Community discussions

 
rzirzi
Member
Member
Topic Author
Posts: 378
Joined: Mon Oct 09, 2006 2:33 pm

ROS 6.44 - VPN L2TP not working

Mon Mar 04, 2019 1:57 pm

After upgrade from ROS 6.43.12 to 6.44 - I have lost possibility co connect to my MT with L2TP (with preshared key) VPN. I was changing firewall settings, trying other.... but after downgrade to 6.43.12 - IT WORKS AGAIN. So something is BAD with ROS 6.44 and L2TP VPN ! MikroTik team - please repir that ROS 6.44 BUG.
 
Sarel0092
newbie
Posts: 40
Joined: Tue Aug 07, 2018 8:25 am

Re: ROS 6.44 - VPN L2TP not working

Mon Mar 04, 2019 6:48 pm

I found that simply disabling and re-enabling the L2TP server resolved the problem.

/interface l2tp-server server set enabled=no
/interface l2tp-server server set enabled=yes
 
Kindis
Member Candidate
Member Candidate
Posts: 250
Joined: Tue Nov 01, 2011 6:54 pm

Re: ROS 6.44 - VPN L2TP not working

Mon Mar 04, 2019 7:19 pm

After upgrade from ROS 6.43.12 to 6.44 - I have lost possibility co connect to my MT with L2TP (with preshared key) VPN. I was changing firewall settings, trying other.... but after downgrade to 6.43.12 - IT WORKS AGAIN. So something is BAD with ROS 6.44 and L2TP VPN ! MikroTik team - please repir that ROS 6.44 BUG.
Works like a charm for me. What did the log say?
Also did you try a reboot again after the upgrade? I always reboot twice after a upgrade. Once for the upgrade and another for the firmware. If there was a issue with this during the first boot I would not have noticed.
 
eddieb
Member Candidate
Member Candidate
Posts: 141
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: ROS 6.44 - VPN L2TP not working

Mon Mar 04, 2019 9:05 pm

Hmm, my site-to-site tunnels where converted correcty, but my roadwarrior PSK does not work anymore ...

"parsing packet failed, possible cause: wrong password"

until 6.43.12 it worked ok
Running 6.45.7 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
Vaxter
just joined
Posts: 8
Joined: Tue May 06, 2014 10:54 pm
Contact:

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 2:24 am

I found that simply disabling and re-enabling the L2TP server resolved the problem.

/interface l2tp-server server set enabled=no
/interface l2tp-server server set enabled=yes
Strange behavior, but this works for me!
Tnx!
 
rzirzi
Member
Member
Topic Author
Posts: 378
Joined: Mon Oct 09, 2006 2:33 pm

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 8:18 am

Really strange, but after "second upgrade" (this night) to ROS 6.44 - it works OK. VPN is connecting.
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 8:39 am

The issue will be fixed in the next RouterOS release.
 
baragoon
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 8:50 am

The issue will be fixed in the next RouterOS release.
universal answer :lol:
 
eddieb
Member Candidate
Member Candidate
Posts: 141
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 8:52 am

@emils nice that this problem is allready known.

in my case below is the relevant part of the config :
/ip pool
add name=dyn-vpn ranges=192.168.88.2-192.168.88.19

/ppp profile
add change-tcp-mss=yes dns-server=192.168.88.1 local-address=192.168.88.1 \
    name=ppp-in only-one=no remote-address=dyn-vpn use-encryption=required \
    use-ipv6=no use-mpls=no

/interface l2tp-server server
set allow-fast-path=yes authentication=mschap2 default-profile=ppp-in enabled=yes ipsec-secret=SERVERPASS max-mru=1460 max-mtu=1460 use-ipsec=yes

/ppp secret
add name=dynuser1 password=DYNUSER1PASS profile=ppp-in
this creates a dynamic ipsec peer as in the documentation ( https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP )
It worked nice until ros 6.43.12 but in 6.44 I get "parsing packet failed, possible cause: wrong password"
Running 6.45.7 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
rzirzi
Member
Member
Topic Author
Posts: 378
Joined: Mon Oct 09, 2006 2:33 pm

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 8:53 am

The issue will be fixed in the next RouterOS release.
universal answer :lol:
But - there is answer! They found bug and will repair it - it's important that they looking for... and repairing.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8318
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 12:07 pm

The issue will be fixed in the next RouterOS release.
universal answer :lol:
What's new in 6.45beta6 (2019-Mar-05 08:51):

*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
eddieb
Member Candidate
Member Candidate
Posts: 141
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 12:24 pm

Hopefully we won't have to wait to long for this fix in current ...
Running 6.45.7 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
eddieb
Member Candidate
Member Candidate
Posts: 141
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 2:15 pm

I tried this beta but it did not solve my problems ... L2TP server with PSK is not working
Running 6.45.7 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
rzirzi
Member
Member
Topic Author
Posts: 378
Joined: Mon Oct 09, 2006 2:33 pm

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 2:17 pm

I tried this beta but it did not solve my problems ... L2TP server with PSK is not working
Please write to support@mikrotik.com with .rif file attached.
 
eddieb
Member Candidate
Member Candidate
Posts: 141
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 2:35 pm

done ;-)
Running 6.45.7 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
eddieb
Member Candidate
Member Candidate
Posts: 141
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: ROS 6.44 - VPN L2TP not working

Tue Mar 05, 2019 3:35 pm

that was FAST ! Emils thanks for your help !!!

it seems the way dynamic peer configuration from L2TP server were added to the peers menu changed between 6.43.12 and 6.44
dynamic peers take precedence BEFORE static peer entries ...

In my case there was a static default PEER with a password used by all my roadwarrior clients.
The dynamic peer (from the L2TP server entry) had a typo in the password but that never was used.
until now ...

changed the password and all my clients are working again !

kudos to support, extra kudos to emils

thanks
Running 6.45.7 (stable) on :
CCR1009-8G-1S (2x ipsec/l2tp site-to-site, ipsec/l2tp roadwarrior, dhcpd, dns), CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT (10pc), RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, CHR running dude (CHR running in VirtualBox on OSX)
 
yacsap
Member Candidate
Member Candidate
Posts: 102
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: ROS 6.44 - VPN L2TP not working

Thu Mar 14, 2019 5:22 am

The issue will be fixed in the next RouterOS release.
Could you please have a look at my issue:
viewtopic.php?f=2&t=146418
Can you please confirm if the issue is same and will be fixed on next version release as well?

Cheers
[ IMikroTik ] >
 
User avatar
emils
MikroTik Support
MikroTik Support
Posts: 505
Joined: Thu Dec 11, 2014 8:53 am

Re: ROS 6.44 - VPN L2TP not working

Thu Mar 14, 2019 8:52 am

 
yacsap
Member Candidate
Member Candidate
Posts: 102
Joined: Wed Dec 17, 2014 11:44 am
Location: Auckland, New Zealand
Contact:

Re: ROS 6.44 - VPN L2TP not working

Thu Mar 14, 2019 11:12 pm

If I upgrade to 6.44.1 will it fix the issue without changing the config?
[ IMikroTik ] >
 
gotsprings
Forum Veteran
Forum Veteran
Posts: 774
Joined: Mon May 14, 2012 9:30 pm

Re: ROS 6.44 - VPN L2TP not working

Fri Mar 15, 2019 12:00 am

Upgrading 6.44.1 broke my firewall forwarding chains.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8318
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: ROS 6.44 - VPN L2TP not working

Fri Mar 15, 2019 11:45 am

Upgrading 6.44.1 broke my firewall forwarding chains.
In what way?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
routiti
just joined
Posts: 14
Joined: Mon May 02, 2016 10:39 pm
Location: Spain

Re: ROS 6.44 - VPN L2TP not working

Sat Mar 23, 2019 1:00 pm

Since I upgraded to 6.44.*, I currently have patch 6.44.1 and device CCR1036-12G-4S, can not connect Windows 10 clients with IPSEC, get error when trying to connect and I have not changed at all the configuration in the clients or router
 
User avatar
JohnTRIVOLTA
Member Candidate
Member Candidate
Posts: 207
Joined: Sun Dec 25, 2016 2:05 pm
Location: BG/Sofia

Re: ROS 6.44 - VPN L2TP not working

Sun Mar 24, 2019 10:17 pm

Since I upgraded to 6.44.*, I currently have patch 6.44.1 and device CCR1036-12G-4S, can not connect Windows 10 clients with IPSEC, get error when trying to connect and I have not changed at all the configuration in the clients or router
I have the same problem. I reverted it with version 6.43.13 LT and L2TP with ipsec works again ! The routerboard is RB750Gr3 !
Second problem - RB4011 as l2tp / ipsec client does not connect to hAP AC2. If I remove the tick for using ipsec the router establish the connection without encoding, although hAP AC2 /server side/ is using IPSEC - have the tick use ipsec ! .
 
zuzkins
just joined
Posts: 1
Joined: Wed Apr 24, 2019 9:39 am

Re: ROS 6.44 - VPN L2TP not working

Wed Apr 24, 2019 9:43 am

that was FAST ! Emils thanks for your help !!!

it seems the way dynamic peer configuration from L2TP server were added to the peers menu changed between 6.43.12 and 6.44
dynamic peers take precedence BEFORE static peer entries ...

In my case there was a static default PEER with a password used by all my roadwarrior clients.
The dynamic peer (from the L2TP server entry) had a typo in the password but that never was used.
until now ...

changed the password and all my clients are working again !

kudos to support, extra kudos to emils

thanks
Thanks for posting the way to resolve your problem. I also had the same issue (mismatch of shared secrets between IPSEC and L2TP server identities), using the correct pre-shared key works as a charm.

Who is online

Users browsing this forum: No registered users and 24 guests