Community discussions

MikroTik App
 
User avatar
azurtem
Trainer
Trainer
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France
Contact:

IPSec with Windows 10

Sat May 06, 2017 6:32 am

Hi

I am preparing to replace my PPtP links with L2TP/IPSec ones and came across a weird behaviour during one of my tests

I setup a Windows 10 machine to connect to my CCR9 via L2TP/IPSec.
The first connection attempt was successful, but subsequent ones weren't
When I checked the CCR9 log I noticed the following
 respond new phase 1 (Identity Protection): 
 ISAKMP-SA established 
 the packet is retransmitted by
  the packet is retransmitted by
   the packet is retransmitted by
    etc..
The Windows 10 machine would eventually give up and throw the following error :
"The L2TP connection attempt failed because the security layer encountered a processing error during the initial negotiations with the remote computer"
I'm not sure why I remembered this, but I came across a setup guide by Daniel on his blog https://justit.eu/mikrotik-l2tpipsec-vpn/ where he emphasized the activation of the option use-mpls=yes
I thus enabled this option and suddenly the Windows 10 was able to connect again (hmm...)

Not sure why this would have any influence but stiil, I thought I'd ask around in case anyone else has had issues with Windows 10

Thanks
yann
Last edited by azurtem on Sat May 06, 2017 3:06 pm, edited 1 time in total.
 
Kindis
Member Candidate
Member Candidate
Posts: 284
Joined: Tue Nov 01, 2011 6:54 pm

Re: IPSec with Windows 10

Sat May 06, 2017 9:40 am

I would use SSTP insted. I use it myself and it works better as port 443 is almost always open on external networks and works better in terms of stability.
Best is to use a real certificate so that CRL works, or you have to tweak the registry of the connecting Windows clients as they require a working CRL. You can get working certificates for free with startssl.
Works like a charm for me :)

Who is online

Users browsing this forum: Bing [Bot], codered1983, Majestic-12 [Bot], tinka and 95 guests