Community discussions

MikroTik App
 
dakotabcn
newbie
Topic Author
Posts: 49
Joined: Thu Apr 21, 2016 11:16 pm

l2tp with ipsec clients behind NAT no work

Tue Nov 13, 2018 11:06 am

I have a problem with L2TP / IPSEC in a client, several users connect from the same connection behind a NAT and with L2TP it is impossible, when a user connects, he disconnects the one that is already connected.
I've been reading why this happens and change the L2TP from port strict to port override but still failing
How can I do it? for now I solved the issue by putting one user with PPTP and another with L2TP, but ideally, all users use L2tp
this is the current configuration in the mikrotik

/ppp profile
add change-tcp-mss=yes dns-server=8.8.4.4,8.8.8.8 name="VPNIPSEC" only-one=yes use-upnp=yes
set *FFFFFFFE only-one=yes
/interface l2tp-server server
set enabled=yes use-ipsec=no
/ip ipsec peer
add exchange-mode=main-l2tp generate-policy=port-override passive=yes secret=xxxx
/ppp secret
add local-address=192.168.22.22 name=User password=Pass profile=\
VPNIPSEC remote-address=192.168.22.23 service=l2tp
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1120
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: l2tp with ipsec clients behind NAT no work

Tue Nov 13, 2018 1:56 pm

I too get this however it is not so much a problem as expected behaviour. You can use split VPN types as you have found or you could set up a VPN from the router and some sort of policy based routing to get around this.
 
dakotabcn
newbie
Topic Author
Posts: 49
Joined: Thu Apr 21, 2016 11:16 pm

Re: l2tp with ipsec clients behind NAT no work

Tue Nov 13, 2018 6:57 pm

I too get this however it is not so much a problem as expected behaviour. You can use split VPN types as you have found or you could set up a VPN from the router and some sort of policy based routing to get around this.
Hello
It is not possible to put a VPN in the router of the office where the connected laptops are, besides that the users sometimes move from site and need to have the connection in the equipment
So far we have implemented PPTP without problems, but everyone does not recommend using it and L2TP + IPSEC is a much more reliable option.
I've been reading days on this issue and it seems to be a problem of RouterOS and different connections from the same IP with NAT, in "theory" it was resolved with the 6.38 and port override, but I still fail, if there is an L2TP connection and another is made from the same IP, the first connection is disconnected and the second connection remains active. It is temporarily solved with PPTP and L2TP, but I would prefer to solve it
regards
 
User avatar
pnajm
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Thu Nov 21, 2013 6:54 pm

Re: l2tp with ipsec clients behind NAT no work

Tue Nov 13, 2018 7:14 pm

it is answered here viewtopic.php?t=129932

Who is online

Users browsing this forum: gigabyte091 and 52 guests