Page 1 of 1

Azure VPN in 6.34

Posted: Fri Jul 29, 2016 2:41 pm
by TimGuyUK
I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them.

https://blogs.technet.microsoft.com/rha ... -routeros/

However the Peer configuration looks slightly different, I can’t set the My Id setting as I get back "Couldn’t change IPsec Peer address id must be used in main mode"

I’m getting an error in the logs saying "Phase 1 negotiation failed due to time up" but azure says the connection is up.

Also my Installed SAs are showing Current Bytes out bound from the Mikrotik but nothing shows in-bound.

Has anyone managed to get this going with newer OS version?

/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=azure
/ip ipsec peer
add address=<azure gateway>/32 enc-algorithm=aes-256,aes-128 nat-traversal=no secret=secret
/ip ipsec policy
add dst-address=192.168.8.0/24 sa-dst-address=<azure gateway> sa-src-address=<MT Gateway>  src-address=192.168.0.0/21 tunnel=yes

Tim

Re: Azure VPN in 6.34

Posted: Fri Jul 29, 2016 3:45 pm
by Thomaslsmith
I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them.

http://www.vpnanalysis.com/how-to-watch ... cs-online/

However the Peer configuration looks slightly different, I can’t set the My Id setting as I get back "Couldn’t change IPsec Peer address id must be used in main mode"

I’m getting an error in the logs saying "Phase 1 negotiation failed due to time up" but azure says the connection is up.

Also my Installed SAs are showing Current Bytes out bound from the Mikrotik but nothing shows in-bound.

Has anyone managed to get this going with newer OS version?

/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=azure
/ip ipsec peer
add address=<azure gateway>/32 enc-algorithm=aes-256,aes-128 nat-traversal=no secret=secret
/ip ipsec policy
add dst-address=192.168.8.0/24 sa-dst-address=<azure gateway> sa-src-address=<MT Gateway>  src-address=192.168.0.0/21 tunnel=yes

Tim
Has anyone found out the solution to this problem yet?

Re: Azure VPN in 6.34

Posted: Fri Jul 29, 2016 5:29 pm
by TimGuyUK
Boom.. Got it (for me at least)

In my locked down firewall state I had to enter the following:

add action=accept chain=input comment="Allow - IPsec Allow in" in-interface=WAN-Interface log-prefix="" protocol=ipsec-esp \
src-address=<Azure VPN IP>

I already had port 500 open for other VPN services:

add action=accept chain=input comment="Allow - In - l2tp" dst-port=500,4500,1701,800 in-interface=ether1-WAN log-prefix="" \
    protocol=udp

**NOTE** Don’t rely on ping as your test method. The azure server I created has its firewall up and wont respond. mstsc/rdp was my test method (or use the cloudapp.net rdp and test ping the other way)

Re: Azure VPN in 6.34

Posted: Sat Aug 06, 2016 11:23 pm
by sandyroberts
I am also facing the same issue and not able to resolve it yet can anybody help me on that :(

Re: Azure VPN in 6.34

Posted: Thu Aug 25, 2016 3:58 pm
by sarahadames
I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them.

http://www.mostsecurevpn.com/best-vpn-for-android/

However the Peer configuration looks slightly different, I can’t set the My Id setting as I get back "Couldn’t change IPsec Peer address id must be used in main mode"

I’m getting an error in the logs saying "Phase 1 negotiation failed due to time up" but azure says the connection is up.

Also my Installed SAs are showing Current Bytes out bound from the Mikrotik but nothing shows in-bound.

Has anyone managed to get this going with newer OS version?

/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=azure
/ip ipsec peer
add address=<azure gateway>/32 enc-algorithm=aes-256,aes-128 nat-traversal=no secret=secret
/ip ipsec policy
add dst-address=192.168.8.0/24 sa-dst-address=<azure gateway> sa-src-address=<MT Gateway>  src-address=192.168.0.0/21 tunnel=yes

Tim
Find anything about it, still following this threat

Re: Azure VPN in 6.34

Posted: Fri Sep 23, 2016 5:36 pm
by sandyroberts
I have followed the Microsoft Mikrotik<>Azure VPN howto and I can get to a point where Azure is showing that there is a connection established but I can not transfer data between them.

http://www.bestvpnanalysis.com/best-vpn-for-android/

However the Peer configuration looks slightly different, I can’t set the My Id setting as I get back "Couldn’t change IPsec Peer address id must be used in main mode"

I’m getting an error in the logs saying "Phase 1 negotiation failed due to time up" but azure says the connection is up.

Also my Installed SAs are showing Current Bytes out bound from the Mikrotik but nothing shows in-bound.

Has anyone managed to get this going with newer OS version?

/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=azure
/ip ipsec peer
add address=<azure gateway>/32 enc-algorithm=aes-256,aes-128 nat-traversal=no secret=secret
/ip ipsec policy
add dst-address=192.168.8.0/24 sa-dst-address=<azure gateway> sa-src-address=<MT Gateway>  src-address=192.168.0.0/21 tunnel=yes

Tim
This solution worked for me Thanx :)