Am having quite a few problems using windows 7/vista to connect to my mikrotik based ipsec/vpn server, however problem only occurs when behind NAT.
I set up this vpn about a year ago and have never had any problems when using it via 3g mobile connection or from a public ip address, but have only encountered this error after trying to hook a friend up to my vpn from his home setup, which is behind NAT.
My setup is basically x86 pc with mikrotik ide-flash card, standard setup with pppoe authenticated adsl, modem in bridge mode.
The NAT device at client end is a wrt54g with ddwrt firmware (latest release) with modem
connected in bridge mode, have enabled all passthroughs on the ddwrt and seems to allow traffic, as i can see the connection attempts in the mikrotik log.
Have enabled registry tweaks explained in knowledge base article KB926179 in relation to NAT-T however still cannot achieve authentication, have also enabled and disabled NAT-T on the mikrotik's ipsec settings
Allthough i believe the OS to be at fault, im open to the problem being in the mikrotik configuration, as im no expert on ipsec and quite possibly have gotten a setting wrong, if more information is required i will be monitoring this thread and will respond promptly.
Thanking anyone in advance
Ralphy
Mar/11/2010 00:19:06 ipsec respond new phase 1 negotiation: 118.209.xx.xxx[500]<=>110.175.xxx.xxx[500]
Mar/11/2010 00:19:06 ipsec begin Identity Protection mode.
Mar/11/2010 00:19:06 ipsec received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
Mar/11/2010 00:19:06 ipsec received Vendor ID: RFC 3947
Mar/11/2010 00:19:06 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Mar/11/2010 00:19:06 ipsec
Mar/11/2010 00:19:06 ipsec received Vendor ID: FRAGMENTATION
Mar/11/2010 00:19:06 ipsec Selected NAT-T version: RFC 3947
Mar/11/2010 00:19:06 ipsec invalid DH group 20.
Mar/11/2010 00:19:06 ipsec invalid DH group 19.
Mar/11/2010 00:19:06 ipsec Hashing 118.209.xx.xxx[500] with algo #2
Mar/11/2010 00:19:06 ipsec NAT-D payload #0 verified
Mar/11/2010 00:19:06 ipsec Hashing 110.175.xxx.xxx[500] with algo #2
Mar/11/2010 00:19:06 ipsec NAT-D payload #1 doesn't match
Mar/11/2010 00:19:06 ipsec NAT detected: PEER
Mar/11/2010 00:19:06 ipsec Hashing 110.175.xxx.xxx[500] with algo #2
Mar/11/2010 00:19:06 ipsec Hashing 118.209.xx.xxx[500] with algo #2
Mar/11/2010 00:19:06 ipsec Adding remote and local NAT-D payloads.
Mar/11/2010 00:19:06 ipsec NAT-T: ports changed to: 110.175.xxx.xxx[4500]<->118.209.xx.xxx[4500]
Mar/11/2010 00:19:06 ipsec KA list add: 118.209.xx.xxx[4500]->110.175.xxx.xxx[4500]
Mar/11/2010 00:19:06 ipsec ISAKMP-SA established 118.209.xx.xxx[4500]-110.175.xxx.xxx[4500] spi:3bbe749b423b5808:f9193ead7d50d87a
Mar/11/2010 00:19:06 ipsec respond new phase 2 negotiation: 118.209.xx.xxx[4500]<=>110.175.xxx.xxx[4500]
Mar/11/2010 00:19:06 ipsec Update the generated policy : 192.168.1.110/32[1701] 118.209.xx.xxx/32[1701] proto=udp dir=in
Mar/11/2010 00:19:06 ipsec Adjusting my encmode UDP-Transport->Transport
Mar/11/2010 00:19:06 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
Mar/11/2010 00:19:06 ipsec trns_id mismatched: my:3DES peer:AES
Mar/11/2010 00:19:06 ipsec not matched
Mar/11/2010 00:19:06 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
Mar/11/2010 00:19:06 ipsec IPsec-SA established: ESP/Transport 110.175.xxx.xxx[4500]->118.209.xx.xxx[4500] spi=72758597(0x4563545)
Mar/11/2010 00:19:06 ipsec IPsec-SA established: ESP/Transport 118.209.xx.xxx[4500]->110.175.xxx.xxx[4500] spi=946478139(0x386a1c3b)
Mar/11/2010 00:19:06 l2tp,debug,packet rcvd control message from 110.175.xxx.xxx:1701
Mar/11/2010 00:19:06 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Message-Type=SCCRQ
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:06 l2tp,debug,packet Firmware-Revision=0x601
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Host-Name="xxxx-PC"
Mar/11/2010 00:19:06 l2tp,debug,packet Vendor-Name="Microsoft"
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Assigned-Tunnel-ID=39
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Receive-Window-Size=8
Mar/11/2010 00:19:06 l2tp,debug tunnel 19 entering state: wait-ctl-conn
Mar/11/2010 00:19:06 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:06 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:06 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:06 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Assigned-Tunnel-ID=19
Mar/11/2010 00:19:06 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:07 l2tp,debug,packet rcvd control message from 110.175.xxx.xxx:1701
Mar/11/2010 00:19:07 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Message-Type=SCCRQ
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:07 l2tp,debug,packet Firmware-Revision=0x601
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Host-Name="xxxx-PC"
Mar/11/2010 00:19:07 l2tp,debug,packet Vendor-Name="Microsoft"
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Assigned-Tunnel-ID=39
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Receive-Window-Size=8
Mar/11/2010 00:19:07 l2tp,debug,packet sent control message (ack) to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:07 l2tp,debug,packet tunnel-id=39, session-id=0, ns=1, nr=1
Mar/11/2010 00:19:07 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:07 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:07 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:07 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Assigned-Tunnel-ID=19
Mar/11/2010 00:19:07 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:08 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:08 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:08 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:08 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:08 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:08 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:08 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:08 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:08 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:08 l2tp,debug,packet (M) Assigned-Tunnel-ID=19
Mar/11/2010 00:19:08 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:09 l2tp,debug,packet rcvd control message from 110.175.xxx.xxx:1701
Mar/11/2010 00:19:09 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
Mar/11/2010 00:19:09 l2tp,debug,packet (M) Message-Type=SCCRQ
Mar/11/2010 00:19:09 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:09 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:09 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:09 l2tp,debug,packet Firmware-Revision=0x601
Mar/11/2010 00:19:09 l2tp,debug,packet (M) Host-Name="xxxx-PC"
Mar/11/2010 00:19:09 l2tp,debug,packet Vendor-Name="Microsoft"
Mar/11/2010 00:19:09 l2tp,debug,packet (M) Assigned-Tunnel-ID=39
Mar/11/2010 00:19:09 l2tp,debug,packet (M) Receive-Window-Size=8
Mar/11/2010 00:19:09 l2tp,debug,packet sent control message (ack) to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:09 l2tp,debug,packet tunnel-id=39, session-id=0, ns=1, nr=1
Mar/11/2010 00:19:10 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:10 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:10 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:10 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:10 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:10 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:10 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:10 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:10 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:10 l2tp,debug,packet (M) Assigned-Tunnel-ID=19
Mar/11/2010 00:19:10 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:13 l2tp,debug,packet rcvd control message from 110.175.xxx.xxx:1701
Mar/11/2010 00:19:13 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
Mar/11/2010 00:19:13 l2tp,debug,packet (M) Message-Type=SCCRQ
Mar/11/2010 00:19:13 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:13 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:13 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:13 l2tp,debug,packet Firmware-Revision=0x601
Mar/11/2010 00:19:13 l2tp,debug,packet (M) Host-Name="xxxx-PC"
Mar/11/2010 00:19:13 l2tp,debug,packet Vendor-Name="Microsoft"
Mar/11/2010 00:19:13 l2tp,debug,packet (M) Assigned-Tunnel-ID=39
Mar/11/2010 00:19:13 l2tp,debug,packet (M) Receive-Window-Size=8
Mar/11/2010 00:19:13 l2tp,debug,packet sent control message (ack) to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:13 l2tp,debug,packet tunnel-id=39, session-id=0, ns=1, nr=1
Mar/11/2010 00:19:14 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:14 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:14 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:14 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:14 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:14 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:14 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:14 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:14 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:14 l2tp,debug,packet (M) Assigned-Tunnel-ID=19
Mar/11/2010 00:19:14 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:21 l2tp,debug,packet rcvd control message from 110.175.xxx.xxx:1701
Mar/11/2010 00:19:21 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
Mar/11/2010 00:19:21 l2tp,debug,packet (M) Message-Type=SCCRQ
Mar/11/2010 00:19:21 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:21 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:21 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:21 l2tp,debug,packet Firmware-Revision=0x601
Mar/11/2010 00:19:21 l2tp,debug,packet (M) Host-Name="xxxx-PC"
Mar/11/2010 00:19:21 l2tp,debug,packet Vendor-Name="Microsoft"
Mar/11/2010 00:19:21 l2tp,debug,packet (M) Assigned-Tunnel-ID=39
Mar/11/2010 00:19:21 l2tp,debug,packet (M) Receive-Window-Size=8
Mar/11/2010 00:19:21 l2tp,debug,packet sent control message (ack) to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:21 l2tp,debug,packet tunnel-id=39, session-id=0, ns=1, nr=1
Mar/11/2010 00:19:22 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:22 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:22 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:22 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:22 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:22 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:22 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:22 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:22 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:22 l2tp,debug,packet (M) Assigned-Tunnel-ID=19
Mar/11/2010 00:19:22 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:30 l2tp,debug tunnel 19 received no replies, disconnecting
Mar/11/2010 00:19:30 l2tp,debug tunnel 19 entering state: dead
Mar/11/2010 00:19:31 l2tp,debug,packet rcvd control message from 110.175.xxx.xxx:1701
Mar/11/2010 00:19:31 l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Message-Type=SCCRQ
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:31 l2tp,debug,packet Firmware-Revision=0x601
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Host-Name="xxxx-PC"
Mar/11/2010 00:19:31 l2tp,debug,packet Vendor-Name="Microsoft"
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Assigned-Tunnel-ID=39
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Receive-Window-Size=8
Mar/11/2010 00:19:31 l2tp,debug tunnel 20 entering state: wait-ctl-conn
Mar/11/2010 00:19:31 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:31 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:31 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:31 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Assigned-Tunnel-ID=20
Mar/11/2010 00:19:31 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:32 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:32 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:32 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:32 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:32 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:32 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:32 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:32 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:32 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:32 l2tp,debug,packet (M) Assigned-Tunnel-ID=20
Mar/11/2010 00:19:32 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:33 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:33 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:33 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:33 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:33 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:33 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:33 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:33 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:33 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:33 l2tp,debug,packet (M) Assigned-Tunnel-ID=20
Mar/11/2010 00:19:33 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:35 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:35 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:35 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:35 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:35 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:35 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:35 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:35 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:35 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:35 l2tp,debug,packet (M) Assigned-Tunnel-ID=20
Mar/11/2010 00:19:35 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:39 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:39 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:39 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:39 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:39 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:39 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:39 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:39 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:39 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:39 l2tp,debug,packet (M) Assigned-Tunnel-ID=20
Mar/11/2010 00:19:39 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:41 ipsec generated policy, deleting it.
Mar/11/2010 00:19:41 ipsec get a src address from ID payload 192.168.1.110[1701] prefixlen=32 ul_proto=17
Mar/11/2010 00:19:41 ipsec get dst address from ID payload 118.209.xx.xxx[1701] prefixlen=32 ul_proto=17
Mar/11/2010 00:19:41 ipsec pfkey spddelete(inbound) sent.
Mar/11/2010 00:19:41 ipsec purged IPsec-SA proto_id=ESP spi=946478139.
Mar/11/2010 00:19:41 ipsec pfkey X_SPDDELETE failed: No such file or directory
Mar/11/2010 00:19:41 ipsec pfkey X_SPDDELETE failed: No such file or directory
Mar/11/2010 00:19:41 ipsec ISAKMP-SA expired 118.209.xx.xxx[4500]-110.175.xxx.xxx[4500] spi:3bbe749b423b5808:f9193ead7d50d87a
Mar/11/2010 00:19:42 ipsec ISAKMP-SA deleted 118.209.xx.xxx[4500]-110.175.xxx.xxx[4500] spi:3bbe749b423b5808:f9193ead7d50d87a
Mar/11/2010 00:19:42 ipsec KA remove: 118.209.xx.xxx[4500]->110.175.xxx.xxx[4500]
Mar/11/2010 00:19:47 l2tp,debug,packet sent control message to 110.175.xxx.xxx:1701
Mar/11/2010 00:19:47 l2tp,debug,packet tunnel-id=39, session-id=0, ns=0, nr=1
Mar/11/2010 00:19:47 l2tp,debug,packet (M) Message-Type=SCCRP
Mar/11/2010 00:19:47 l2tp,debug,packet (M) Protocol-Version=0x01:00
Mar/11/2010 00:19:47 l2tp,debug,packet (M) Framing-Capabilities=0x1
Mar/11/2010 00:19:47 l2tp,debug,packet (M) Bearer-Capabilities=0x0
Mar/11/2010 00:19:47 l2tp,debug,packet Firmware-Revision=0x1
Mar/11/2010 00:19:47 l2tp,debug,packet (M) Host-Name="mainrouter"
Mar/11/2010 00:19:47 l2tp,debug,packet Vendor-Name="MikroTik"
Mar/11/2010 00:19:47 l2tp,debug,packet (M) Assigned-Tunnel-ID=20
Mar/11/2010 00:19:47 l2tp,debug,packet (M) Receive-Window-Size=4
Mar/11/2010 00:19:55 l2tp,debug tunnel 20 received no replies, disconnecting
Mar/11/2010 00:19:55 l2tp,debug tunnel 20 entering state: dead
Re: L2TP/ipsec problems with windows 7 / vista when behind NAT
Should also mention im using RouterOS 4.6
Re: L2TP/ipsec problems with windows 7 / vista when behind N
Can you make this succeed with winxp sp2 /sp3 client?
Re: L2TP/ipsec problems with windows 7 / vista when behind N
winxp client that behind NAT and ROS L2TP IPSEC VPN connection settings
First note the following
1, ROS release requirements: 3.20 unsuccessful, 4.8 success, I didn’t see the kernel version, but with the different versions of openssl, 3.20 for 0.9.8a, 4.8 below for 0.9.8L .
2, nat-t has nothing to do with the gateway: client can pass as long as the link to the server side on the line, even if open the nat’s firewall. The following experiments, NAT using internet connection sharing winxp(ICS) native functions, just like ros’s masquerade function.
3, Ip security policy: client-side using a WINXP native l2tp/Ipsec client, by default, if the server side with the vpn server is win2003 features, both sides can easily negotiation, complete the connection. Server-side for the ros, the need to modify the ip security policy.
4, when the IP security policy does not assigned , log show VPN can complete the two phases of the normal negotiation, but can not connect l2tp .
Experimental environment
client(192.168.121.2)<->(192.168.121.1)gw(192.168.111.1 )<=>(192.168.111.2) vpnserver (192.168.122.1)
client: winxp sp2, l2tp/ipsec client
gw: winxp sp2, internet connection sharing(ICS)
vpnserver: routeros 4.8
A.vpnserver-side configuration:
Please refer to the log a few days ago, which also includes client setup
http://wiki.mikrotik.com/wiki/MikroTik_ ... IPSec/L2TP
Or
B.IP Security Policy client-side configuration below:
in winxp client:
Run mmc,
1 .File -> Add / Remove Snap-in -> IP Security Policies
2.IP Security Policy -> Right, IP security policy create
3 .Name: toros, -> unset the Activate the default response rule,
Outgoing:
4 .Add: ip safety rules, specify the tunnel end points: 192.168.111.2 or vpn’s of IP,
5.Ip filter to unset the mirror. With the ip source, choose my IP address, select a specific target ip: 192.168.111.2
Ingoing:
6. Add: specify the tunnel end points: 192.168.121.2 is the address of the client
7.ip filter to unset mirror. With the ip source, select a specific ip: 192.168.111.2, target selection my ip .
8 Filter Action, select "accept ",***
Is complete, restart the ipsec service, toros right -> assigned
Not yet finished, some issues have not made clear ***
First note the following
1, ROS release requirements: 3.20 unsuccessful, 4.8 success, I didn’t see the kernel version, but with the different versions of openssl, 3.20 for 0.9.8a, 4.8 below for 0.9.8L .
2, nat-t has nothing to do with the gateway: client can pass as long as the link to the server side on the line, even if open the nat’s firewall. The following experiments, NAT using internet connection sharing winxp(ICS) native functions, just like ros’s masquerade function.
3, Ip security policy: client-side using a WINXP native l2tp/Ipsec client, by default, if the server side with the vpn server is win2003 features, both sides can easily negotiation, complete the connection. Server-side for the ros, the need to modify the ip security policy.
4, when the IP security policy does not assigned , log show VPN can complete the two phases of the normal negotiation, but can not connect l2tp .
Experimental environment
client(192.168.121.2)<->(192.168.121.1)gw(192.168.111.1 )<=>(192.168.111.2) vpnserver (192.168.122.1)
client: winxp sp2, l2tp/ipsec client
gw: winxp sp2, internet connection sharing(ICS)
vpnserver: routeros 4.8
A.vpnserver-side configuration:
Please refer to the log a few days ago, which also includes client setup
http://wiki.mikrotik.com/wiki/MikroTik_ ... IPSec/L2TP
Or
B.IP Security Policy client-side configuration below:
in winxp client:
Run mmc,
1 .File -> Add / Remove Snap-in -> IP Security Policies
2.IP Security Policy -> Right, IP security policy create
3 .Name: toros, -> unset the Activate the default response rule,
Outgoing:
4 .Add: ip safety rules, specify the tunnel end points: 192.168.111.2 or vpn’s of IP,
5.Ip filter to unset the mirror. With the ip source, choose my IP address, select a specific target ip: 192.168.111.2
Ingoing:
6. Add: specify the tunnel end points: 192.168.121.2 is the address of the client
7.ip filter to unset mirror. With the ip source, select a specific ip: 192.168.111.2, target selection my ip .
8 Filter Action, select "accept ",***
Is complete, restart the ipsec service, toros right -> assigned
Not yet finished, some issues have not made clear ***
Who is online
Users browsing this forum: korbanpinjol and 82 guests