Community discussions

MikroTik App
 
jamessg
just joined
Topic Author
Posts: 6
Joined: Tue Oct 08, 2013 9:10 pm

Help needed to setup L2TP with IPSEC

Tue Oct 08, 2013 9:38 pm

Sorry for repost, somehow my previous post disappeared?

Attach is how I setup my network and I have problem getting internet connectivity and cannot access the LAN devices in 192.168.1.x
I can connect though but just nothing. Followed the wiki and write up etc, still don't work.

Any help is very much appreciated please. Thank you.
InfoMikroTik.pdf
You do not have the required permissions to view the files attached to this post.
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Help needed to setup L2TP with IPSEC

Mon Feb 17, 2014 7:56 am

Did you enable proxy arp on the LAN interface?
 
jamessg
just joined
Topic Author
Posts: 6
Joined: Tue Oct 08, 2013 9:10 pm

Re: Help needed to setup L2TP with IPSEC

Mon Feb 17, 2014 2:22 pm

Did you enable proxy arp on the LAN interface?
how do i do that?
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Help needed to setup L2TP with IPSEC

Mon Feb 17, 2014 7:27 pm

Goto the LAN interface and in the ARP section, choose proxy-arp.
 
jamessg
just joined
Topic Author
Posts: 6
Joined: Tue Oct 08, 2013 9:10 pm

Re: Help needed to setup L2TP with IPSEC

Tue Mar 04, 2014 6:44 pm

Goto the LAN interface and in the ARP section, choose proxy-arp.

just realised, yes it is already proxy-arp.
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:

Re: Help needed to setup L2TP with IPSEC

Wed Mar 05, 2014 11:58 am

Hello,

In your L2TP_Profile, your local address seems to be wrong, it should be 192.168.1.1 instead, isn't it?
 
jaytcsd
Member
Member
Posts: 335
Joined: Wed Dec 29, 2004 9:50 am
Location: Pittsboro IN
Contact:

Re: Help needed to setup L2TP with IPSEC

Wed Mar 05, 2014 12:13 pm

I'm only running one MT, this works for me, your screen prints look very similar.

http://mikrotik.patokatech.com/
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Help needed to setup L2TP with IPSEC

Tue Mar 18, 2014 5:23 pm

I can't tell from the pdf if you are NAT'ing the VPN traffic to be able to reach the Internet, but I could see that you seem to be missing the src-nat rules for IPSEC. I also agree that it does not make sense to terminate your VPN at 192.168.1.40 when the router is already 192.168.1.1. Usually, I make the local address something that is within the subnet of the remote address. As for the firewall, I believe you will also need to open up the GRE protocol for IPSEC. One last thought, you may have to use PBR or and exclusion rule to ensure that the VPN connection is not using the PCC. Try troubleshooting it this way:
Can the L2TP tunnel reach the Internet or the LAN with out the IPSEC? If not, try disabling the firewall and see if that helps.

In order to understand what is breaking down, we know at which step in the process is it breaking down. Does the L2TP tunnel work? If not is it the rules in the Firewall that are preventing it from working? If it is working, then is it the IPSEC portion that is breaking down?
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Help needed to setup L2TP with IPSEC

Wed Mar 26, 2014 4:50 pm

Were you ever able to resolve this problem?
 
megasohaib
just joined
Posts: 14
Joined: Tue Mar 25, 2014 11:33 am

Re: Help needed to setup L2TP with IPSEC

Sun Mar 30, 2014 2:28 pm

Hello Team, I hope you are all fine.

I have some problem with my Ipsec vpn between multiple sites. my 5 sites are connected with same ISP through MIKROTIOK ROUTER IPSEC TUNNEL. sites are a,b,c,d,e. a site is my head office and b,c,d,e sites is my clients(branches). all clients are connected with head office (a) through ipsec tunnel and working properly.But problem is that (b) not connected to (c,d,e) and (c) not connected to (b,d,e) and (d) not connected to (b,c,e) and (e) not connected to (b,c,d). Other words is (b,c,d,e) are not connected to eachother. All sites have different subnets.
Kindly give me some help that what i do work on my head office mikrotik router (a).

Although i was add subnet on routes opetion of my branches. but issed are same.


Regards
Sohaib
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Help needed to setup L2TP with IPSEC

Mon Mar 31, 2014 5:07 pm

Without seeing your config... my first guess would be that you need the routes and the polices set correctly. Each IPSEC tunnel will need the polices set for each subnet that is passing through it and each client will need a routing statement of where to find those subnets.
 
jamessg
just joined
Topic Author
Posts: 6
Joined: Tue Oct 08, 2013 9:10 pm

Re: Help needed to setup L2TP with IPSEC

Tue Apr 01, 2014 9:39 am

How do i export my settings?

yes problem is still not solved.
 
User avatar
rickfrey
Trainer
Trainer
Posts: 609
Joined: Sun Feb 14, 2010 11:41 pm
Location: Van, Texas
Contact:

Re: Help needed to setup L2TP with IPSEC

Tue Apr 01, 2014 5:51 pm

Goto the terminal and type:
export compact
Then you can copy and paste your configuration onto the forum.

Who is online

Users browsing this forum: sindy and 24 guests