Page 1 of 1

L2tp/IPsec and windows 10 client

Posted: Wed Nov 08, 2017 6:47 pm
by julianov
Hello All.

Due to I couldn't implement an IPsec tunnel I'll do with L2TP which Windows implements it as default.

But I'm getting this error:


This is the code:
/ip pool
add name=poolIPv4 ranges=
add name=poolIPv4-VPN ranges=

/ip dhcp-server
add add-arp=yes address-pool=poolIPv4 disabled=no interface=LAN name=dhcp-IPv4

/ppp profile
add dns-server= local-address= name=VPN remote-address=poolIPv4-VPN use-encryption=required use-ipv6=default
set *FFFFFFFE dns-server= local-address= remote-address=poolIPv4-VPN use-encryption=required

/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=VPN enabled=yes ipsec-secret=123456

/ip address
add address= interface=LAN network=

/ppp secret
add name=user password=123456 profile=VPN service=l2tp

/ip firewall filter
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input protocol=ipsec-esp

/ip firewall nat
add action=masquerade chain=srcnat src-address=
add action=masquerade chain=srcnat

/ip ipsec peer
add address= exchange-mode=main-l2tp   dh-group=modp2048,modp1024 generate-policy=port-override secret=123456

/ip ipsec policy
set 0 dst-address= src-address=

The problem looks that it's on the IPsec encryption but that the standard implementation.

Re: L2tp/IPsec and windows 10 client

Posted: Wed Nov 08, 2017 11:01 pm
by kmok1
Win10 is using old/weak encryption algorithm...

To fix, under / IP IPSec Peers and Proposals, under Encryption Algorithm, check "3des".