Community discussions

MikroTik App
 
Clauu
Member Candidate
Member Candidate
Topic Author
Posts: 217
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

l2tp+ipsec and win7 problem

Wed Sep 03, 2014 9:07 am

Hi, i'm trying to connect from a remote win7 pc to my home network using l2tp and ipsec but without disabling ipsec from changing reg entry 'ProhibitIpSec' to 1 isn;t working at all.. any ideas why? rb2011uias with a pppoe connection
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: l2tp+ipsec and win7 problem

Wed Sep 03, 2014 11:07 am

Your config on the router is wrong. Cant tell you more without seeing the config.
 
Clauu
Member Candidate
Member Candidate
Topic Author
Posts: 217
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: l2tp+ipsec and win7 problem

Wed Sep 03, 2014 5:32 pm

Hmm what could be wrong?
http://postimg.org/image/w0xg6z3yr/
http://postimg.org/image/3ypbkbkj3/
I'm posting images since export or print cmds does not show all settings

ros code

[admin@MikroTik] > /ip ipsec policy export
# sep/03/2014 17:31:29 by RouterOS 6.19
# software id = xxx
#
[admin@MikroTik] > /ip ipsec export       
# sep/03/2014 17:31:38 by RouterOS 6.19
# software id = xxx
#
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des,aes-128-ctr,aes-192-ctr,aes-256-ctr
[admin@MikroTik] >
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: l2tp+ipsec and win7 problem

Wed Sep 03, 2014 7:04 pm

Post your firewall and NAT configs as well pls.
 
Clauu
Member Candidate
Member Candidate
Topic Author
Posts: 217
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: l2tp+ipsec and win7 problem

Wed Sep 03, 2014 10:28 pm

 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: l2tp+ipsec and win7 problem

Thu Sep 04, 2014 11:43 am

Please post that from:
/ip firewall filter export
/ip firewall nat export
 
Clauu
Member Candidate
Member Candidate
Topic Author
Posts: 217
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: l2tp+ipsec and win7 problem

Thu Sep 04, 2014 2:44 pm

ros code

/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input dst-port=67,68 in-interface=ether1-gateway protocol=udp src-port=67,68
add action=jump chain=input comment="default configuration" in-interface=ether1-gateway \
    jump-target="log and drop"
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=
add action=jump chain=input dst-port=22 in-interface=pppoe-out1 jump-target="lo
    protocol=tcp
add action=jump chain=input dst-port=23 in-interface=pppoe-out1 jump-target="lo
    protocol=tcp
add action=jump chain=input dst-port=21 in-interface=pppoe-out1 jump-target="lo
    protocol=tcp
add action=jump chain=input disabled=yes dst-port=80 in-interface=pppoe-out1 ju
    "log and drop" protocol=tcp
add action=drop chain=input dst-port=53 in-interface=pppoe-out1 protocol=udp
add action=jump chain=input dst-port=53 in-interface=pppoe-out1 jump-target="lo
    protocol=tcp
# ppp-out1 not ready
add action=jump chain=input dst-port=22 in-interface=ppp-out1 jump-target="log 
    protocol=tcp
# ppp-out1 not ready
add action=jump chain=input dst-port=23 in-interface=ppp-out1 jump-target="log 
    protocol=tcp
# ppp-out1 not ready
add action=jump chain=input dst-port=21 in-interface=ppp-out1 jump-target="log 
    protocol=tcp
# ppp-out1 not ready
add action=jump chain=input dst-port=80 in-interface=ppp-out1 jump-target="log 
    protocol=tcp
add action=log chain="log and drop"
add action=drop chain="log and drop"

/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" disabled=yes out-interface=ether1-gateway
add action=masquerade chain=srcnat out-interface=pppoe-out1
# ppp-out1 not ready
add action=masquerade chain=srcnat out-interface=ppp-out1
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=tcp to-addresses=192.168.10.1 to-ports=53
add action=dst-nat chain=dstnat disabled=yes dst-port=53 protocol=udp to-addresses=192.168.10.1 to-ports=53
 
Clauu
Member Candidate
Member Candidate
Topic Author
Posts: 217
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: l2tp+ipsec and win7 problem

Mon Sep 08, 2014 2:14 pm

Any ideas please?
 
lambert
Long time Member
Long time Member
Posts: 548
Joined: Fri Jul 23, 2010 1:09 am

Re: l2tp+ipsec and win7 problem

Mon Sep 08, 2014 6:57 pm

I am reading your fw rules on my phone. So I may have missed something.

I do not see input allows for udp 500,4500 or ipsec-ah and ipsec-esp. You may also need to allow l2tp, port 1701, IIRC.
 
Clauu
Member Candidate
Member Candidate
Topic Author
Posts: 217
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: l2tp+ipsec and win7 problem

Mon Sep 08, 2014 9:10 pm

ros code

add chain=input dst-port=500,1701,4500 protocol=udp
add chain=input protocol=ipsec-ah
add chain=input protocol=ipsec-esp
Same behaviour
 
Clauu
Member Candidate
Member Candidate
Topic Author
Posts: 217
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: l2tp+ipsec and win7 problem

Tue Sep 09, 2014 12:08 pm

As an update now it's working.. do not why or what was the problem

Who is online

Users browsing this forum: Amazon [Bot], fposavec and 54 guests