Works like a charm for me. What did the log say?After upgrade from ROS 6.43.12 to 6.44 - I have lost possibility co connect to my MT with L2TP (with preshared key) VPN. I was changing firewall settings, trying other.... but after downgrade to 6.43.12 - IT WORKS AGAIN. So something is BAD with ROS 6.44 and L2TP VPN ! MikroTik team - please repir that ROS 6.44 BUG.
Strange behavior, but this works for me!I found that simply disabling and re-enabling the L2TP server resolved the problem.
/interface l2tp-server server set enabled=no
/interface l2tp-server server set enabled=yes
/ip pool add name=dyn-vpn ranges=192.168.88.2-192.168.88.19 /ppp profile add change-tcp-mss=yes dns-server=192.168.88.1 local-address=192.168.88.1 \ name=ppp-in only-one=no remote-address=dyn-vpn use-encryption=required \ use-ipv6=no use-mpls=no /interface l2tp-server server set allow-fast-path=yes authentication=mschap2 default-profile=ppp-in enabled=yes ipsec-secret=SERVERPASS max-mru=1460 max-mtu=1460 use-ipsec=yes /ppp secret add name=dynuser1 password=DYNUSER1PASS profile=ppp-in
universal answerThe issue will be fixed in the next RouterOS release.
What's new in 6.45beta6 (2019-Mar-05 08:51):
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
I have the same problem. I reverted it with version 6.43.13 LT and L2TP with ipsec works again ! The routerboard is RB750Gr3 !Since I upgraded to 6.44.*, I currently have patch 6.44.1 and device CCR1036-12G-4S, can not connect Windows 10 clients with IPSEC, get error when trying to connect and I have not changed at all the configuration in the clients or router
Thanks for posting the way to resolve your problem. I also had the same issue (mismatch of shared secrets between IPSEC and L2TP server identities), using the correct pre-shared key works as a charm.that was FAST ! Emils thanks for your help !!!
it seems the way dynamic peer configuration from L2TP server were added to the peers menu changed between 6.43.12 and 6.44
dynamic peers take precedence BEFORE static peer entries ...
In my case there was a static default PEER with a password used by all my roadwarrior clients.
The dynamic peer (from the L2TP server entry) had a typo in the password but that never was used.
until now ...
changed the password and all my clients are working again !
kudos to support, extra kudos to emils