Community discussions

MikroTik App
  4. RouterOS
  5. General

L2TP IPsec not working (no reported errors)

Post Reply
 
User avatar
tplecko
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Mon Jun 11, 2007 12:18 pm
Location: Croatia
Contact:
Contact tplecko

L2TP IPsec not working (no reported errors)

Wed Oct 27, 2010 8:23 pm

Why is this not working?
Router 1 Setup: LAN IP 10.10.19.224
/ppp secret add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 local-address=172.16.1.74 name=usr1 password=pwd1 profile=default remote-address=172.16.1.73 routes="" service=l2tp
/ip ipsec proposal set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip ipsec peer add address=172.16.1.73/32:500 auth-method=pre-shared-key comment="" dh-group=modp1024 disabled=no dpd-interval=disable-dpd dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=pwd send-initial-contact=yes
/ip ipsec policy add action=encrypt comment="" disabled=no dst-address=192.168.73.0/24:any ipsec-protocols=esp level=require priority=0 proposal=default protocol=all sa-dst-address=172.16.1.73 sa-src-address=172.16.1.74 src-address=10.10.19.0/24:any tunnel=yes


Router 2 Setup:LAN IP 192.168.73.1
/interface l2tp-client add add-default-route=no allow=pap,chap,mschap1,mschap2 comment="" connect-to=PublicIpOfRouter1 dial-on-demand=no disabled=no max-mru=1460 max-mtu=1460 mrru=disabled name=ZagrebVPN password=pwd1 profile=default-encryption user=usr1
/ip ipsec proposal set default auth-algorithms=sha1 comment="" disabled=no enc-algorithms=3des lifetime=30m name=default pfs-group=modp1024
/ip ipsec peer add address=172.16.1.74/32:500 auth-method=pre-shared-key comment="" dh-group=modp1024 disabled=no dpd-interval=disable-dpd dpd-maximum-failures=1 enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=sha1 lifebytes=0 lifetime=1d nat-traversal=no proposal-check=obey secret=pwd send-initial-contact=yes
/ip ipsec policy add action=encrypt comment="" disabled=no dst-address=10.10.19.0/24:any ipsec-protocols=esp level=require priority=0 proposal=default protocol=all sa-dst-address=172.16.1.74 sa-src-address=172.16.1.73 src-address=192.168.73.0/24:any tunnel=yes

L2TP connects, and it worked fine on its own but now when i added ipsec, i can no longer ping anything and there are no entrys in 'installed SAs' and 'Remote Peers'
Allso, nothing appears in log on eather router (other that the l2tp link is established)

Can anyone help?
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 11 guests
  4. RouterOS
  5. General