tried to get support from Mikrotik team, but ... noway.
We had VPN L2TP IPSEC up and running with no problem since 2 years.
Recently Microtik team had some modification on IPSEC and ... now Windows 7 / 10 no more works (OSX still well working)
this is the conf
Code: Select all
/ip ipsec mode-config
add address-pool="VPN guests" name="vpn Guests" split-include=192.168.88.0/24
/ip ipsec profile
add dh-group=modp1024 dpd-interval=disable-dpd enc-algorithm=aes-256,aes-192,aes-128,3des name=profile_2
/ip ipsec peer
add name=peer1 passive=yes profile=profile_2
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=3des
add auth-algorithms=md5 enc-algorithms=aes-256-cbc,aes-256-ctr,3des name=l2tp-proposal pfs-group=none
/ip ipsec identity
add generate-policy=port-override peer=peer1 secret=Secretkey
/ip ipsec policy
add dst-address=0.0.0.0/0 proposal=l2tp-proposal src-address=0.0.0.0/0 template=yes
/ppp profile
set *0 local-address="VPN guests" remote-address="VPN guests"
set *FFFFFFFE local-address="VPN guests" remote-address="VPN guests"
/ppp secret
add name=test password=Test123
/interface l2tp-server server
set allow-fast-path=yes authentication=chap,mschap1,mschap2 default-profile=default enabled=yes ipsec-secret=Secretkey use-ipsec=yes
than firewall rules
Code: Select all
/ip firewall filter
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
android --> OK
Windows 7 -10 --> KO
when windows try get connection on , the mikrotik device report :
l2tp,info first L2TP UDP packet received from xxx.xxx.xxx.xxx
than error timeout on windows.
firmware 6.44.1 and 6.45 beta 16
thanks for suggestions
