I've tested a VPN setup with IPSec/L2TP which seems to work as expected, almost.
It works nice for clients including NAT'ed as long as there is only one client, if there are a second client connecting which is behind the same NAT device the first tunnel is "replaced".
I believe the problem can be that the generated policys gets level=require instead of level=unique.
/ip ipsec peer
Code: Select all
/ip ipsec peer add address=0.0.0.0/0 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main-l2tp generate-policy=yes hash-algorithm=sha1 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 secret=xxxx send-initial-contact=no
Code: Select all
0 D src-address=x.x.x.x/x src-port=any dst-address=y.y.y.y/y dst-port=any protocol=udp action=encrypt level=require ipsec-protocols=esp tunnel=no sa-src-address=x.x.x.x sa-dst-address=y.y.y.y/y proposal=default priority=2
Thanks!