Community discussions

MikroTik App
 
brg3466
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Sat Aug 01, 2015 7:29 am

L2Tp/IPsec site to site VPN

Tue Apr 27, 2021 1:22 am

Hi everyone,
I have 2 sites with Mikrotik routers facing internet. I set up Router A as L2TP server. and I want to set up Router B as L2TP client.

My cellphone can connect to Router A (with my LTE data), so I assume the L2TP server set up is correct. But if I want to set router B as the L2TP client, it failed.

Here is the config of A ( server)
/ppp profile
add address-list=MyLan change-tcp-mss=yes local-address=192.168.89.1 name=vpn remote-address=vpn use-encryption=yes
/ppp secret
add name=brg3466 password=xxxxxx profile=vpn

/interface l2tp-server server
set allow-fast-path=yes default-profile=vpn enabled=yes ipsec-secret=xxxxxxx use-ipsec=yes
While on the router B, client side, the config is as below
/interface l2tp-client
add connect-to=router.A.public.address ipsec-secret=xxxx name=l2tp-out-1502 password=xxxxx use-ipsec=yes user=brg3466
all the rest regarding server and client are default.

the log on router B shows:
14:38:00 l2tp,ppp,info l2tp-out-1502: initializing... 
14:38:00 l2tp,ppp,info l2tp-out-1502: connecting... 
14:38:02 ipsec,debug 460 bytes from B.ipaddress[500] to A.ipaddress[500] 
14:38:02 ipsec,debug 1 times of 460 bytes message will be sent to A.ipaddress[500] 
14:38:02 ipsec resent phase1 packet B.ipaddress[500]<=>A.ipaddress[500] 5ee918b195f8cc1a:0000000000000000 
14:38:12 ipsec,error phase1 negotiation failed due to time up B.ipaddress[500]<=>A.ipaddress[500] 5ee918b195f8cc1a:0000
000000000000 
14:38:14 ipsec,debug === 
14:38:14 ipsec,info initiate new phase 1 (Identity Protection): client.ipaddress[500]<=>server.ipaddress[500] 
14:38:14 ipsec,debug new cookie: 
14:38:14 ipsec,debug 668db11af28f8c6e\01 
14:38:14 ipsec,debug add payload of len 168, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 13 
14:38:14 ipsec,debug add payload of len 16, next type 0 
14:38:14 ipsec,debug 460 bytes from client.ipaddress[500] to server.ipaddress[500] 
14:38:14 ipsec,debug 1 times of 460 bytes message will be sent to server.ipaddress[500] 
14:38:14 ipsec sent phase1 packet client.ipaddress[500]<=>server.ipaddress[500] 668db11af28f8c6e:0000000000000000 
14:38:15 ipsec server.ipaddress phase2 negotiation failed due to time up waiting for phase1. AH server.ipaddress[0]->client.ipaddress[0]  
14:38:15 ipsec delete phase 2 handler. 
14:38:16 ipsec acquire for policy: client.ipaddress:1701 <=> server.ipaddress:1701 ip-proto:17 
14:38:16 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0) 
14:38:16 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1) 
14:38:16 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1) 
14:38:16 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
14:38:16 ipsec server.ipaddress request for establishing IPsec-SA was queued due to no phase1 found. 
14:38:24 ipsec,debug 460 bytes from client.ipaddress[500] to server.ipaddress[500] 
14:38:24 ipsec,debug 1 times of 460 bytes message will be sent to server.ipaddress[500] 
14:38:24 ipsec resent phase1 packet client.ipaddress[500]<=>server.ipaddress[500] 668db11af28f8c6e:0000000000000000 
14:38:24 l2tp,ppp,info l2tp-out-1502: terminating... - session closed 
14:38:24 l2tp,ppp,info l2tp-out-1502: disconnected 
14:38:25 l2tp,ppp,info l2tp-out-1502: initializing... 
14:38:25 l2tp,ppp,info l2tp-out-1502: connecting... 

Anyone who knows well about the debug info can be of some help ? I cannot figure out why router B cannot connect to the server.

Thank you !

Who is online

Users browsing this forum: iustin, jamesperks, maxslug, mkx, patrikg and 84 guests