Community discussions

 
User avatar
rules
just joined
Topic Author
Posts: 22
Joined: Tue Feb 19, 2019 12:10 pm
Location: Cape Town, South Africa

L2TP/IPSec - Works from Android and Mikrotik but not Windows?

Sat Oct 05, 2019 8:14 pm

Hi All

As per the subject, I have a site with a Mikrotik router and I want to create a VPN connection to it for a client. The Mikrotik is a secondary router and sits behind the client's ISP router and I have all the necessary ports forwarded to it (500, 1701 & 4500).

I can connect to it from another Mikrotik router and from Android, but I have now tried multiple Windows machines and none of them want to connect. It eventually times out and tells me I have to check the network settings. On one of my tests I connected my local Mikrotik router to it and forgot to disconnect, then tried to connect my Windows machine's VPN and it actually worked. This obviously means that by going through the existing tunnel I bypassed whatever was causing my issue, but I still don't know what this issue is and why neither Mikrotik nor Android is bothered by it 🙈

Any ideas?

Thanks,
R
 
pe1chl
Forum Guru
Forum Guru
Posts: 5913
Joined: Mon Jun 08, 2015 12:09 pm

Re: L2TP/IPSec - Works from Android and Mikrotik but not Windows?

Sat Oct 05, 2019 9:54 pm

In IPsec there are some connection profiles that indicate the allowed modes of encryption, hashing, DH group, and key management (psk, certificate) and in PPP (used by L2TP) there are also several settings for authentication, compression, encryption etc.
This whole set of profiles has to be acceptable to the client, and if there is some detail that is wrong you can expect Windows and other devices with limited user interface to issue a vague or incorrect error message that is hard to debug.

This is what makes networking interesting :-)

(on top of this, there is a limitation that allows only a single device to connect between a pair of external IP addresses. so when you are trying with different devices at the same time, it becomes even more interesting...)
 
McSee
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Tue Feb 26, 2019 12:49 pm

Re: L2TP/IPSec - Works from Android and Mikrotik but not Windows?

Mon Oct 07, 2019 3:13 am

Windows clients need AssumeUDPEncapsulationContextOnSend registry setting set to yes if your VPN server is behind NAT.
 
User avatar
karlisi
Member Candidate
Member Candidate
Posts: 252
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: L2TP/IPSec - Works from Android and Mikrotik but not Windows?

Mon Oct 07, 2019 10:20 am

L2tp/IPSec client on Windows can work withour registry mod. NAT device in this case is whatever you want, all magic is made on Mikrotik VPN server
viewtopic.php?f=2&t=149863#p738129
---
Karlis

Who is online

Users browsing this forum: MSN [Bot] and 87 guests