Community discussions

MikroTik App
Topic Author
Posts: 32
Joined: Wed Sep 06, 2017 4:04 pm

L2tp/IPsec and windows 10 client

Wed Nov 08, 2017 6:47 pm

Hello All.

Due to I couldn't implement an IPsec tunnel I'll do with L2TP which Windows implements it as default.

But I'm getting this error:


This is the code:
/ip pool
add name=poolIPv4 ranges=
add name=poolIPv4-VPN ranges=

/ip dhcp-server
add add-arp=yes address-pool=poolIPv4 disabled=no interface=LAN name=dhcp-IPv4

/ppp profile
add dns-server= local-address= name=VPN remote-address=poolIPv4-VPN use-encryption=required use-ipv6=default
set *FFFFFFFE dns-server= local-address= remote-address=poolIPv4-VPN use-encryption=required

/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=VPN enabled=yes ipsec-secret=123456

/ip address
add address= interface=LAN network=

/ppp secret
add name=user password=123456 profile=VPN service=l2tp

/ip firewall filter
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input protocol=ipsec-esp

/ip firewall nat
add action=masquerade chain=srcnat src-address=
add action=masquerade chain=srcnat

/ip ipsec peer
add address= exchange-mode=main-l2tp   dh-group=modp2048,modp1024 generate-policy=port-override secret=123456

/ip ipsec policy
set 0 dst-address= src-address=

The problem looks that it's on the IPsec encryption but that the standard implementation.
Posts: 43
Joined: Wed Nov 28, 2012 6:49 pm
Location: Windsor ON Canada

Re: L2tp/IPsec and windows 10 client

Wed Nov 08, 2017 11:01 pm

Win10 is using old/weak encryption algorithm...

To fix, under / IP IPSec Peers and Proposals, under Encryption Algorithm, check "3des".

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], lif2k3, martinclaro, rigultru, Semrush [Bot] and 45 guests