You will think that this topic is repeated but I checked every related topic to solve my problem and no solution.
I have a mikrotik with os version 6.28 that has real IP configured on the gateway interface I configured the ipsec peer as below from the following link http://forum.mikrotik.com/viewtopic.php?f=2&t=67746:
Code: Select all
address=0.0.0.0/0 local-address=0.0.0.0 passive=no port=500
auth-method=pre-shared-key secret="VPNpass" generate-policy=port-override
policy-template-group=default exchange-mode=main-l2tp
send-initial-contact=no nat-traversal=yes hash-algorithm=sha1
enc-algorithm=3des,aes-128 dh-group=modp1024 lifetime=1d dpd-interval=15s
dpd-maximum-failures=3
Code: Select all
name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
pfs-group=modp1024
here is the log
08:58:25 ipsec,error authtype mismatched: my:hmac-sha1 peer:hmac-sha256
08:58:26 l2tp,info first L2TP UDP packet received from x.x.x.x
08:58:26 l2tp,ppp,info,account l2tp logged in, 10.50.50.4
08:58:26 l2tp,ppp,info <l2tp-l2tp>: authenticated
08:58:26 l2tp,ppp,info <l2tp-l2tp>: connected
the ipsec sa is working in both directions
i made the same configuration on another router that has virtual ip published using fortigate. it is accepting pptp tunnels with no problems.
it just gives the following log:
08:59:25 ipsec,error authtype mismatched: my:hmac-sha1 peer:hmac-sha256
08:59:26 l2tp,info first L2TP UDP packet received from x.x.x.x
08:59:47 l2tp,info first L2TP UDP packet received from x.x.x.x
09:00:09 l2tp,info first L2TP UDP packet received from x.x.x.x
and on my android device it gives unsuccessful
I tried to disable all firewall rules and keep only these:
Code: Select all
0 chain=input action=log protocol=udp
in-interface=ether1-ToFortiGate src-port=500,1701,4500 log=yes
log-prefix=""
1 chain=input action=accept protocol=ipsec-esp log=no log-prefix=""
2 chain=input action=accept protocol=udp port=4500 log=no log-prefix=""
3 chain=input action=accept protocol=udp port=500 log=no log-prefix=""
4 chain=input action=accept protocol=udp port=1701 log=no log-prefix=""
Thanks