Community discussions

 
sdaniel55
just joined
Topic Author
Posts: 3
Joined: Thu Sep 01, 2016 1:37 pm
Location: UK/Hungary
Contact:

Using L2TP/IPSec VPN with iOS 10

Fri Sep 02, 2016 12:07 pm

I'm not a Mikrotik expert, but I know some basics. Yesterday, my sysadmin friend came over, who taught me how to use a Mikrotik, to set up a VPN server. We started with PPTP, but in iOS 10 (and macOS Sierra), Apple will remove it. So we moved onto L2TP/IPSec. We spent an hour trying to set it up, but it wasn't working on iOS 10. Then we tried it on iOS 9.3.5 and it was working perfectly. iOS 10 still returned an error that "The L2TP-VPN server did not respond.". The log had the error "phase1 negotiation failed due to time up"

I found this page, today I started again and set it up based on this, with no luck. https://www.nasa-security.net/mikrotik/ ... ith-ipsec/
Here's the Apple support page about the VPN change. (It has nothing useful on it) https://support.apple.com/en-us/HT206844

How can I set up a L2TP/IPsec VPN that will work on the new iOS and macOS? Thank you for your help!

Router's OS version: RouterOS v6.36.2
Router's type: RB850Gx2
 
SnorlaxTech
just joined
Posts: 1
Joined: Sat Sep 03, 2016 5:38 pm

Re: Using L2TP/IPSec VPN with iOS 10

Sat Sep 03, 2016 5:39 pm

Interesting. Let my try some configurations and help you out


Sent from my iPhone using Tapatalk
 
WillMoore
just joined
Posts: 14
Joined: Sat Sep 01, 2012 7:24 pm

Re: Using L2TP/IPSec VPN with iOS 10

Sat Sep 03, 2016 7:53 pm

The latest OS X and iOS betas work fine with L2TP/IPSec VPN. If configured properly what works in iOS 9 should work fine in iOS 10. On iOS you sometimes need to delete and re-add the profile even if you have all setting entered correctly.
 
sdaniel55
just joined
Topic Author
Posts: 3
Joined: Thu Sep 01, 2016 1:37 pm
Location: UK/Hungary
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Sat Sep 03, 2016 8:00 pm

I've managed to set it up again, so I can connect to it with iOS 10 too. I thibk the problem was with one of the encryption setting. However, I still have problems with the connection. I can send data (I can see that the router receives the packages), but I don't get anything back, unless I want to reach a local address. (I can connect to the NAS on the network, but can't use Google.)

I'm going to experiment with it on Monday, the problem must be one of the settings.
 
WillMoore
just joined
Posts: 14
Joined: Sat Sep 01, 2012 7:24 pm

Re: Using L2TP/IPSec VPN with iOS 10

Sat Sep 03, 2016 8:23 pm

1.jpg
2.jpg
3.jpg
You do not have the required permissions to view the files attached to this post.
 
WillMoore
just joined
Posts: 14
Joined: Sat Sep 01, 2012 7:24 pm

Re: Using L2TP/IPSec VPN with iOS 10

Sat Sep 03, 2016 8:24 pm

7.jpg
6.jpg
4.jpg
You do not have the required permissions to view the files attached to this post.
 
WillMoore
just joined
Posts: 14
Joined: Sat Sep 01, 2012 7:24 pm

Re: Using L2TP/IPSec VPN with iOS 10

Sat Sep 03, 2016 8:38 pm

9.jpg
8.jpg
You do not have the required permissions to view the files attached to this post.
 
Mazutti
newbie
Posts: 27
Joined: Sat Jun 21, 2014 4:12 am

Re: Using L2TP/IPSec VPN with iOS 10

Sun Sep 04, 2016 5:58 am

How do you access internet through the Mikrotik? If it´s throug NAT masquerade, make sure that your VPN IP range is being masqueraded too.
 
sdaniel55
just joined
Topic Author
Posts: 3
Joined: Thu Sep 01, 2016 1:37 pm
Location: UK/Hungary
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Mon Sep 05, 2016 12:45 pm

I've changed my settings to @WillMoore's but it's still not working properly. I can connect to it now, but I can't access the devices on the network. I have two Synology NASs and I can only open one of them even though they're on separate IP. I can't connect to the router either with VPN. I tried to open some websites too but none of them worked.

@Mazutti: I'm testing it on mobile data.
 
Will
just joined
Posts: 3
Joined: Tue Dec 24, 2013 4:56 pm

Re: Using L2TP/IPSec VPN with iOS 10

Sat Sep 17, 2016 1:14 pm

i have the same problem.

iphone cannot connect RB450G (v6.34.6 bug fix) via L2TP.

anyone success ?
 
Revelation
Member
Member
Posts: 338
Joined: Fri Dec 25, 2015 5:59 am

Re: Using L2TP/IPSec VPN with iOS 10

Sat Sep 17, 2016 8:33 pm

Guys you need to check your settings.

I am running iOS10, I can connect via L2TP/IPSEC to my Mikrotik - further I can access any device within my network as well as being allowed to access the internet through my Mikrotik.

Double-check your NAT / Firewall Rules.
 
mostafacar20
just joined
Posts: 1
Joined: Sun Sep 18, 2016 10:40 am

Re: Using L2TP/IPSec VPN with iOS 10

Sun Sep 18, 2016 11:19 am

I have this problem too .
Does anyone find solution for this issue?
 
Kevo
newbie
Posts: 46
Joined: Wed Oct 12, 2011 1:38 am

Re: Using L2TP/IPSec VPN with iOS 10

Mon Sep 19, 2016 4:50 am

I was able to set mine up, settings the same as above going by memory, and it works fine from my phone over wi-fi, but not over cellular. I think there may be an issue with the cell provider that fouls up the connection. I'm not sure exactly what it is, but in the router I can see the SAs. One direction has an incrementing byte counter and the other stays at zero. I think without TCP it's not going to work. My guess is the phones port isn't stable with the cell connection and the router doesn't have a path back to the phone. Just guessing, but I think OpenVPN may be the only viable option for me when all I have is a cell connection. I rarely need it over a cell connection, but it would be nice to have it as a backup.

You do need to open ports on the input chain as described in the wiki.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23509
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Using L2TP/IPSec VPN with iOS 10

Mon Sep 19, 2016 2:00 pm

This topic has the answers about iOS config: http://forum.mikrotik.com/viewtopic.php?f=2&t=112189
No answer to your question? How to write posts
 
craigreilly
newbie
Posts: 32
Joined: Mon Jan 26, 2015 7:04 pm

Re: Using L2TP/IPSec VPN with iOS 10

Fri Nov 11, 2016 11:45 pm

For those of you having issues connecting to local network - The interfaces must be set to Proxy-ARP on the LAN Side.

Also - there does seem to be an issue with PPTP and L2TP/ipSEC when using the iPhone to tether.
Yes - Apple pulled PPTP from supported VPN's - but that does not mean you should not be able to use PPTP on your PC laptop while tethering.
Apple is aware of the issue an currently evaluating it.

I was able to set my Mac to do L2TP without ipSEC and can use my iPhone to tether fine. Of course, since the Mikrotik doesn't support multiple users on same remote network with L2TP with ipSEC - without ipSEC is about the only option I have right now - until ROS is updated.

Hopefully Apple gets the Tethering option fixed - and Mikrotik gets ROS update going with L2TP with ipSEC fixed.
 
craigreilly
newbie
Posts: 32
Joined: Mon Jan 26, 2015 7:04 pm

Re: Using L2TP/IPSec VPN with iOS 10

Sat Nov 12, 2016 12:00 am

So I see in 6.38 rc29 that "ipsec - added support unique policy generation which will allow multiple peers behind same NAT (cli only)"
So it seems ipSEC will not work properly - but must be configured from CLI?

Any info on this?
 
hamipopo
just joined
Posts: 4
Joined: Wed Dec 30, 2015 7:16 am

Re: Using L2TP/IPSec VPN with iOS 10

Fri Nov 25, 2016 7:37 pm

i have same problem
our client coonect to l2tp mikrotik but they dissconnect evrey 5 to 60 second
 
BennyT
just joined
Posts: 20
Joined: Mon Apr 18, 2016 4:03 pm

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 11:12 am

Hi,

i have still the problem that my L2TP/IPsec VPN runs on 2 iPhones without any problem but my Windows 8.1 PC can not connect.... I need an idea how to go on.... is there a instruction how i can create a IPSec VPN without L2TP only für die PC? I want to use Shrewsoft or another VPN client.... it seems that Windows hat a problem... however?

Thanks.
Regards,
Ben
 
vilts
just joined
Posts: 7
Joined: Fri Jan 20, 2017 9:43 pm

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 1:57 pm

I got by VPN server behind NAT working from windows with this registry fix. Make the value "2" in for the registry field, reboot and try.
i have still the problem that my L2TP/IPsec VPN runs on 2 iPhones without any problem but my Windows 8.1 PC can not connect.... I need an idea how to go on.... is there a instruction how i can create a IPSec VPN without L2TP only für die PC? I want to use Shrewsoft or another VPN client.... it seems that Windows hat a problem... however?
 
BennyT
just joined
Posts: 20
Joined: Mon Apr 18, 2016 4:03 pm

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 4:30 pm

I already tried the fix but without success. I am still getting 789 error. I allowed Firewall and i have no idea. I tried on one Win7 and one Win 8.1 and both had the same problem. They are waiting at "Connecting to xxxxxx".... takes a very long time and after that system told me there where problems by authenticating. But it works on the iphones perfectly. Maybe i forgot something on the config or i had to change something on the RB3011? Any idea ?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5681
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 4:46 pm

What logs do you see on the server?
 
BennyT
just joined
Posts: 20
Joined: Mon Apr 18, 2016 4:03 pm

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 6:18 pm

VPN.JPG
You do not have the required permissions to view the files attached to this post.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5681
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 6:20 pm

Remote peer requires 3des, but you have set aes-128
 
BennyT
just joined
Posts: 20
Joined: Mon Apr 18, 2016 4:03 pm

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 6:32 pm

Ah ok phase1 seems better now, but know again a new problem :(
VPN2.JPG
You do not have the required permissions to view the files attached to this post.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5681
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 6:39 pm

You do not have any valid policy configured or forgot to enable generate-policy in peer config.
 
BennyT
just joined
Posts: 20
Joined: Mon Apr 18, 2016 4:03 pm

Re: Using L2TP/IPSec VPN with iOS 10

Fri Jan 27, 2017 7:30 pm

Yes that was it. It's working now both on Windows (with the registry fix) and on smart phone.

Cool. Thanks :)
 
Vaxter
just joined
Posts: 6
Joined: Tue May 06, 2014 10:54 pm
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Sun Mar 12, 2017 9:23 pm

Since everyone is dropping PPTP support I have to find a solution that works everywhere.
After spending two miserable days trying to setup IKEv2, I have decided to try with L2TP over IPSec.
Success was only partial.
It works for Windows and iOS, but not for MacOS.
When I try to connect with macOs, I could see an entry in MiktoTik log that says: no IKEv1 peer config for a.a.a.a .

Any good ideas?
 
codec47
just joined
Posts: 11
Joined: Wed May 11, 2016 7:59 pm

Re: Using L2TP/IPSec VPN with iOS 10

Mon Apr 03, 2017 12:09 pm

Hi guys

i tried config my L2TP/IPsec on my rb1100 for iPhone OS10 client then i follow the step by step above still not working any one can help me if i have something messing on my configurations also i got this error message on my logs.. but behind NAT my L2TP working find..
https://ibb.co/moL6fa
07:38:53 ipsec,error failed to get valid proposal. 
07:38:53 ipsec,error failed to pre-process ph1 packet (side: 1, status 1). 
07:38:53 ipsec,error phase1 negotiation failed. 
07:53:11 ipsec,error failed to get valid proposal. 
07:53:11 ipsec,error failed to pre-process ph1 packet (side: 1, status 1). 
07:53:11 ipsec,error phase1 negotiation failed.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5681
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Mon Apr 03, 2017 1:45 pm

Enable ipsec debug logs, it will show what phase2 parameters exactly are mismatched.
 
User avatar
enggheisar
Trainer
Trainer
Posts: 13
Joined: Sun Mar 29, 2015 10:12 am
Location: Austin, TX
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Mon May 08, 2017 8:59 pm

/ip pool
add name=IPSECVPN ranges=172.31.0.2-172.31.0.31
This is the Best and simple config for apple device
/ppp profile
add change-tcp-mss=yes local-address=172.31.0.1 name=ipsec remote-address=IPSECVPN use-encryption=yes

/ppp secret
add name=test password=test profile=ipsec

/interface l2tp-server server
set default-profile=ipsec enabled=yes ipsec-secret=1234567890 use-ipsec=yes

/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des

/ip ipsec peer
add address=0.0.0.0/0 dpd-interval=2s enc-algorithm=3des exchange-mode=main-l2tp generate-policy=port-override secret=1234567890

If you have problem please send your router debug to me
--
Respectfully,
MohammadTayyebi@Gmail.com
 
Vaxter
just joined
Posts: 6
Joined: Tue May 06, 2014 10:54 pm
Contact:

Re: Using L2TP/IPSec VPN with iOS 10

Sat May 13, 2017 1:26 pm

Have you tested this configuration with macOS, or only iOS devices?
Seams to me that all of the config scenarios found on wiki or forum work for iOS, but neither one of them works with macOS.
Everything is fine from iOS, but when I try to connect from macOS device I always get an error no IKEv1 peer config for x.x.x.x in MikroTik's log.

Who is online

Users browsing this forum: acriollo and 48 guests