Community discussions

MikroTik App
 
Trekkie
newbie
Topic Author
Posts: 37
Joined: Thu Feb 07, 2013 1:48 am

Troubleshooting L2TP / IPSEC Tunnel

Mon Sep 08, 2014 8:56 pm

I'm attempting to set up a router level VPN connection to an L2TP/IPSEC solution.

The service is from IVPN, and they offer L2TP / IPSEC connection. It works fine if I use the built in VPN client on my host.

I have the certificate, key, and it's loaded. I enable L2TP and it connects, I see a remote peer on IPSEC.

I turned on extended logging for L2TP and this is the output:

100 items
 	 	#	Time	Buffer	Topics	Message	 
0	Sep/08/2014 13:39:40	memory	dhcp, info	dhcp1 deassigned 172.16.0.61 from D4:4B:5E:9D:4E:84	
1	Sep/08/2014 13:39:40	memory	dhcp, info	dhcp1 assigned 172.16.0.61 to D4:4B:5E:9D:4E:84	
2	Sep/08/2014 13:47:45	memory	system, info, account	user admin logged in from 172.16.0.50 via web	
3	Sep/08/2014 13:48:34	memory	system, info	log rule added by admin	
4	Sep/08/2014 13:48:38	memory	system, info	device changed by admin	
5	Sep/08/2014 13:48:38	memory	l2tp, ppp, info	l2tp-out1: initializing...	
6	Sep/08/2014 13:48:38	memory	l2tp, ppp, debug	l2tp-out1: IPCP demandUp	
7	Sep/08/2014 13:48:38	memory	l2tp, ppp, debug	l2tp-out1: IPV6CP demandUp	
8	Sep/08/2014 13:48:38	memory	l2tp, ppp, debug	l2tp-out1: MPLSCP demandUp	
9	Sep/08/2014 13:48:38	memory	l2tp, ppp, info	l2tp-out1: waiting for packets...	
10	Sep/08/2014 13:49:05	memory	system, info	nat rule changed by admin	
11	Sep/08/2014 13:49:09	memory	system, info	nat rule changed by admin	
12	Sep/08/2014 13:49:13	memory	system, info	nat rule changed by admin	
13	Sep/08/2014 13:49:32	memory	l2tp, ppp, info	l2tp-out1: connecting...	
14	Sep/08/2014 13:49:32	memory	l2tp, debug	tunnel 1 entering state: wait-ctl-reply	
15	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	sent control message to 107.191.34.155:1701	
16	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 tunnel-id=0, session-id=0, ns=0, nr=0	
17	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 (M) Message-Type=SCCRQ	
18	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 (M) Protocol-Version=0x01:00	
19	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 (M) Framing-Capabilities=0x1	
20	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 (M) Bearer-Capabilities=0x0	
21	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 Firmware-Revision=0x1	
22	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 (M) Host-Name="galaxy"	
23	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 Vendor-Name="MikroTik"	
24	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 (M) Assigned-Tunnel-ID=1	
25	Sep/08/2014 13:49:32	memory	l2tp, debug, packet	 (M) Receive-Window-Size=4	
26	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	sent control message to 107.191.34.155:1701	
27	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 tunnel-id=0, session-id=0, ns=0, nr=0	
28	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 (M) Message-Type=SCCRQ	
29	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 (M) Protocol-Version=0x01:00	
30	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 (M) Framing-Capabilities=0x1	
31	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 (M) Bearer-Capabilities=0x0	
32	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 Firmware-Revision=0x1	
33	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 (M) Host-Name="galaxy"	
34	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 Vendor-Name="MikroTik"	
35	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 (M) Assigned-Tunnel-ID=1	
36	Sep/08/2014 13:49:33	memory	l2tp, debug, packet	 (M) Receive-Window-Size=4	
37	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	sent control message to 107.191.34.155:1701	
38	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 tunnel-id=0, session-id=0, ns=0, nr=0	
39	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 (M) Message-Type=SCCRQ	
40	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 (M) Protocol-Version=0x01:00	
41	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 (M) Framing-Capabilities=0x1	
42	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 (M) Bearer-Capabilities=0x0	
43	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 Firmware-Revision=0x1	
44	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 (M) Host-Name="galaxy"	
45	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 Vendor-Name="MikroTik"	
46	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 (M) Assigned-Tunnel-ID=1	
47	Sep/08/2014 13:49:34	memory	l2tp, debug, packet	 (M) Receive-Window-Size=4	
48	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	sent control message to 107.191.34.155:1701	
49	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 tunnel-id=0, session-id=0, ns=0, nr=0	
50	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 (M) Message-Type=SCCRQ	
51	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 (M) Protocol-Version=0x01:00	
52	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 (M) Framing-Capabilities=0x1	
53	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 (M) Bearer-Capabilities=0x0	
54	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 Firmware-Revision=0x1	
55	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 (M) Host-Name="galaxy"	
56	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 Vendor-Name="MikroTik"	
57	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 (M) Assigned-Tunnel-ID=1	
58	Sep/08/2014 13:49:36	memory	l2tp, debug, packet	 (M) Receive-Window-Size=4	
59	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	sent control message to 107.191.34.155:1701	
60	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 tunnel-id=0, session-id=0, ns=0, nr=0	
61	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 (M) Message-Type=SCCRQ	
62	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 (M) Protocol-Version=0x01:00	
63	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 (M) Framing-Capabilities=0x1	
64	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 (M) Bearer-Capabilities=0x0	
65	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 Firmware-Revision=0x1	
66	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 (M) Host-Name="galaxy"	
67	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 Vendor-Name="MikroTik"	
68	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 (M) Assigned-Tunnel-ID=1	
69	Sep/08/2014 13:49:40	memory	l2tp, debug, packet	 (M) Receive-Window-Size=4	
70	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	sent control message to 107.191.34.155:1701	
71	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 tunnel-id=0, session-id=0, ns=0, nr=0	
72	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 (M) Message-Type=SCCRQ	
73	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 (M) Protocol-Version=0x01:00	
74	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 (M) Framing-Capabilities=0x1	
75	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 (M) Bearer-Capabilities=0x0	
76	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 Firmware-Revision=0x1	
77	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 (M) Host-Name="galaxy"	
78	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 Vendor-Name="MikroTik"	
79	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 (M) Assigned-Tunnel-ID=1	
80	Sep/08/2014 13:49:48	memory	l2tp, debug, packet	 (M) Receive-Window-Size=4	
81	Sep/08/2014 13:49:49	memory	system, info, account	user admin logged in from 172.16.0.50 via web	
82	Sep/08/2014 13:49:56	memory	l2tp, debug	tunnel 1 received no replies, disconnecting	
83	Sep/08/2014 13:49:56	memory	l2tp, debug	tunnel 1 entering state: dead	
84	Sep/08/2014 13:49:56	memory	l2tp, debug	session 1 entering state: dead	
85	Sep/08/2014 13:49:56	memory	l2tp, ppp, info	l2tp-out1: terminating... - session closed	
86	Sep/08/2014 13:49:56	memory	l2tp, ppp, debug	l2tp-out1: LCP lowerdown	
87	Sep/08/2014 13:49:56	memory	l2tp, ppp, debug	l2tp-out1: LCP down event in initial state	
88	Sep/08/2014 13:49:56	memory	l2tp, ppp, info	l2tp-out1: disconnected	
89	Sep/08/2014 13:49:56	memory	l2tp, ppp, info	l2tp-out1: initializing...	
90	Sep/08/2014 13:49:56	memory	l2tp, ppp, debug	l2tp-out1: IPCP demandUp	
91	Sep/08/2014 13:49:56	memory	l2tp, ppp, debug	l2tp-out1: IPV6CP demandUp	
92	Sep/08/2014 13:49:56	memory	l2tp, ppp, debug	l2tp-out1: MPLSCP demandUp	
93	Sep/08/2014 13:49:56	memory	l2tp, ppp, info	l2tp-out1: waiting for packets...	
94	Sep/08/2014 13:50:13	memory	system, info	nat rule changed by admin	
95	Sep/08/2014 13:50:18	memory	l2tp, ppp, info	l2tp-out1: terminating...	
96	Sep/08/2014 13:50:18	memory	l2tp, ppp, debug	l2tp-out1: LCP lowerdown	
97	Sep/08/2014 13:50:18	memory	l2tp, ppp, debug	l2tp-out1: LCP down event in initial state	
98	Sep/08/2014 13:50:18	memory	l2tp, ppp, info	l2tp-out1: disabled	
99	Sep/08/2014 13:50:18	memory	system, info	device changed by admin	
What I do is change my NAT to force everything through the l2tp interface and the instant I do that, traffic halts and the l2tp link starts flapping up and down.

Any other logging I should turn on to trouble shoot?

IPSEC Setup for 'peer'
Flags: X - disabled, D - dynamic 
 0    address=0.0.0.0/0 local-address=0.0.0.0 passive=no port=500 
      auth-method=pre-shared-key secret="notthatdumb" generate-policy=no 
      policy-group=default exchange-mode=main send-initial-contact=yes 
      nat-traversal=no proposal-check=obey hash-algorithm=sha1 
      enc-algorithm=des,3des,aes-128,aes-192,aes-256,blowfish,camellia-128,
              camellia-192,camellia-256 
      dh-group=modp2048 lifetime=1d lifebytes=0 dpd-interval=2m 
      dpd-maximum-failures=5 
my l2tp setup
name="l2tp-out1" max-mtu=1400 max-mru=1400 mrru=disabled 
      connect-to=ipaddress user="nope" 
      password="haha" profile=default-encryption 
      keepalive-timeout=disabled add-default-route=yes 
      default-route-distance=1 dial-on-demand=yes 
      allow=pap,chap,mschap1,mschap2 
I can show the firewall rules if you like, but they're a basic pre-route tag, a masq that routes all packets out the lt2p-out1.

Thanks.

Who is online

Users browsing this forum: Bing [Bot] and 73 guests