Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
TNT2015-06-16 15:41:34
Mikrotik
TNT, 2015-06-16 15:41:34

How to set up L2TP/IPSec VPN on Mikrotik?

I'm trying to set up a L2TP / IPSec VPN tunnel on the Mikrotik RB951G-2HnD to connect using the iPhone 4.
But nothing happens.
Connection falls off here on it.
Jun/04/2015 21:49:54 ipsec,error phase1 negotiation failed due to time up "My external static IP address"[500]<=>"Arbitrary IP address from the device I'm trying to connect to"[1197] 86dd3e3d2affc4f8:67c23982425b761b
Time on the router and on the iPhone is the same. In the IPSec Peer Connected statistics, it is clear that there is some kind of connection, i.e. to my external address from another address (megaphone 3G). I made passwords for L2TP and IPSec simple to check. In Firewall rules, packets run on the rule where 500 is the UDP port. Packets on the rule with UDP 1701 and 4500, and ipsec-esp do not run on zeros.
Where can be the problem and where to dig? I did everything according to guides and wikis, and I can’t achieve a positive result in any way :(

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
Cool Admin, 2015-06-16
@THT

Do you have it?
/ip ipsec proposal
set default enc-algorithms=aes-128-cbc,aes-256-cbc lifetime=8h \
pfs-group=none
Show other settings.
Here is a good guide https://www.nasa-security.net/mikrotik/mikrotik-l2...

Report
T
TNT, 2015-08-25
@THT

Thank you all for your help. The problem is banal. Megaphone 3G cuts VPN, I think it cuts L2TP 1701 port. Since the working VPN is purely Cisco IPsec, it works fine.
From another network, it turned out to go out through the iPhone normally.
UPDATE: The problem is not even in the megaphone, but in the crooked Firewall settings. I had 4 rules, separate rules. Those. 500 UDP; 1701 UDP; 4500UDP; and 50 (ipsec-esp). And I combined all three UPD rules into one, 500,1701,4500 and it all worked. And on 3G too :) The
following question appeared, can you please help:
I ​​do not see local resources through a VPN connection. a3c6e5cac223450aa6e52a99f73d617a.jpg
192.168.1.1 is the Mikrotik and DNS gateway.
192.168.1.100 - this is the IP address of the device that connects via VPN. Those. iPhone.
192.168.1.254 - why you need to specify Local Address. Specified free. (I also indicated 192.168.1.1)
In the local grid there are devices 192.168.1.3 and 192.168.1.4
Here pings come from Mikrotik through the terminal, but from the iPhone when it is connected via VPN there are no pings and the web interface of the device does not open. Though, the gateway 192.168.1.1 responds and the Internet works, for example yandex.ru.
What needs to be done to make local resources visible? arp-proxy did both on LAN1(master) and on bridge-local. Does not help. Although the subnet is the same.

Similar questions
F
fotonboxx2014-03-12 21:58:07
Mikrotik\RouterOS, VPN tunnel between two offices, each with two links - how to set it up? 8Reply
Z
ZapSpecTech2014-03-14 01:19:44
How to forward voip traffic through a remote server? 3Reply
I
Igor Krivintsov2018-10-15 12:21:08
How to properly tag RDP traffic? 0Reply
F
faegar2016-05-17 12:32:44
How not to change src port when running src-nat or masquerade on Mikrotik? 4Reply
O
ooHikeoo2016-05-17 17:01:08
mikrotik loopback? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question