Community discussions

MikroTik App
 
hckyan97
just joined
Topic Author
Posts: 1
Joined: Wed Nov 04, 2020 10:28 pm

L2TP/ipsec/preshared

Wed Nov 04, 2020 11:00 pm

Hi every one here is my network
i have a pfsense connected to an ISP within my network i have a mikrotik router
Mikrotik Wan is getting ip from pfsense router static 97.97.97.149/24
Mikrotik Lan(bridge) 172.16.1.0/24 gateway is 172.16.1.1

i am trying to create a vpn l2tp connection so far i did the following
created a profile:
name = Vpn1
local address = 172.16.1.1
remote = 172.168.1.5 (outside of lan pool)
dns server = 8.8.8.8
Created Secret
Name = Yan
password= password
service = l2tp
profile = Vpn1
the rest is default i did not put remote or local as in the tutorials they dont.. i believe they are using the profiles local and remote??

went in interface L2TP server and made sure it was enabled
choose default profile as Vpn1 the profile i created
auth = mschapv2,chap
use ipsec = required
ipsec Secret = anything i want.. tho i dont know what thi is exactly because on windows htey only ask preshared key ans username password (of the secrets i imagine)
the rest is default

then i went in ip ipsec
created a peer
name=peer1
address default = ::/0 i believe means any
profile = default
exchange mode = main
rest is default
then i went to identites created one with peer1
auth-methid = preshared
secret = secret i put same as ipsec secret (it is the one i use on client side a preshared key)
rest is default
so when i try to connect with windows 10 it is trying to connect but never actually does. when i look at Mikroik logs all i see is this. which does say established
Image
Image
Image
Image
Image
pictures
https://ibb.co/ccCChHV
https://ibb.co/2FFjSRN
https://ibb.co/mCspxBN
https://ibb.co/1X3FKyz
https://ibb.co/VxxyxQj
it does a rekey and purge and sa deleted after being established

i know that my mikrotik router is inside a lan network this is why on the pfsens i portforwarded 1701 500 and 4500 coming from wan destination wan to redirect to my mikrotik wan ip 97.97.97.149
by doing this only i get the establisehd without it i dont so i assum this is ok
is it that i can get in but not out?? or is it a probleme with ipsec mikrotik configuration . normally all established is allowed by default by pfsense so i should not beblocking the return
anyone have any idea? does it have something to do with me using the brdige interface becaus when i plug a laptop it give me an ip in the range of the bridge no matter the port

Who is online

Users browsing this forum: Daniel44, Dude2048 and 202 guests