On the MikroTik router I have setup L2TP/IPsec service with basically all default parameters.
Lots of users are connected using L2TP client with IPsec secret (and username/pw) from MikroTik routers, and I know from experience that the same setup works from Android etc.
So I installed the latest firmware on my Draytek 2860n+ and setup the "LAN2LAN VPN" with L2TP/IPsec. At defaults it does not work at all, but after setting Advanced settings to use AES128_SHA1_G2 for phase1 and AES128_SHA1 for phase2 it at least establishes phase1.
On the MikroTik side a phase2 SA is accepted (according to debug log) and the session gets stuck in "msg1 sent" state, then proceeding to log "the packet is retransmitted by..." messages.
In the Draytek log, the following is logged (spelling-corrected):
Code: Select all
[IPSEC/IKE][L2L][profilename][remote IP] malformed payload: Parse error: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Some of them are quite old, but I have not found a clue what is causing the problem and on which side it is....
(i.e. is the byte not zeroed on the sending end, MikroTik in this case, and is the receiving end rightly complaining about it, or should the receiving end just ignore this nonzero byte? could it be caused by some setup error?)
Anyone with experience with this matter?