Community discussions

MUM Europe 2020
 
michaelcarey
newbie
Topic Author
Posts: 41
Joined: Thu May 11, 2006 8:03 am
Location: Port Lincoln, South Australia

L2TP server... what could be happening?

Thu Mar 29, 2012 11:33 pm

Hi Everybody,

I've set up an L2TP server on a Mikrotik/Routerboard RB750 (PPPoE ADSL connection). Everything seems to be OK, I'm using a pre-shared key. I've configured the Firewall/Filter Rules to allow UDP 500,1701,4500 and protocol 50.

I can connect to it with the two Win7 machines in my home office (different ADSL connection)... but not with my WinXP laptop which is on the same network as the Win7 machines.

The WinXP machines stay in the "Connecting to xxxxx..." phase and eventually time out with a error message. "Error 792: The L2TP connection attempt failed because security negotiation timed out."

I can see the connection attempt appearing in WinBox IP/IPSEC/Remote Peers...

I thought it might have been something in the laptop that was causing the trouble... but if I use my Huawei 3G USB "modem" to connect my laptop to the internet, it works fine and I can connect to the L2TP server and access the internal network via the L2TP connection.

Both WinXp machines at my work (NAT'd ADSL) also cannot connect to the Mikrotik L2TP server, but a Win7 computer belonging to a customer works fine using the same network and ADSL/router connection.

Does WinXp need some "changes" to be made that Win7 does not? What is stopping the WinXP machines behind a NAT router from connecting?


Any ideas?

Michael.

**edit** It appears that if my WinXP laptop is on the LAN side of the Mikrotik RB750 and I "aim" the L2TP connection at the internal IP address, it connects to the L2TP server OK.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 841
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 1:08 am

Search MS knowledge base for Q240262 and Q818043.
WinXP needs some registry modification.

HTH,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
michaelcarey
newbie
Topic Author
Posts: 41
Joined: Thu May 11, 2006 8:03 am
Location: Port Lincoln, South Australia

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 2:12 am

Thank you for the reply. I think I have seen one of these KB articles before.

Q818043 (I think) does not apply to me as as according to the article, this update has been already been applied with SP3.

Q240262 seems to be for Windows 2000. Does this KB article still apply to WinXP?

I do agree that it does seem to be a NAT-T issue... it seems to have been discussed here too :-

http://forum.mikrotik.com/viewtopic.php?f=1&t=47207
 
michaelcarey
newbie
Topic Author
Posts: 41
Joined: Thu May 11, 2006 8:03 am
Location: Port Lincoln, South Australia

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 2:33 am

OK... I looked a little more into the thread I posted just above and found this post :-
Hi .. I had the same problem when using IPsec/L2TP and NAT-T

I resolved this by changing the IPsec > Peer > Exchange Mode from "main" to "main l2tp"

This revision allows the the FQDN as the peer ID with preshared key authorization in main mode;

Cheers,
Luke

I changed this setting in my RB750... and it works!

:D
 
ditonet
Forum Veteran
Forum Veteran
Posts: 841
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 2:51 am

You didn't post your config, so my asumption was that 'exchange-mode=main l2tp'.
WinXP L2TP/IPSec client requires this mode an registry modification as described in
mentioned MS KB articles. Good to know that it works for you :)

Regards,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
michaelcarey
newbie
Topic Author
Posts: 41
Joined: Thu May 11, 2006 8:03 am
Location: Port Lincoln, South Australia

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 10:27 am

You didn't post your config, so my asumption was that 'exchange-mode=main l2tp'.
WinXP L2TP/IPSec client requires this mode an registry modification as described in
mentioned MS KB articles. Good to know that it works for you :)

Regards,
In the Mikrotik online manual "chapters" referring to L2TP, I found no reference to the "exchange-mode..." setting in IPSEC/peers...

http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP

This is the section of user manual I was working with when setting up my L2TP server... in the IPSec configuration the "exchange mode..." setting is not mentioned at all.

http://wiki.mikrotik.com/wiki/MikroTik_ ... IPSec/L2TP

Maybe the manual could be updated to include this?
 
ditonet
Forum Veteran
Forum Veteran
Posts: 841
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 10:48 am

You are right, online manual sometimes is inaccurate.
Some new features are only mentioned in changelog:
http://www.mikrotik.com/download/CHANGELOG_5
'Main L2TP' mode for example.
Anyway, RouterOS is still my favourite :)

Regards,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert
 
michaelcarey
newbie
Topic Author
Posts: 41
Joined: Thu May 11, 2006 8:03 am
Location: Port Lincoln, South Australia

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 11:50 am

Oh yes... please don't misunderstand.

I really like Mikrotik... very powerful.

Mikrotik and Routerboard!

:D
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5965
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 12:16 pm

Documentation updated.
Second article was user created so anyone can edit it.
 
ditonet
Forum Veteran
Forum Veteran
Posts: 841
Joined: Mon Oct 19, 2009 12:52 am
Location: Europe/Poland/Konstancin-Jeziorna
Contact:

Re: L2TP server... what could be happening?

Fri Mar 30, 2012 12:45 pm

Thanks!

Regards,
Grzegorz | MTCNA, MTCRE, MTCSE | konsultacje MikroTik Warszawa
It is a book about a Spanish guy called Manual. You should read it. - Dilbert

Who is online

Users browsing this forum: MSN [Bot], saibarker and 127 guests