Community discussions

MikroTik App
 
kevinstng
just joined
Topic Author
Posts: 3
Joined: Thu Jul 25, 2024 1:04 am

Connect to L2TP/IPSEC VPN from 2 devices with the same public IP

Thu Jul 25, 2024 1:20 am

Hi,

I work in IT and have configured an L2TP/IPsec VPN so other devices from outside my LAN can connect to a very unsecure and old web app that I don't want to be reachable from outside my LAN.
The solution was working well with clients using the integrated Windows VPN configuration to connect to my L2TP/IPsec VPN. That is until I encountered a problem: two devices with the same public IP can't connect to the VPN simultaneously. When Device 1 is connected and Device 2 tries to connect, Device 1 gets disconnected. I've read in the forum that this is a limitation of L2TP and the VPN server's inability to recognize which client to respond to. I've seen some workarounds but they seem quite technical and my knowledge of Mikrotik is basic.

So, I have a few questions:

1 - Can I upgrade my Mikrotik OS version from 6.xx to 7.xx without issues with my current configuration? I want to try creating an IKEv2 VPN over IPsec. If i can make it work :lol:

2 - If I buy a new Mikrotik Router and set up a VPN client on it, connecting my two devices through this new router and then to my ISP modem, would that solve the problem? It seems like a simple solution and not very costly.

3 - Is there a simpler solution to bypass this issue? I don't want to mess with the configuration too much since it took a long time to get everything working. I have several VLANs and firewall rules in place.

Thanks a lot!
 
rplant
Member
Member
Posts: 476
Joined: Fri Sep 29, 2017 11:42 am

Re: Connect to L2TP/IPSEC VPN from 2 devices with the same public IP

Thu Jul 25, 2024 3:32 am

I would recommend you experiment with wireguard.
(Even if just for this particular instance)
 
kevinstng
just joined
Topic Author
Posts: 3
Joined: Thu Jul 25, 2024 1:04 am

Re: Connect to L2TP/IPSEC VPN from 2 devices with the same public IP

Thu Jul 25, 2024 1:57 pm

I would recommend you experiment with wireguard.
(Even if just for this particular instance)
I've looked into that, but if im not wrong I need to update my Mikrotik to ROS 7.XX , and I don wan't to doit until im sure everything else works. But for what i've read wireguard is pretty straight foward to configure.
 
rplant
Member
Member
Posts: 476
Joined: Fri Sep 29, 2017 11:42 am

Re: Connect to L2TP/IPSEC VPN from 2 devices with the same public IP

Fri Jul 26, 2024 2:37 am

Fair enough,
Perhaps your option 2 would be a good option, you then effectively have a site to site tunnel,
and can tunnel whichever clients you want.

Option 1 is doable and will most times be fairly well upgraded. However it is not perfect.
(Make a script export and a normal backup onto external storage prior)

Some things that can cause problems when upgrading
Routing rules and route table priorities and specifics have changed.
(eg when have multiple wan interfaces)
date/time formats have changed (scripts)
 
kevinstng
just joined
Topic Author
Posts: 3
Joined: Thu Jul 25, 2024 1:04 am

Re: Connect to L2TP/IPSEC VPN from 2 devices with the same public IP

Sat Jul 27, 2024 1:42 am

Fair enough,
Perhaps your option 2 would be a good option, you then effectively have a site to site tunnel,
and can tunnel whichever clients you want.

Option 1 is doable and will most times be fairly well upgraded. However it is not perfect.
(Make a script export and a normal backup onto external storage prior)

Some things that can cause problems when upgrading
Routing rules and route table priorities and specifics have changed.
(eg when have multiple wan interfaces)
date/time formats have changed (scripts)
Thanks I wasn't sure if the 2nd option would work.
I ended up configuring an OpenVPN server on my local Mikrotik and using the ovpn clients on the devices with the same public IP. And so far is working good. The only drag down is creating the certificates and secrets for every client but is not that hard at the end of the day its worth it.
Maybe in the future I'll upgrade to RouterOS 7.xx and try with Wireguard for the simplicity. Also tried to make an Ikev2/ipsec but could't make it work and ended up on OpenVPN.

Thanks for the help guys!!

Who is online

Users browsing this forum: No registered users and 33 guests