Community discussions

MikroTik App
 
cavaughan
newbie
Topic Author
Posts: 30
Joined: Sun Nov 09, 2014 8:01 pm
Location: Seattle, WA, USA
Contact:

L2TP VPN issue

Thu Mar 26, 2020 1:09 am

I have 3 companies using MK routers with VPN's for their clients. Now with people working from home they may be getting taxed, but only 1 is consistently having issues. This only concerns Windows 10 clients, btw.

There many posts here about this issue, which comes down to the error:
l2tp connection attempt failed because the security layer encountered

Although I've read many of the posts concerning this issue, so far I have found no resolution.

In this case there are 4 people potentially using the VPN. So far it seems only 3 are on at the same time. I have heard no complaints from one of the clients.
Another client has had this issue and discovered that if she merely reboot her modem and router, the trouble goes away.

But just today another client has been having this issue. It was only after deleting her VPN setting in Windows and recreating it, that the trouble goes away.

Anyhow, although it is my belief that it is likely something wrong with Windows 10, I can't keep having to nurse each client back up. Are there recommendations on what settings I might consider changing, or maybe just changing everyone over to a different VPN protocol.

The settings are used are very similar to the one's here:
https://justit.eu/mikrotik-l2tpipsec-vpn/
Curtis Vaughan
Seattle, USA
 
Sob
Forum Guru
Forum Guru
Posts: 5478
Joined: Mon Apr 20, 2009 9:11 pm

Re: L2TP VPN issue

Thu Mar 26, 2020 1:32 am

I've seen random problems with IPSec, either with L2TP or without, clients not being able to connect at times, but working later without any changes on either side. So far most reliable for me were OpenVPN or SSTP. Unfortunately, they are both relatively hard to set up. OpenVPN requires to install client software. And certificates are also harder than simple username and password. SSTP needs trusted certificate, so you either need to buy one, do extra work to get a free one from Let's Encrypt (RouterOS can't get it by itself, so you need some external way), or install own CA to all clients. Basically all VPNs are annoying in one way or another.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply. Not intended as incentive for masochists.

Who is online

Users browsing this forum: accarda, afuchs, jewelaziz, kivimart, RackKing and 103 guests