Community discussions

MikroTik App
  4. RouterOS
  5. RouterOS beta

IPSEC/L2TP fails on first connection attempt

Post Reply
 
mfischer
just joined
Topic Author
Posts: 8
Joined: Fri May 10, 2019 3:39 pm

IPSEC/L2TP fails on first connection attempt

Fri Jan 17, 2020 12:16 pm

Hi!

I have setup a IPSEC over L2TP VPN Tunnel with PSK.

Here is my problem: When I try to connect using a Windows 7 PC I get an error (628) on the first connection attempt. It gets stuck on "Username and password verification" and after some time error 628 pops up. When I hit "Retry" it connects instantly.

Log of unsuccessful connection attempt:
Code: Select all
09:46:04 ipsec,info respond new phase 1 (Identity Protection): 91.114.39.18[500]<=>84.114.180.14[14925]
09:46:05 ipsec,info ISAKMP-SA established 91.114.39.18[4500]-84.114.180.14[57433] spi:23cca45764b070d7:eea7e3c963fcea73
09:46:05 l2tp,info first L2TP UDP packet received from 84.114.180.14
Log of successful connection attempt:
Code: Select all
09:46:54 ipsec,info purging ISAKMP-SA 91.114.39.18[4500]<=>84.114.180.14[57433] spi=23cca45764b070d7:eea7e3c963fcea73.
09:46:54 ipsec,info ISAKMP-SA deleted 91.114.39.18[4500]-84.114.180.14[57433] spi:23cca45764b070d7:eea7e3c963fcea73 rekey:1
09:46:57 ipsec,info respond new phase 1 (Identity Protection): 91.114.39.18[500]<=>84.114.180.14[41920]
09:46:58 ipsec,info ISAKMP-SA established 91.114.39.18[4500]-84.114.180.14[55334] spi:d33d89d143b08acd:08ca7a85b78c1903
09:46:58 l2tp,info first L2TP UDP packet received from 84.114.180.14
09:46:58 l2tp,ppp,info,account mfischer logged in, 192.168.37.250
09:46:58 l2tp,ppp,info <l2tp-mfischer>: authenticated
09:46:58 l2tp,ppp,info <l2tp-mfischer>: connected
Do you guys have any hints on what the problem could be?

Thanks, Mike
Top
 
balexiev
just joined
Posts: 5
Joined: Thu May 21, 2020 12:22 am

Re: IPSEC/L2TP fails on first connection attempt

Fri Oct 08, 2021 1:19 pm

Hello, quite an old question, but I stumbled upon the same issue with a client even today, so someone might benefit from the info.

The issue occurs on Windows 7 if you choose the "Data encryption" option in the Security tab to "Maximum strength encryption". This happnes because the router usually has the 256 bit aes cbc option enabled, but in this case Windows 7 connects at 128 bits. The resolution should be to select "Require encryption" instead. Of course, you can research if and how Windows 7 can use 256 bits encryption, I don't recall that.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 33 guests
  4. RouterOS
  5. RouterOS beta