Community discussions

MikroTik App
 
omidi
newbie
Topic Author
Posts: 28
Joined: Tue Jul 12, 2011 10:22 am

Need Help: L2TP Client Interface with shared secret key

Mon Dec 12, 2011 11:58 pm

Hi

I try to set up a RB450G as a VPN L2TP Client, The problem is my i need setup a L2TP key (shared secret) plus Username and password.
how i do that? I cant find how i set up L2TP key (shared secret) in L2TP Client Interface.
I test it on a Windows box and the account have no problem.
Please Help.
 
User avatar
perspetolis
Member Candidate
Member Candidate
Posts: 103
Joined: Tue Aug 02, 2011 9:08 pm
Location: Tehran
Contact:

Re: Need Help: L2TP Client Interface with shared secret key

Tue Dec 13, 2011 8:05 pm

hi
if your request is user name and password for L2TP Client,you can do this in L2TP Client configuration.
example of this config is :
name=user name of your account
password=password of your account

[admin] /interface l2tp-client>add name=l2tp-hm user=l2tp-hm password=123 \
\... connect-to=10.1.101.100 disabled=no
[admin] /interface l2tp-client> print detail
Flags: X - disabled, R - running
0 name="l2tp-hm" max-mtu=1460 max-mru=1460 mrru=disabled
connect-to=10.1.101.100 user="l2tp-hm" password="123"
profile=default-encryption add-default-route=no dial-on-demand=no
allow=pap,chap,mschap1,mschap2

for more learn about l2tp configuration,go to this address : http://wiki.mikrotik.com/wiki/Manual:Interface/L2TP

also, for learn about ppp profile you can go to this address : http://wiki.mikrotik.com/wiki/Manual:PP ... r_Profiles
PPP profiles are used to define default values for user access records stored under /ppp secret submenu. Settings in /ppp secret User Database override corresponding /ppp profile settings except that single IP addresses always take precedence over IP pools when specified as local-address or remote-address parameters
---------------------------------------------------
Mohsen Farahani
MTCNA-MTCWE-MTCTCE
http://www.ipsolution.ir
 
omidi
newbie
Topic Author
Posts: 28
Joined: Tue Jul 12, 2011 10:22 am

Re: Need Help: L2TP Client Interface with shared secret key

Wed Dec 14, 2011 11:48 am

hi perspetolis

tanx for your reply.
but my problem actually is i cant find where i set L2TP key (shared secret) that i need it to set in connection.
in windows we can set it in L2TP Connection Properties/Security/Advanced Settings/ "Use preshared key for authentication"
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6701
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Need Help: L2TP Client Interface with shared secret key

Wed Dec 14, 2011 11:54 am

I assume that you want to make L2TP/IPsec connection.
Shared secret is in ipsec configuration,
http://wiki.mikrotik.com/wiki/MikroTik_ ... IPSec/L2TP
 
omidi
newbie
Topic Author
Posts: 28
Joined: Tue Jul 12, 2011 10:22 am

Re: Need Help: L2TP Client Interface with shared secret key

Wed Dec 14, 2011 2:06 pm

Hi mrz,

Yes. i want make a L2TP/IPsec connection.
but in my network RB450G is the L2TP client not the server. is this supported?
can i set secret ket with ip ipsec peer when the RB450G is client that make connection?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6701
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Need Help: L2TP Client Interface with shared secret key

Wed Dec 14, 2011 3:01 pm

Yes It is possible. Proper ipsec peer and policy configuration is required.
 
omidi
newbie
Topic Author
Posts: 28
Joined: Tue Jul 12, 2011 10:22 am

Re: Need Help: L2TP Client Interface with shared secret key

Wed Dec 14, 2011 3:12 pm

well, my connection work on windows. base on that what is proper setup.
excuse me i,m not a mikrotik pro.

here is my config so far:

/interface l2tp-client
add add-default-route=yes allow=mschap1,mschap2 connect-to=*.*.*.* \
dial-on-demand=no disabled=no max-mru=1460 max-mtu=1460 mrru=disabled \
name=l2tp-out1 password=****** profile=default-encryption user=****

/ip ipsec peer
add address=*.*.*.*/32 auth-method=pre-shared-key dh-group=modp1024 \
disabled=no dpd-interval=disable-dpd dpd-maximum-failures=1 \
enc-algorithm=3des exchange-mode=main generate-policy=yes hash-algorithm=\
sha1 lifebytes=0 lifetime=1d my-id-user-fqdn="" nat-traversal=no port=500 \
proposal-check=obey secret=******* send-initial-contact=yes

i have no ipsec policy what should be policy setting?

tanx a lot for your help
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6701
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Need Help: L2TP Client Interface with shared secret key

Wed Dec 14, 2011 3:32 pm

in peer configuration set generate-policy=no
and add policy manually

src and dst addresses should be public l2tp client address(src) and server address (dst)
 
omidi
newbie
Topic Author
Posts: 28
Joined: Tue Jul 12, 2011 10:22 am

Re: Need Help: L2TP Client Interface with shared secret key

Wed Dec 14, 2011 5:00 pm

hi again

tanx mrz i add the policy. i totaly confused about that:
i go with this
http://wiki.mikrotik.com/wiki/L2TP_%2B_ ... ik_routers
and it didnt work yet.
here is what "netsh ipsec dynamic show all" say on windows that work fine with connection. what is the same parameter in Mikrotik ?


IKE Main Mode SAs at 12/14/2011 6:11:38 PM
----------------------------------------------------------------------
Cookie Pair : *******
Sec Methods : NONE/SHA1/5/28800
Auth Mode : Preshared Key
Source : 192.168.0.22 , port 37905
ID : 192.168.0.22
Destination : SERVER_IP_ADDRESS , port 37905
ID : SERVER_IP_ADDRESS



Quick Mode SAs
--------------

Transport Filter

Source Address : 192.168.0.22
Destination Address : SERVER_IP_ADDRESS
Protocol : UDP
Source Port : 1701
Destination Port : 1701
Direction : Outbound
Encapsulation Type : Other
Source UDP Encap port : 4500
Dest UDP Encap port : 4500
Peer Private Addr : 0.0.0.0

Offer Used

Offer Used

AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
---------- ------------- ------- ------------
None None SHA1 <Unassigned>

IPsec Configuration Parameters
------------------------------
StrongCRLCheck : 1
IPsecexempt : 3

and here is what Connection detail say:

Image
 
omidi
newbie
Topic Author
Posts: 28
Joined: Tue Jul 12, 2011 10:22 am

Re: Need Help: L2TP Client Interface with shared secret key

Sun Dec 18, 2011 11:54 am

Hi, I'm still looking for help.
 
hendramaulana
just joined
Posts: 2
Joined: Wed Sep 25, 2013 2:59 am

Re: Need Help: L2TP Client Interface with shared secret key

Wed Sep 25, 2013 3:05 am

You can make new Peers and Proposal in IPsec menu at Mikrotik, same as like you made on L2TP server side..
The secret key can you enter on "secret" line..
 
hendramaulana
just joined
Posts: 2
Joined: Wed Sep 25, 2013 2:59 am

Re: Need Help: L2TP Client Interface with shared secret key

Wed Sep 25, 2013 3:13 am

Hi, I'm still looking for help.
In "IPsec" menu, you can add new "Peers" and "Proposal" on Mikrotik L2TP client same as like you made on L2TP server side..
The secret key can enter on "Secret" line on "Peers" tab.. Remember to change "Excahange Mode" to "Main l2tp" when you make new "Peers"

See this video, but on client you implement on Mikrotik with the same as "Peers" and "Proposal" like on server side..
http://www.youtube.com/watch?v=OBlUaZw9uNU
 
kemott1
just joined
Posts: 2
Joined: Thu Mar 13, 2014 2:56 pm

Re: Need Help: L2TP Client Interface with shared secret key

Thu Mar 13, 2014 2:59 pm

Hello,

I have some peoblem. "How to setting L2TP/ IPSec Client on Mikrotik with Pre Shared key ? "
 
kemott1
just joined
Posts: 2
Joined: Thu Mar 13, 2014 2:56 pm

Re: Need Help: L2TP Client Interface with shared secret key

Thu Mar 13, 2014 3:01 pm

Hi

I try to set up a RB450G as a VPN L2TP Client, The problem is my i need setup a L2TP key (shared secret) plus Username and password.
how i do that? I cant find how i set up L2TP key (shared secret) in L2TP Client Interface.
I test it on a Windows box and the account have no problem.
Please Help.
Anyone have solution ?
 
vsimoesbh
just joined
Posts: 1
Joined: Wed May 04, 2016 9:02 pm

Re: Need Help: L2TP Client Interface with shared secret key

Wed May 04, 2016 9:06 pm

Hi

I try to set up a RB450G as a VPN L2TP Client, The problem is my i need setup a L2TP key (shared secret) plus Username and password.
how i do that? I cant find how i set up L2TP key (shared secret) in L2TP Client Interface.
I test it on a Windows box and the account have no problem.
Please Help.
Anyone have solution ?
Thats the same issue i have in here.

I need to know how i set the shared secret, where i can paste it?

Also, the VPN interface keeps asking for a username, wich i dont have cause my vpn uses a shared secret.

Any idea?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6701
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Need Help: L2TP Client Interface with shared secret key

Wed May 11, 2016 5:48 pm

In ros v6 it is very easy. Enable checkbox "use-ipsec" and specify ipsec secret.
Ipsec peer and policy will be automatically generated that works with most of devices, tested iphones, macos, windows xp-10 and androids.
 
User avatar
arnaldo
newbie
Posts: 27
Joined: Wed Sep 21, 2016 2:38 am
Location: localhost.localdomain

Re: Need Help: L2TP Client Interface with shared secret key

Wed Sep 21, 2016 2:45 am

(at least) On 6.36.3 we can defer the creation of the IPSec peer and policy to ROS, for setting up either a L2TP/IPSec server or client.

I need to set up both. Setting up the server works fine and I can connect from our target road warrior devices, iOS and Mac OS X.

But I also need to make our Mikrotik routers to connect to a L2TP/IPSec server running Ubuntu (do not ask me why, no my choice here). I can connect to that server from iOS, MacOS and Windows.

From the Mikrotik router it simply stays "connecting" forever and I see no clues with the router.

Any ideas?

Thanks in advance!
 
vampy
just joined
Posts: 11
Joined: Fri May 30, 2014 6:43 pm

Re: Need Help: L2TP Client Interface with shared secret key

Mon Sep 26, 2016 4:11 pm

I exactly have the same problem.

I try to connect with mikrotik l2tp client and ipsec secret to our cisco vpn server.

Connecting with Android, Windowa whatsoever is no problem.

Tried everything on the mikrotik....
 
pe1chl
Forum Guru
Forum Guru
Posts: 8638
Joined: Mon Jun 08, 2015 12:09 pm

Re: Need Help: L2TP Client Interface with shared secret key

Mon Sep 26, 2016 4:33 pm

When it does not connect, it usually means there are no common authentication and encryption methods
that both sides accept. When both sides accept sha1 and aes-128-cbc there is no problem, but these days
you have those security fanatics that say those codes are broken and need to be replaced by something
better, and then you are at the mercy of the guys that setup the configuration for your OS.
 
vampy
just joined
Posts: 11
Joined: Fri May 30, 2014 6:43 pm

Re: Need Help: L2TP Client Interface with shared secret key

Tue Sep 27, 2016 5:48 pm

Ok my l2tp ipsec client connection to the cisco vpn server is working now.
I had a phase 2 qm fsm error on the logs from the cisco server.
You were right about the encryption methods pe1chl.
I had to change some ispec proposal encryption things.
I attach a picture if someone is interested.

Image

Now I have internet access (ping) from the l2tp-out1 interface to the internet.
But I don't have access to the internet from wlan1 and eth1 interface.

How can I forward the traffic from the l2tp-out1 interface to the wlan1 interface?
I already checked the NAT box on the quick set page.
I don't have any firewall rules enabled.

Thanks in advance!
 
pe1chl
Forum Guru
Forum Guru
Posts: 8638
Joined: Mon Jun 08, 2015 12:09 pm

Re: Need Help: L2TP Client Interface with shared secret key

Tue Sep 27, 2016 7:47 pm

It probably should just work, maybe you need to change the outgoing interface on the NAT page?
 
vampy
just joined
Posts: 11
Joined: Fri May 30, 2014 6:43 pm

Re: Need Help: L2TP Client Interface with shared secret key

Tue Sep 27, 2016 8:35 pm

I already tried that, did not work.

Edit: I saw, that it is not listed under active connections ppp tab.
It also does not have any blinking arrows in interfaces.

But the l2tp ipsec client is connected and I can ping with l2tp-out1 interface to the internet....
 
vampy
just joined
Posts: 11
Joined: Fri May 30, 2014 6:43 pm

Re: Need Help: L2TP Client Interface with shared secret key

Thu Sep 29, 2016 11:51 am

Does anyone have a clue?
 
pe1chl
Forum Guru
Forum Guru
Posts: 8638
Joined: Mon Jun 08, 2015 12:09 pm

Re: Need Help: L2TP Client Interface with shared secret key

Thu Sep 29, 2016 12:33 pm

You need to post your config and describe what you want.
But do it in a new topic because it is not at all related to this topic.
 
sepehrtorahi
just joined
Posts: 1
Joined: Tue Feb 19, 2019 2:18 pm

Re: Need Help: L2TP Client Interface with shared secret key

Tue Feb 19, 2019 2:24 pm

I need to set ipsec secret for my l2tp server in v5.20 but it's not like v6 router os , i can't find ipsec secret filed like v6 os and i can't find any topic to help me for this version of os , i found something but it doesn't work , what shall i do ?
please help ....
tnx :D

Who is online

Users browsing this forum: BartoszP, BrainTrance, Google [Bot], Jotne, sindy, sy4 and 34 guests