Community discussions

 
OKNET
Member Candidate
Member Candidate
Topic Author
Posts: 237
Joined: Mon Jun 22, 2015 9:22 am

l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]

Mon Mar 06, 2017 6:11 pm

Scenario:

[Win10_l2tp/ipsec]--------crs125----------------(internet)----------------isp_router_full_natted_to_RB----------rb3011


From iPhone to rb3011 the l2tp/ipsec works immediately

From Win10 behind crs125 , ike phase fails due to timeout

Same credentials/secrets configured in both clients

Please note that crs125 has already a gre/ipsec tunnel with another remote RB2011

Is there any macro issue/mistake to check ??

Thank you
Last edited by OKNET on Thu May 04, 2017 6:26 pm, edited 1 time in total.
 
ik3umt
Member Candidate
Member Candidate
Posts: 248
Joined: Tue Jul 08, 2014 3:58 pm

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik

Thu May 04, 2017 3:35 pm

Same issue :

Connecting a remote routerboard in L2TP/IPSEC works from a 3g/4g client as well a windows10 client with a comon DSL router

Whe the client is behind a MT device the L2TP connection to a remote mikrotik L2TP/IPSEC server fails

Phase 1 and 2 seems to be completed but L2TP is not even started (looking at L2TP server log)

Any hint please ??
 
idlemind
Forum Guru
Forum Guru
Posts: 1102
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik

Thu May 04, 2017 4:35 pm

I would verify your Windows client is behaving properly. It appears Microsoft has a sorted history with NAT-T technologies.

https://answers.microsoft.com/en-us/win ... fb3?auth=1

It looks like you need to monkey with the registry. Alternatively you could look at native IPv6 on both sides if it is deployed to you or another VPN technology.
 
ik3umt
Member Candidate
Member Candidate
Posts: 248
Joined: Tue Jul 08, 2014 3:58 pm

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik

Thu May 04, 2017 6:15 pm

It works !!!

Thank you !

Briefly for who needs:

regedit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
add new DWORD (32-bit) value named AssumeUDPEncapsulationContextOnSendRule
give it a value of 2
reboot
 
OKNET
Member Candidate
Member Candidate
Topic Author
Posts: 237
Joined: Mon Jun 22, 2015 9:22 am

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]

Thu May 04, 2017 6:27 pm

Idlemind, a great Thank You
:D
 
idlemind
Forum Guru
Forum Guru
Posts: 1102
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: l2TP/ipsec from win10 behind mikrotik to natted mikrotik [Solved]

Thu May 04, 2017 6:41 pm

No problem, glad it worked.

Who is online

Users browsing this forum: No registered users and 78 guests