

However the Peer configuration looks slightly different, I can’t set the My Id setting as I get back "Couldn’t change IPsec Peer address id must be used in main mode"

I’m getting an error in the logs saying "Phase 1 negotiation failed due to time up" but azure says the connection is up.

Also my Installed SAs are showing Current Bytes out bound from the Mikrotik but nothing shows in-bound.

Has anyone managed to get this going with newer OS version?

/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=azure
/ip ipsec peer
add address=<azure gateway>/32 enc-algorithm=aes-256,aes-128 nat-traversal=no secret=secret
/ip ipsec policy
add dst-address=192.168.8.0/24 sa-dst-address=<azure gateway> sa-src-address=<MT Gateway>  src-address=192.168.0.0/21 tunnel=yes

Tim
 
Thomaslsmith
just joined
Posts: 1
Joined: Thu May 05, 2016 10:15 am

Re: Azure VPN in 6.34

Fri Jul 29, 2016 3:45 pm

I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them.

http://www.vpnanalysis.com/how-to-watch ... cs-online/

However the Peer configuration looks slightly different, I can’t set the My Id setting as I get back "Couldn’t change IPsec Peer address id must be used in main mode"

I’m getting an error in the logs saying "Phase 1 negotiation failed due to time up" but azure says the connection is up.

Also my Installed SAs are showing Current Bytes out bound from the Mikrotik but nothing shows in-bound.

Has anyone managed to get this going with newer OS version?

/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=azure
/ip ipsec peer
add address=<azure gateway>/32 enc-algorithm=aes-256,aes-128 nat-traversal=no secret=secret
/ip ipsec policy
add dst-address=192.168.8.0/24 sa-dst-address=<azure gateway> sa-src-address=<MT Gateway>  src-address=192.168.0.0/21 tunnel=yes

Tim
Has anyone found out the solution to this problem yet?
 
TimGuyUK
just joined
Topic Author
Posts: 24
Joined: Fri Jul 29, 2016 11:36 am

Re: Azure VPN in 6.34

Fri Jul 29, 2016 5:29 pm

Boom.. Got it (for me at least)

In my locked down firewall state I had to enter the following:

add action=accept chain=input comment="Allow - IPsec Allow in" in-interface=WAN-Interface log-prefix="" protocol=ipsec-esp \
src-address=<Azure VPN IP>

I already had port 500 open for other VPN services:

add action=accept chain=input comment="Allow - In - l2tp" dst-port=500,4500,1701,800 in-interface=ether1-WAN log-prefix="" \
    protocol=udp

**NOTE** Don’t rely on ping as your test method. The azure server I created has its firewall up and wont respond. mstsc/rdp was my test method (or use the cloudapp.net rdp and test ping the other way)
 
sandyroberts
just joined
Posts: 2
Joined: Sat Aug 06, 2016 10:39 pm

Re: Azure VPN in 6.34

Sat Aug 06, 2016 11:23 pm

I am also facing the same issue and not able to resolve it yet can anybody help me on that :(
 
sarahadames
just joined
Posts: 2
Joined: Wed Apr 06, 2016 3:47 pm

Re: Azure VPN in 6.34

Thu Aug 25, 2016 3:58 pm

I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them.

http://www.mostsecurevpn.com/best-vpn-for-android/

However the Peer configuration looks slightly different, I can’t set the My Id setting as I get back "Couldn’t change IPsec Peer address id must be used in main mode"

I’m getting an error in the logs saying "Phase 1 negotiation failed due to time up" but azure says the connection is up.

Also my Installed SAs are showing Current Bytes out bound from the Mikrotik but nothing shows in-bound.

Has anyone managed to get this going with newer OS version?

/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=azure
/ip ipsec peer
add address=<azure gateway>/32 enc-algorithm=aes-256,aes-128 nat-traversal=no secret=secret
/ip ipsec policy
add dst-address=192.168.8.0/24 sa-dst-address=<azure gateway> sa-src-address=<MT Gateway>  src-address=192.168.0.0/21 tunnel=yes

Tim
Find anything about it, still following this threat
 
sandyroberts
just joined
Posts: 2
Joined: Sat Aug 06, 2016 10:39 pm

Re: Azure VPN in 6.34

Fri Sep 23, 2016 5:36 pm

I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them.

http://www.bestvpnanalysis.com/best-vpn-for-android/

However the Peer configuration looks slightly different, I can’t set the My Id setting as I get back "Couldn’t change IPsec Peer address id must be used in main mode"

I’m getting an error in the logs saying "Phase 1 negotiation failed due to time up" but azure says the connection is up.

Also my Installed SAs are showing Current Bytes out bound from the Mikrotik but nothing shows in-bound.

Has anyone managed to get this going with newer OS version?

/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=azure
/ip ipsec peer
add address=<azure gateway>/32 enc-algorithm=aes-256,aes-128 nat-traversal=no secret=secret
/ip ipsec policy
add dst-address=192.168.8.0/24 sa-dst-address=<azure gateway> sa-src-address=<MT Gateway>  src-address=192.168.0.0/21 tunnel=yes

Tim
This solution worked for me Thanx :)

Who is online

Users browsing this forum: comet48 and 160 guests