I have 2 sites with Mikrotik routers facing internet. I set up Router A as L2TP server. and I want to set up Router B as L2TP client.
My cellphone can connect to Router A (with my LTE data), so I assume the L2TP server set up is correct. But if I want to set router B as the L2TP client, it failed.
Here is the config of A ( server)
Code: Select all
/ppp profile
add address-list=MyLan change-tcp-mss=yes local-address=192.168.89.1 name=vpn remote-address=vpn use-encryption=yes
/ppp secret
add name=brg3466 password=xxxxxx profile=vpn
/interface l2tp-server server
set allow-fast-path=yes default-profile=vpn enabled=yes ipsec-secret=xxxxxxx use-ipsec=yes
Code: Select all
/interface l2tp-client
add connect-to=router.A.public.address ipsec-secret=xxxx name=l2tp-out-1502 password=xxxxx use-ipsec=yes user=brg3466
the log on router B shows:
Code: Select all
14:38:00 l2tp,ppp,info l2tp-out-1502: initializing...
14:38:00 l2tp,ppp,info l2tp-out-1502: connecting...
14:38:02 ipsec,debug 460 bytes from B.ipaddress[500] to A.ipaddress[500]
14:38:02 ipsec,debug 1 times of 460 bytes message will be sent to A.ipaddress[500]
14:38:02 ipsec resent phase1 packet B.ipaddress[500]<=>A.ipaddress[500] 5ee918b195f8cc1a:0000000000000000
14:38:12 ipsec,error phase1 negotiation failed due to time up B.ipaddress[500]<=>A.ipaddress[500] 5ee918b195f8cc1a:0000
000000000000
14:38:14 ipsec,debug ===
14:38:14 ipsec,info initiate new phase 1 (Identity Protection): client.ipaddress[500]<=>server.ipaddress[500]
14:38:14 ipsec,debug new cookie:
14:38:14 ipsec,debug 668db11af28f8c6e\01
14:38:14 ipsec,debug add payload of len 168, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 13
14:38:14 ipsec,debug add payload of len 16, next type 0
14:38:14 ipsec,debug 460 bytes from client.ipaddress[500] to server.ipaddress[500]
14:38:14 ipsec,debug 1 times of 460 bytes message will be sent to server.ipaddress[500]
14:38:14 ipsec sent phase1 packet client.ipaddress[500]<=>server.ipaddress[500] 668db11af28f8c6e:0000000000000000
14:38:15 ipsec server.ipaddress phase2 negotiation failed due to time up waiting for phase1. AH server.ipaddress[0]->client.ipaddress[0]
14:38:15 ipsec delete phase 2 handler.
14:38:16 ipsec acquire for policy: client.ipaddress:1701 <=> server.ipaddress:1701 ip-proto:17
14:38:16 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0)
14:38:16 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
14:38:16 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
14:38:16 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
14:38:16 ipsec server.ipaddress request for establishing IPsec-SA was queued due to no phase1 found.
14:38:24 ipsec,debug 460 bytes from client.ipaddress[500] to server.ipaddress[500]
14:38:24 ipsec,debug 1 times of 460 bytes message will be sent to server.ipaddress[500]
14:38:24 ipsec resent phase1 packet client.ipaddress[500]<=>server.ipaddress[500] 668db11af28f8c6e:0000000000000000
14:38:24 l2tp,ppp,info l2tp-out-1502: terminating... - session closed
14:38:24 l2tp,ppp,info l2tp-out-1502: disconnected
14:38:25 l2tp,ppp,info l2tp-out-1502: initializing...
14:38:25 l2tp,ppp,info l2tp-out-1502: connecting...
Anyone who knows well about the debug info can be of some help ? I cannot figure out why router B cannot connect to the server.
Thank you !