Hello everyone, many months now im trying to create VPN connection from remote devices (laptop, mobile etc) , outside my house, but i havent found why its not working.
Till now i can connect only with my Iphone remotly using L2TP, but my laptop cannot connect , it show an error saying: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remove computer. From logs i noticed that it shows error : No suitable proposal found.
I tried with Wireguard as well, it says that connects but without any communication to my router ...
My Mikrotik has public IP but its behind NAT from my ISP router, which i have port forwarded ports 4500.1701,500.
My configuration is below :
interface bridge
add ingress-filtering=no name=bridge-Vlan-LAN pvid=10 vlan-filtering=yes
add name=bridge-Vlan-WLAN
add admin-mac=0000000 auto-mac=no comment=defconf mtu=1492 name=\
bridgeLocal-LAN
/interface ethernet
set [ find default-name=ether1 ] arp=proxy-arp name=ether1-ISP
set [ find default-name=ether3 ] name=ether3-Management
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=greece disabled=no \
installation=indoor mode=ap-bridge ssid="GAPO WLAN 2.4G" vlan-id=20 \
vlan-mode=use-tag
set [ find default-name=wlan2 ] band=5ghz-a/n/ac country=greece disabled=no \
installation=indoor mode=ap-bridge ssid="GAPO WLAN 5G" vlan-id=20 \
vlan-mode=use-tag wireless-protocol=802.11
/interface l2tp-server
add disabled=yes name=l2tp-in1 user=vpnlocal
/interface wireguard
add disabled=yes listen-port=9874 mtu=1420 name=wireguard-VPN_Local
/interface vlan
add disabled=yes interface=bridge-Vlan-LAN name=Vlan99 vlan-id=99
add disabled=yes interface=ether1-ISP mtu=1492 name=vlan1cosmote vlan-id=835
add interface=bridge-Vlan-LAN name=vlan10 vlan-id=10
add interface=bridge-Vlan-WLAN name=vlan20 vlan-id=20
add disabled=yes interface=ether1-ISP name=vlan838-ISPMANAGMENT vlan-id=838
/interface pppoe-client
add add-default-route=yes interface=vlan1cosmote name=pppoe-out1-Cosmote \
user=000000
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=\
dynamic-keys supplicant-identity=MikroTik
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024 enc-algorithm=aes-256 \
hash-algorithm=sha256
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=\
aes-256-cbc,aes-128-cbc
/ip pool
add name=vpn ranges=192.168.100.2-192.168.100.255
add name=dhcp_pool2 ranges=10.10.1.2-10.10.1.254
add name=dhcp_pool3 ranges=10.10.30.2-10.10.30.254
add name=dhcp_pool4 ranges=10.10.20.2-10.10.20.254
add name=dhcp_pool5 ranges=10.10.10.2-10.10.10.254
/ip dhcp-server
add address-pool=dhcp_pool2 interface=bridgeLocal-LAN name=dhcp1
add address-pool=dhcp_pool4 interface=vlan20 name=dhcp3
add address-pool=dhcp_pool5 interface=vlan10 name=dhcp2
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridgeLocal-LAN comment=defconf interface=ether3-Management
add bridge=bridge-Vlan-LAN comment=defconf interface=ether4 pvid=10
add bridge=bridge-Vlan-LAN comment=defconf interface=ether5 pvid=10
add bridge=bridge-Vlan-WLAN interface=wlan2 pvid=20
add bridge=bridge-Vlan-WLAN interface=wlan1 pvid=20
add bridge=bridge-Vlan-LAN interface=ether2 pvid=10
/interface bridge vlan
add bridge=bridge-Vlan-LAN tagged=bridge-Vlan-LAN untagged=\
ether2,ether4,ether5 vlan-ids=10
/interface l2tp-server server
set default-profile=default use-ipsec=yes
/interface list member
add interface=ether1-ISP list=WAN
add interface=ether2 list=LAN
add interface=ether3-Management list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=wlan2 list=LAN
add interface=wlan1 list=LAN
/interface wireguard peers
add allowed-address=192.168.101.2/32 disabled=yes interface=\
wireguard-VPN_Local public-key=\
"000000="
/interface wireless align
set active-mode=no audio-max=0 audio-min=0 frame-size=200 frames-per-second=1
/interface wireless cap
set bridge=bridgeLocal-LAN discovery-interfaces=bridgeLocal-LAN interfaces=\
wlan1,wlan2
/ip address
add address=10.10.1.1/24 comment=Management-LAN interface=bridgeLocal-LAN \
network=10.10.1.0
add address=192.168.100.1 comment=VPN interface=ether1-ISP network=\
192.168.100.0
add address=10.10.20.1/24 comment=VLAN-WLAN interface=vlan20 network=\
10.10.20.0
add address=10.10.10.1/24 comment=VLAN interface=vlan10 network=10.10.10.0
add address=192.168.101.1/24 interface=wireguard-VPN_Local network=\
192.168.101.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
# DHCP client can not run on slave or passthrough interface!
add comment=defconf interface=wlan1
add interface=ether1-ISP
/ip dhcp-server network
add address=10.10.1.0/24 dns-server=192.168.1.1 gateway=10.10.1.1
add address=10.10.10.0/24 gateway=10.10.10.1
add address=10.10.20.0/24 gateway=10.10.20.1
add address=10.10.30.0/24 gateway=10.10.30.1
/ip firewall filter
add action=accept chain=input disabled=yes dst-address=192.168.101.2 \
in-interface=wireguard-VPN_Local src-address=192.168.101.1
add action=drop chain=input dst-port=53 in-interface=ether1-ISP protocol=udp
add action=drop chain=input in-interface=ether1-ISP protocol=tcp src-port=53
add action=accept chain=input disabled=yes dst-port=4500 in-interface=\
ether1-ISP protocol=udp src-port=4500
add action=accept chain=input disabled=yes dst-port=500 in-interface=\
ether1-ISP protocol=udp src-port=500
add action=accept chain=input disabled=yes dst-port=1701 in-interface=\
ether1-ISP protocol=udp src-port=1701
/ip firewall mangle
add action=passthrough chain=input disabled=yes protocol=tcp tcp-flags=syn \
tcp-mss=1452-1452
/ip firewall nat
add action=masquerade chain=srcnat comment="masq. vpn traffic" disabled=yes \
out-interface=wireguard-VPN_Local src-address=192.168.101.0/24
add action=masquerade chain=srcnat
/ip firewall service-port
set ftp disabled=yes
/ip service
set telnet disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add disabled=yes name=vpn
add disabled=yes name=00000
add local-address=192.168.100.3 name=vpnlocal remote-address=192.168.100.4 \
service=l2tp
/snmp
set trap-version=2
/system clock
set time-zone-name=Europe/Athens
/system note
set show-at-login=no
I need some help