Community discussions

MikroTik App
User avatar
just joined
Topic Author
Posts: 13
Joined: Sat Aug 15, 2009 11:39 pm

RouterOS as L2TP/IPSec client

Tue Sep 15, 2009 7:29 pm

Hello everybody.

I want to connect my RouterOS to a VPN using IPSec/L2TP as I currently have a Windows XP PC.

L2TP configuration is as follows:
name="l2tp-client" max-mtu=1460 max-mru=1460 mrru=512 connect-to=ip.address.l2tp.server user="adiazm" password="xxxxxxxx" profile=default-encryption add-default-route=no dial-on-demand=no allow=pap,chap,mschap1,mschap2
And IPsec configuration is as follows:
address=ip.address.l2tp.server/32:500 auth-method=pre-shared-key secret="PreSharedKey" generate-policy=yes exchange-mode=main send-initial-contact=yes nat-traversal=no proposal-check=obey hash-algorithm=sha1 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=disable-dpd dpd-maximum-failures=1

name="Prop-L2TP-IPSEC" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m pfs-group=none

src-address=my.routeros.ip.address/32:1701 dst-address=ip.address.l2tp.server/32:1701 protocol=udp action=encrypt level=require ipsec-protocols=esp tunnel=no sa-src-address=my.routeros.ip.address sa-dst-address=ip.address.l2tp.server proposal=Prop-L2TP-IPSEC priority=0
I get the following errors:
echo: ipsec IPsec-SA request for ip.address.l2tp.server queued due to no phase1 found.
echo: ipsec initiate new phase 1 negotiation: my.routeros.ip.address[500]<=>ip.address.l2tp.server[500]
echo: ipsec begin Identity Protection mode.
echo: ipsec phase1 negotiation failed due to time up. 1b50ec5d0735aadb:0000000000000000
echo: ipsec phase2 negotiation failed due to time up waiting for phase1. ESP ip.address.l2tp.server[500]->my.routeros.ip.address[500]
echo: ipsec delete phase 2 handler.
And I can not connect. Please could someone tell me what should I correct?

As you know, People on the server side only provides the user, password and PSK.


Who is online

Users browsing this forum: No registered users and 113 guests