Community discussions

MikroTik App
  4. RouterOS
  5. General

l2tp client issue- connecting

Post Reply
 
alaa2003
just joined
Topic Author
Posts: 16
Joined: Sat Jan 07, 2017 6:10 pm

l2tp client issue- connecting

Tue Mar 07, 2017 8:16 pm

hello
i have router: RB2011UiAS-2HnD
version: 6.38.1 (stable)

bug is:
when my router shutdown suddenly or some times i did reboot after it back i noticed that my l2tp not able to reconnect
it stuck on connecting then disconnected & so on
it did not give any reason of disconnect in log screen
Image

i checked the remote Mtik (server) Log , there is no incoming connection , that mean issue not from mtik Server

how can i fix issue temporarily:
from client : i disconnect my l2tp client for 10 minutes , then re-connect (enable) it again --->> it connected like a charm

so i need this bug fixed parmently by new SW

regards
Alaa
Top
 
alaa2003
just joined
Topic Author
Posts: 16
Joined: Sat Jan 07, 2017 6:10 pm

Re: l2tp client issue- connecting

Tue Mar 07, 2017 11:14 pm

after enable debug to l2tp
found (from) appear ip is: 0.0.0.0:1701
Image

after set DMZ to mtik router ip from Modem

Image

((from)) ip changed to Mtik router IP:1701 instead of 0.0.0.0:1701

l2tp connected , Under monitoring
Top
 
alaa2003
just joined
Topic Author
Posts: 16
Joined: Sat Jan 07, 2017 6:10 pm

Re: l2tp client issue- connecting

Mon Mar 13, 2017 8:25 am

after monitoring >> issue still exist
Image

issue come when local ip become like : 0.0.0.0:1721 instead of numeric
notice ( it happened also after Modem restarted)
Top
 
Hensarj
just joined
Posts: 1
Joined: Mon Mar 20, 2017 4:48 pm

Re: l2tp client issue- connecting

Mon Mar 20, 2017 4:50 pm

Same issue here..... Need help :(
Top
 
tabraham
newbie
Posts: 27
Joined: Wed Feb 08, 2017 10:18 pm
Location: Germany
Contact:
Contact tabraham

Re: l2tp client issue- connecting

Mon Mar 20, 2017 7:51 pm

schedule this script to run every 5-10 minutes (Or you can also schedule to run this script to run only in startup). I have scheduled to run it every 10 mins.
The script checks the L2TP and does nothing if it is running, but if the connection is not running, it disables the interface and waits for 5 mins and then automatically enables it.
* change the line "l2tp-out1" to your l2tp interface name...
* change the delay value "300" to your desired seconds...

This code can be used for any PPP interfaces just need the change the type of interface as well as the name to work
Code: Select all
:if ([/interface l2tp-client get l2tp-out1 running]=true) do={:log warning "l2tp-out1 is running perfectly";} else={:log warning "l2tp-out1 NOT running"; :interface l2tp-client disable l2tp-out1; :delay 300; :interface l2tp-client enable l2tp-out1;};
P.S. Attention Mikrotik Admins. I believe, if I am not wrong, that this is a bug in the new firmware (6.3). My old machines running in legacy firmware never had this problem.
Top
 
alaa2003
just joined
Topic Author
Posts: 16
Joined: Sat Jan 07, 2017 6:10 pm

Re: l2tp client issue- connecting

Fri Jun 23, 2017 12:40 am

Hensarj thx for ping & confirm bug
dear tabraham, thanks for cool script
currently issue exist even with last SW 6.39.2
bug as shown 0.0.0.0 instead of router IP
Image
Top
 
Ozzone
just joined
Posts: 6
Joined: Wed Sep 14, 2016 10:02 pm

Re: l2tp client issue- connecting

Fri Jun 23, 2017 1:35 am

Old bug :(
viewtopic.php?f=2&t=111718
Top
 
idlemind
Forum Guru
Forum Guru
Posts: 1146
Joined: Fri Mar 24, 2017 11:15 pm
Location: USA

Re: l2tp client issue- connecting

Tue Jun 27, 2017 7:12 am

Are you sure your PPPoE setup is re-establishing correctly? I ran a test w/6.40rc24 with just L2TP server and client machines. They re-established fine whenever I killed a link in the middle between the server and client.

PPPoE should have a timeout value set very much like L2TP and the messages you are highlighting with the value 0.0.0.0/0 are irrelevant. You can see from the complete log below that the 0.0.0.0/0 destination is not important at least in the scope o the error. I'd have to dive into it more to see if there is a logical reason for the 0.0.0.0/0 value or if the error is just poorly formatted. Either way that alone does not indicate the problem.

TLDR; verify that your PPPoE client is re-establishing correctly. You may need to define a timeout value in either or both of the PPPoE client or server. This may require a call to your ISP or whoever runs the PPPoE server.

[admin@l2tp-client1] >
03:54:19 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 192.168.1.6:1701
03:54:19 echo: l2tp,debug,packet tunnel-id=3, session-id=0, ns=9, nr=7
03:54:19 echo: l2tp,debug,packet (M) Message-Type=HELLO
[admin@l2tp-client1] >
03:54:27 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 192.168.1.6:1701
03:54:27 echo: l2tp,debug,packet tunnel-id=3, session-id=0, ns=9, nr=7
03:54:27 echo: l2tp,debug,packet (M) Message-Type=HELLO
[admin@l2tp-client1] >
(33 messages discarded)
03:54:35 echo: l2tp,debug tunnel 5 entering state: wait-ctl-reply
03:54:35 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 0.0.0.0:1701
03:54:35 echo: l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
03:54:35 echo: l2tp,debug,packet (M) Message-Type=SCCRQ
03:54:35 echo: l2tp,debug,packet (M) Protocol-Version=0x01:00
03:54:35 echo: l2tp,debug,packet (M) Framing-Capabilities=0x1
03:54:35 echo: l2tp,debug,packet (M) Bearer-Capabilities=0x0
03:54:35 echo: l2tp,debug,packet Firmware-Revision=0x1
03:54:35 echo: l2tp,debug,packet (M) Host-Name="l2tp-client1"
03:54:35 echo: l2tp,debug,packet Vendor-Name="MikroTik"
03:54:35 echo: l2tp,debug,packet (M) Assigned-Tunnel-ID=5
03:54:35 echo: l2tp,debug,packet (M) Receive-Window-Size=4
[admin@l2tp-client1] >
03:54:36 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 0.0.0.0:1701
03:54:36 echo: l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
03:54:36 echo: l2tp,debug,packet (M) Message-Type=SCCRQ
03:54:36 echo: l2tp,debug,packet (M) Protocol-Version=0x01:00
03:54:36 echo: l2tp,debug,packet (M) Framing-Capabilities=0x1
03:54:36 echo: l2tp,debug,packet (M) Bearer-Capabilities=0x0
03:54:36 echo: l2tp,debug,packet Firmware-Revision=0x1
03:54:36 echo: l2tp,debug,packet (M) Host-Name="l2tp-client1"
03:54:36 echo: l2tp,debug,packet Vendor-Name="MikroTik"
03:54:36 echo: l2tp,debug,packet (M) Assigned-Tunnel-ID=5
03:54:36 echo: l2tp,debug,packet (M) Receive-Window-Size=4
[admin@l2tp-client1] >
03:54:37 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 0.0.0.0:1701
03:54:37 echo: l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
03:54:37 echo: l2tp,debug,packet (M) Message-Type=SCCRQ
03:54:37 echo: l2tp,debug,packet (M) Protocol-Version=0x01:00
03:54:37 echo: l2tp,debug,packet (M) Framing-Capabilities=0x1
03:54:37 echo: l2tp,debug,packet (M) Bearer-Capabilities=0x0
03:54:37 echo: l2tp,debug,packet Firmware-Revision=0x1
03:54:37 echo: l2tp,debug,packet (M) Host-Name="l2tp-client1"
03:54:37 echo: l2tp,debug,packet Vendor-Name="MikroTik"
03:54:37 echo: l2tp,debug,packet (M) Assigned-Tunnel-ID=5
03:54:37 echo: l2tp,debug,packet (M) Receive-Window-Size=4
[admin@l2tp-client1] >
03:54:39 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 0.0.0.0:1701
03:54:39 echo: l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
03:54:39 echo: l2tp,debug,packet (M) Message-Type=SCCRQ
03:54:39 echo: l2tp,debug,packet (M) Protocol-Version=0x01:00
03:54:39 echo: l2tp,debug,packet (M) Framing-Capabilities=0x1
03:54:39 echo: l2tp,debug,packet (M) Bearer-Capabilities=0x0
03:54:39 echo: l2tp,debug,packet Firmware-Revision=0x1
03:54:39 echo: l2tp,debug,packet (M) Host-Name="l2tp-client1"
03:54:39 echo: l2tp,debug,packet Vendor-Name="MikroTik"
03:54:39 echo: l2tp,debug,packet (M) Assigned-Tunnel-ID=5
03:54:39 echo: l2tp,debug,packet (M) Receive-Window-Size=4
[admin@l2tp-client1] >
03:54:43 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 0.0.0.0:1701
03:54:43 echo: l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
03:54:43 echo: l2tp,debug,packet (M) Message-Type=SCCRQ
03:54:43 echo: l2tp,debug,packet (M) Protocol-Version=0x01:00
03:54:43 echo: l2tp,debug,packet (M) Framing-Capabilities=0x1
03:54:43 echo: l2tp,debug,packet (M) Bearer-Capabilities=0x0
03:54:43 echo: l2tp,debug,packet Firmware-Revision=0x1
03:54:43 echo: l2tp,debug,packet (M) Host-Name="l2tp-client1"
03:54:43 echo: l2tp,debug,packet Vendor-Name="MikroTik"
03:54:43 echo: l2tp,debug,packet (M) Assigned-Tunnel-ID=5
03:54:43 echo: l2tp,debug,packet (M) Receive-Window-Size=4
[admin@l2tp-client1] >
03:54:51 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 0.0.0.0:1701
03:54:51 echo: l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
03:54:51 echo: l2tp,debug,packet (M) Message-Type=SCCRQ
03:54:51 echo: l2tp,debug,packet (M) Protocol-Version=0x01:00
03:54:51 echo: l2tp,debug,packet (M) Framing-Capabilities=0x1
03:54:51 echo: l2tp,debug,packet (M) Bearer-Capabilities=0x0
03:54:51 echo: l2tp,debug,packet Firmware-Revision=0x1
03:54:51 echo: l2tp,debug,packet (M) Host-Name="l2tp-client1"
03:54:51 echo: l2tp,debug,packet Vendor-Name="MikroTik"
03:54:51 echo: l2tp,debug,packet (M) Assigned-Tunnel-ID=5
03:54:51 echo: l2tp,debug,packet (M) Receive-Window-Size=4
[admin@l2tp-client1] >
03:54:59 echo: l2tp,debug tunnel 5 received no replies, disconnecting
03:54:59 echo: l2tp,debug tunnel 5 entering state: dead
03:54:59 echo: l2tp,debug session 1 entering state: dead
03:54:59 echo: l2tp,ppp,info l2tp-client1: terminating... - session closed
03:54:59 echo: l2tp,ppp,debug l2tp-client1: LCP lowerdown
03:54:59 echo: l2tp,ppp,debug l2tp-client1: LCP down event in starting state
03:54:59 echo: l2tp,ppp,info l2tp-client1: disconnected
[admin@l2tp-client1] >
(2 messages discarded)
03:55:00 echo: l2tp,debug tunnel 6 entering state: wait-ctl-reply
03:55:00 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 0.0.0.0:1701
03:55:00 echo: l2tp,debug,packet tunnel-id=0, session-id=0, ns=0, nr=0
03:55:00 echo: l2tp,debug,packet (M) Message-Type=SCCRQ
03:55:00 echo: l2tp,debug,packet (M) Protocol-Version=0x01:00
03:55:00 echo: l2tp,debug,packet (M) Framing-Capabilities=0x1
03:55:00 echo: l2tp,debug,packet (M) Bearer-Capabilities=0x0
03:55:00 echo: l2tp,debug,packet Firmware-Revision=0x1
03:55:00 echo: l2tp,debug,packet (M) Host-Name="l2tp-client1"
03:55:00 echo: l2tp,debug,packet Vendor-Name="MikroTik"
03:55:00 echo: l2tp,debug,packet (M) Assigned-Tunnel-ID=6
03:55:00 echo: l2tp,debug,packet (M) Receive-Window-Size=4
[admin@l2tp-client1] >
(99 messages discarded)
03:55:01 echo: l2tp,ppp,debug,packet l2tp-client1: sent IPCP ConfReq id=0x8
03:55:01 echo: l2tp,ppp,debug,packet <addr 172.16.1.61>
03:55:01 echo: l2tp,ppp,debug,packet l2tp-client1: rcvd MPLSCP ConfAck id=0x4
03:55:01 echo: l2tp,ppp,debug l2tp-client1: MPLSCP opened
03:55:01 echo: l2tp,ppp,info l2tp-client1: connected
03:55:01 echo: l2tp,ppp,debug,packet l2tp-client1: rcvd CCP ConfAck id=0x4
03:55:01 echo: l2tp,ppp,debug,packet <mppe 1000040>
03:55:01 echo: l2tp,ppp,debug l2tp-client1: CCP opened
03:55:01 echo: l2tp,ppp,info l2tp-client1: using encoding - MPPE128 stateless
03:55:01 echo: l2tp,ppp,debug,packet l2tp-client1: rcvd IPCP ConfAck id=0x8
03:55:01 echo: l2tp,ppp,debug,packet <addr 172.16.1.61>
03:55:01 echo: l2tp,ppp,debug l2tp-client1: IPCP opened
[admin@l2tp-client1] >
(2 messages discarded)
03:56:01 echo: l2tp,debug,packet (M) Message-Type=HELLO
03:56:01 echo: l2tp,debug,packet rcvd control message from 192.168.1.2:1701 to 192.168.1.6:1701
03:56:01 echo: l2tp,debug,packet tunnel-id=6, session-id=0, ns=2, nr=4
03:56:01 echo: l2tp,debug,packet (M) Message-Type=HELLO
03:56:01 echo: l2tp,debug,packet sent control message (ack) to 192.168.1.2:1701 from 192.168.1.6:1701
03:56:01 echo: l2tp,debug,packet tunnel-id=4, session-id=0, ns=5, nr=3
03:56:01 echo: l2tp,debug,packet rcvd control message (ack) from 192.168.1.2:1701 to 192.168.1.6:1701
03:56:01 echo: l2tp,debug,packet tunnel-id=6, session-id=0, ns=3, nr=5
03:56:01 echo: l2tp,ppp,debug,packet l2tp-client1: sent LCP EchoReq id=0x0
03:56:01 echo: l2tp,ppp,debug,packet <magic 0x7de9507a>
03:56:01 echo: l2tp,ppp,debug,packet l2tp-client1: rcvd LCP EchoRep id=0x0
03:56:01 echo: l2tp,ppp,debug,packet <magic 0x66331cb9>
[admin@l2tp-client1] >
03:56:31 echo: l2tp,ppp,debug,packet l2tp-client1: rcvd LCP EchoReq id=0x0
03:56:31 echo: l2tp,ppp,debug,packet <magic 0x66331cb9>
03:56:31 echo: l2tp,ppp,debug,packet l2tp-client1: sent LCP EchoRep id=0x0
03:56:31 echo: l2tp,ppp,debug,packet <magic 0x7de9507a>
[admin@l2tp-client1] >
03:57:01 echo: l2tp,debug,packet sent control message to 192.168.1.2:1701 from 192.168.1.6:1701
03:57:01 echo: l2tp,debug,packet tunnel-id=4, session-id=0, ns=5, nr=3
03:57:01 echo: l2tp,debug,packet (M) Message-Type=HELLO
03:57:01 echo: l2tp,debug,packet rcvd control message from 192.168.1.2:1701 to 192.168.1.6:1701
03:57:01 echo: l2tp,debug,packet tunnel-id=6, session-id=0, ns=3, nr=5
03:57:01 echo: l2tp,debug,packet (M) Message-Type=HELLO
03:57:01 echo: l2tp,debug,packet sent control message (ack) to 192.168.1.2:1701 from 192.168.1.6:1701
03:57:01 echo: l2tp,debug,packet tunnel-id=4, session-id=0, ns=6, nr=4
03:57:01 echo: l2tp,debug,packet rcvd control message (ack) from 192.168.1.2:1701 to 192.168.1.6:1701
03:57:01 echo: l2tp,debug,packet tunnel-id=6, session-id=0, ns=4, nr=6
Top
 
Sidius
just joined
Posts: 1
Joined: Sun Apr 28, 2019 12:49 pm

Re: l2tp client issue- connecting

Sun Apr 28, 2019 2:11 pm

I have the same issue with new 6.44.1 and 6.44.3.
I have 6.44.1 putted as VPN server in my main site.
And i have 6.44.3 is far from in village.
In village i have do not so stable internet connection and it's disappear often.
So when internet connection is disappear and bring back my l2tp connection is not establish

Logs from Mikrotik on server side 6.44.1
Code: Select all
11:12:15 ipsec,info respond new phase 1 (Identity Protection): server.ip[500]<=>client.ip[500] 
11:12:25 ipsec,info the packet is retransmitted by client.ip[500]. 
11:12:35 ipsec,info the packet is retransmitted by client.ip[500]. 
11:12:38 ipsec,error phase1 negotiation failed due to time up server.ip[500]<=>client.ip[500] bddf6a38eef103ca:7a4209342a239ce7
and so on


Logs from Mikrotik on client side 6.44.3
Code: Select all
11:12:42 l2tp,ppp,info l2tp-out1: initializing... 
11:12:42 l2tp,ppp,info l2tp-out1: connecting... 
11:12:45 ipsec,info initiate new phase 1 (Identity Protection): client.ip[500]<=>server.ip[500] 
11:13:09 l2tp,ppp,info l2tp-out1: terminating... - session closed 
11:13:09 l2tp,ppp,info l2tp-out1: disconnected 
11:13:10 ipsec,info ISAKMP-SA deleted client.ip[500]-server.ip[500] spi:spi:bddf6a38eef103ca:0000000000000000 rekey:1
and so on

When i disable l2tp-out1 for a several minutes and re-enable it - it's connect without any problems.
So maybe there are any solutions to fix it?
Top
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11564
Joined: Mon Dec 04, 2017 9:19 pm

Re: l2tp client issue- connecting

Sat May 04, 2019 11:00 pm

It looks like some connection in a firewall needs to die on timeout to allow things to start happening properly. What the log at 6.44.1 says is that the machine receives retransmissions of the first IPsec packet aimed to establish the connection from the initiator after it has responded to the first one to arrive, which suggests that the responses never reach the initiator.

So while that situation exists, what does /ip firewall connection print detail where dst-address~":(500|1701|4500)\$" or src-address~":(500|1701|4501)\$" show at both ends?
Top
Post Reply
  4. RouterOS
  5. General