Community discussions

MUM Europe 2020
 
lambert
Long time Member
Long time Member
Topic Author
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

IPsec/L2TP connection dropping every 48 minutes

Sat Aug 23, 2014 10:52 am

I have just added L2TP with IPsec to a router which has been only doing PPTP VPNs. I stayed connected as long as I liked with PPTP. But PPTP is bad. So, I switched to L2TP with IPsec. I checked the use IPsec box in the L2TP server configuration and added my IPsec secret. Before I did so, /ip ipsec export showed nothing, so I think I had it at the defaults. This router was upgraded to 6.18 a few days ago. I believe it was running 6.7 before. I did not use IPsec/L2TP with it before today.

Thanks go to MikroTik for making it very easy to setup the L2TP with IPsec combination now. It took approximately 5 seconds to setup and worked the first time I tried with my Mac running OS X Maverick.

However, I seem to be getting disconnected every 48 minutes and 30 seconds.

I have found that the installed-sa for my connection shows "add-lifetime=48m/1h". I do not see that specified in the routeros configuration anywhere. I suspect that an IPsec rekey is supposed to happen every 48 minutes but is not succeeding. I suspect the 30 seconds is just the sa negotiation timeout while it tries to rekey.

I wonder if this could be related to this entry from the 6.19 changelog:
*) ipsec - when peer config is changed kill only relevant SAs;
I had a reboot everytime I logged in with winbox issue when I tried upgrading my home RB951 to 6.19 which I haven't had time to chase down. So, I can't bring myself to try it on the office RB450G, yet.
04:01:42 l2tp,info first L2TP UDP packet received from endpointA
04:01:42 l2tp,ppp,info,account lambert logged in, 192.168.1.228 
04:01:42 l2tp,ppp,info <l2tp-lambert>: authenticated 
04:01:42 l2tp,ppp,info <l2tp-lambert>: connected  
04:50:12 ipsec,error failed to begin ipsec sa negotiation. 
04:50:17 l2tp,ppp,info <l2tp-lambert>: terminating... - peer is not responding 
04:50:17 l2tp,ppp,info,account lambert logged out, 2915 503336 18052173 9081 16871 
04:50:17 l2tp,ppp,info <l2tp-lambert>: disconnected 
04:56:40 l2tp,info first L2TP UDP packet received from endpointA 
04:56:41 l2tp,ppp,info,account lambert logged in, 192.168.1.228 
04:56:41 l2tp,ppp,info <l2tp-lambert>: authenticated 
04:56:41 l2tp,ppp,info <l2tp-lambert>: connected 
05:44:51 ipsec,error failed to begin ipsec sa negotiation. 
05:45:41 ipsec,error failed to begin ipsec sa negotiation. 
05:45:46 l2tp,ppp,info <l2tp-lambert>: terminating... - peer is not responding 
05:45:46 l2tp,ppp,info,account lambert logged out, 2945 397545 14520806 7264 13697 
05:45:46 l2tp,ppp,info <l2tp-lambert>: disconnected 
06:19:17 l2tp,info first L2TP UDP packet received from endpointA 
06:19:17 l2tp,ppp,info,account lambert logged in, 192.168.1.228 
06:19:17 l2tp,ppp,info <l2tp-lambert>: authenticated 
06:19:17 l2tp,ppp,info <l2tp-lambert>: connected 
07:07:47 ipsec,error failed to begin ipsec sa negotiation. 
07:07:52 l2tp,ppp,info <l2tp-lambert>: terminating... - peer is not responding 
07:07:52 l2tp,ppp,info,account lambert logged out, 2915 516223 16271189 8799 15613 
07:07:52 l2tp,ppp,info <l2tp-lambert>: disconnected 
07:14:19 l2tp,info first L2TP UDP packet received from endpointA
07:14:19 l2tp,ppp,info,account lambert logged in, 192.168.1.228 
07:14:19 l2tp,ppp,info <l2tp-lambert>: authenticated 
07:14:19 l2tp,ppp,info <l2tp-lambert>: connected  
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: IPsec/L2TP connection dropping every 48 minutes

Wed Aug 27, 2014 2:12 am

Have you tried sstp also?
 
lambert
Long time Member
Long time Member
Topic Author
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: IPsec/L2TP connection dropping every 48 minutes

Wed Aug 27, 2014 6:31 am

I have not tried sstp. I don't use Windows so would have to do some research to make that work. I really think the regularity and specificity of the timing indicates that it is an ipsec specific issue.
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Re: IPsec/L2TP connection dropping every 48 minutes

Wed Aug 27, 2014 9:22 am

At least enable logging on both sides and check the logs.
 
jaytcsd
Member Candidate
Member Candidate
Posts: 289
Joined: Wed Dec 29, 2004 9:50 am
Location: Pittsboro IN
Contact:

Re: IPsec/L2TP connection dropping every 48 minutes

Fri Aug 29, 2014 4:55 am

I had some problems upgrading from 6.7 or .8.

Look at IPSEC / peers and see what you have for generate policy, mine says port override, I think I had to change that from the default, I don't recall it existing in the early versions.

I get in fine with my win 8 PC but can't with my wife's new 8.1 PC, have not had time to check that out, probably a firewall issue on the PC.

Who is online

Users browsing this forum: No registered users and 74 guests