No, the client is using either iOS devices or Android devices over WIFI.Can you please confirm that this is using mobile networks eg 3G/4G as i know in NZ we have to change our APN settings on mobile devices to allow VPN traffic through.
Thanks for responding and awaiting my follow MrZ. My log is very long (both L2TP and IPsec)...would take too much time to redact confidential info. Could I just send the supout file to Mikrotik support...I have been in communication with Maris B.Enable ipsec debug logs in /system logging menu.
Try to connect and post the log output here.
Thanks Fallenwrx for responding. I am using RouterOS 6.29 and when one selects IPsec in the L2TP server, it auto generates an IPsec Peer with a policy to "port strict" that's unchangeable.under IPSEC peer 0.0.0.0/0 try changing under generate policy to "port override" as this has resolved issues for me in the past.
[Ticket#2015061066000766] VPN Analysis and RecommendationWhat ticket number?
I read that you got yours working...when you say "need to add always manually the outgoing policy" what exactly do you mean? Is it that before you go to the outside world you add the policy manually?I had/have similar issue, described here.
Only workaround I find is that you need to add always manually the outgoing policy. (which is very inconvenient in case of roadwarriors)
I was also in contact with Mikrotik support (ticket number is Ticket#2015061266000262), where they stated in case both client and server are behind NAT, then L2TP/IPsec will not work. This is a limitation of Mikrotik I guess, because with SoftEther it works.
Let's hope there will be an improvement in v7.
Thought to share the web document claiming what I stated above about the weakness of L2TP...the firewall issue. It might help others in their VPN decision making. Here's the link: https://www.bestvpn.com/blog/4147/pptp- ... -vs-ikev2/Doing some research today seems to leading me to a conclusion that my robust firewall might be having issues with L2TP and port 500. It seems that a common problem and thus the main weakness of L2TP. Since IPsec establishes successfully and L2TP establishes both send as well as receive communication with the client...just not engaging and completing the authentication process...so, one could see how I am leaning towards the conclusion.
The way to resolve is to use advance configuration to forward that port to a secure port that's firewall friendly such as port 443. I searched and found this: http://wiki.mikrotik.com/wiki/Traffic_P ... ion_Script
Of course, that's not clear to me. I want to keep my firewall setup and hope I can get the help to resolve my VPN issue.
Sorry that was a false alarm...problem still has not resolved.I would never have guess that having special characters in password would jam up my VPN...wow...thanks Mikrotik support and a special thank you to MrZ.
Not exactly clear where you are trying to edit the key.One thing I noticed is that once the L2TP server has been enabled with an IPsec pre-shared key, one cannot edit the key...so that needs to change.
Actually, Fallenwrx, that's exactly what worked with passive unchecked...thanks for sharing. Maybe Mikrotik should allow the option to select generate IPsec-peer manually in the L2TP server in future RouterOS releases.under IPSEC peer 0.0.0.0/0 try changing under generate policy to "port override" as this has resolved issues for me in the past.