Hello Forum, ..
I have MT CC router that serves other Mikrotik routers for a Site to Site Layer2 VPN connection with L2TP and IPSec.
The server is ROS 7.4.1
I recently added a new client that has ROS 7.7 / 7.8.
The setup process is scripted, which means a .rsc file is generated, and once uploaded to the client router is run in its terminal.
The client script runs successfully, and all settings seem to appear correctly. Both the server and the clients seems to indicate that the connection is fine.
- the server has the client in it's active peers
- the client has the server in its active peers
Both logs say that the connection is estabilished, there is uptime ...
So the L2TP / IPSec connection seems to be fine.
The host serves each client with a network 10.10.X.x
Where X is a unique number. On that virtual lan address range the host router has x 1 and the client router has x 2.
Now there are 7 clients connected, they all work fine ROS 7.1 ..7.4
But the recently added client - despite the active connection - can not ping the server, and the server can not ping the client.
I checked all relevant settings up and down and they are all identical with the working clients, the only difference is the number X and the naming.
Firewall rules are also identical, and they are mostly like the default rules. There are no special NAT rules, and simple firewall rules can be disabled - doesn't change anything.
Routes seem to be fine, I don't see anything that would prevent the expected traffic flow.
Traceroute cannot reach the remote host. Pinging, even with the interface specified gives 100% packet loss for the VPN.
I'm out of ideas.
I can not find any configuration issues, they seem to align with the working clients.
I can only suspect something in the firmware, or the hardware, but have no tools to pinpoint the problem.
Anyone have any ideas?