Community discussions

MUM Europe 2020
 
donisg
newbie
Topic Author
Posts: 26
Joined: Sun Nov 25, 2012 10:59 pm

Mikrotik L2TP/IPSec as client.

Wed May 07, 2014 10:03 am

Situation.
Server side:
SoftEther VPN server.
Running L2TP/IPSec services.

Client side:
Win7, Android, iOS clients can connect to L2TP/IPSec server with no problem.
I want to setup Mikrotik as L2TP/IPSec client.

Problem:
Mikrotik L2TP did not start L2TP tunnel succesfuly.
Log: sent control message to VPN_server_ip:1701
and nothing more happens. Looks like VPN_server_ip is not responding to control message.

What is done on Mikrotik:
/interface l2tp-client add add-default-route=no allow=pap,chap,mschap1,mschap2 \
connect-to=IP_OF_VPN_SERVER dial-on-demand=no disabled=no max-mru=1460 \
max-mtu=1460 mrru=disabled name=l2tp-BL password=1234 profile=default-encryption user=user1

Profile default-encryption is left in default configuration, no changes.
I confirm that IP of VPN server, user, password are double checked and correct.

Should I configure anything else to get L2TP part connected?
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1122
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Mikrotik L2TP/IPSec as client.

Wed May 07, 2014 10:59 am

You need to configure IPSec as well.

Watch the presentation in my sig, its about the server side as well, but you will find complete config for the client in there as well.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
donisg
newbie
Topic Author
Posts: 26
Joined: Sun Nov 25, 2012 10:59 pm

Re: Mikrotik L2TP/IPSec as client.

Wed May 07, 2014 11:20 am

Yes, I saw Your link.
Am I understand correct L2TP connects before IPSec part?

I configured IPSec part also, but first of all I understand that L2TP must be up and running.
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1122
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Mikrotik L2TP/IPSec as client.

Wed May 07, 2014 1:09 pm

Yes, I saw Your link.
Am I understand correct L2TP connects before IPSec part?

I configured IPSec part also, but first of all I understand that L2TP must be up and running.
L2TP will try to iniciate the connection - but will NOT be able to connect before IPSec negotiates security.

So L2TP trying to connect will just tell IPsec that it needs to do its job.
But L2TP will NOT connect before the IPSec process completes.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
ners
Frequent Visitor
Frequent Visitor
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: Mikrotik L2TP/IPSec as client.

Wed May 07, 2014 4:32 pm

Yes, I saw Your link.
Am I understand correct L2TP connects before IPSec part?

I configured IPSec part also, but first of all I understand that L2TP must be up and running.
L2TP will try to iniciate the connection - but will NOT be able to connect before IPSec negotiates security.

So L2TP trying to connect will just tell IPsec that it needs to do its job.
But L2TP will NOT connect before the IPSec process completes.
But how does it determine if the connection should be IPSec'ed or not? Maybe one time I want to establish a clear L2TP tunnel and another time pass through IPSec first?
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1122
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Mikrotik L2TP/IPSec as client.

Wed May 07, 2014 4:50 pm

But how does it determine if the connection should be IPSec'ed or not? Maybe one time I want to establish a clear L2TP tunnel and another time pass through IPSec first?
That is explain in the presentation.
The IPSec peer and IPSec policy configs define that.

You need to configure it to use IPSec for L2TP or NOT to use IPSec for L2TP.
How is the router supposed to know when you want IPSec and when not?
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!

Who is online

Users browsing this forum: Gusto, zeronazz and 106 guests