Answer the question
In order to leave comments, you need to log in
ubuntu server 14.04, mikrotik how L2TP/iPSec client not working?
There is a server under ubuntu 14.04, L2TP / IPSec, Windows 7 connects, Nexus 7 connects, mikrotik does not work, and it works without IPSec, but not with it. Does anyone have it, can you share your experience?
I'll post the config if needed.
Answer the question
In order to leave comments, you need to log in
mikrotik
address=46.28.xxx.xxx local-address=31.134.xxx.xxx passive=no port=500
auth-method=pre-shared-key
secret="xxxxxxxxxxxxxxxxxxxxxxxx" generate-policy=no
policy-template-group=default exchange -mode=main-l2tp
send-initial-contact=no nat-traversal=no hash-algorithm=sha1
enc-algorithm=3des,aes-128,aes-256 dh-group=modp1024 lifetime=8h
dpd-interval=disable- dpd dpd-maximum-failures=5
src-address=31.134.xxx.xxx/32 src-port=any dst-address=46.28.xxx.xxx/32
dst-port=any protocol=all action=encrypt level=require
ipsec -protocols=esp tunnel=yes sa-src-address=31.134.xxx.xxx
sa-dst-address=46.28.xxx.xxx proposal=default priority=0
ipsec.conf
version 2 # conforms to second version of ipsec.conf specification
config setup
dumpdir=/var/run/pluto/
#in what directory should things started by setup (notably the Pluto daemon) be allowed to dump core?
protostack=netkey
#decide which protocol stack is going to be used.
force_keepalive=yes
keep_alive=60
nat_traversal=yes
#whether to accept/offer to support NAT (NAPT, also known as "IP Masqurade") workaround for IPsec
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16 .0.0/12,%v6:fd00::/8,%v6:fe80::/10
#contains the networks that are allowed as subnet= for the remote client. In other words, the address ranges that may live behind a NAT router through whi$
# Send a keep-alive packet every 60 seconds.
conn L2TP-PSK-noNAT
authby=secret
#shared secret. Use rsasig for certificates.
pfs=no
#Disable pfs
auto=add
#the ipsec tunnel should be started and routes created when the ipsec daemon itself starts.
keyingtries=3
#Only negotiate a conn. 3 times.
ikelifetime=8h
keylife=1h
ike=aes256-sha1,aes128-sha1,3des-sha1
phase2alg=aes256-sha1,aes128-sha1,3des-sha1
# https://lists.openswan.org/pipermail/users/2014-Ap ...
# specifies the phase 1 encryption scheme, the hashing algorithm, and the diffie-hellman group. The modp1024 is for Diffie-Hellman 2. Why 'modp' instead o$
type=transport
#because we use l2tp as tunnel protocol
left=46.28.xxx.xxx
#fill in server IP above
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
dpddelay=10
# Dead Peer Dectection (RFC 3706) keepalives delay
dpdtimeout=20
# length of time (in seconds) we will idle without hearing either an R_U_THERE poll from our peer, or an R_U_THERE_ACK reply.
dpdaction=clear
# When a DPD enabled peer is declared dead, what action should be taken. clear means the route and SA with both be cleared.
I can't find openswan logs, I'll post them later.
Already recently: Mikrotik+Softether: L2TP over IPsec - how to set up Mikrotik?
The server is different, but the problem was also solved by the Mikrotik settings.
Did not help?
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question