Community discussions

MikroTik App
 
Nova
newbie
Topic Author
Posts: 25
Joined: Mon Aug 04, 2014 3:44 pm
Location: Spain // Germany

Questions about L2TP/IPSEC.

Wed Sep 17, 2014 12:32 pm

Good day,

I'm running Mikrotik v6.19 at the moment, and I need to configure some IPSEC/L2TP, but I have a few questions that I couldn't find any answer.

- There is a way to only allow L2TP traffic if a corresponding IPSec tunnel is up and working? Because I've read somewhere in the forum that if IPSEC fails, it still connects the L2TP tunnel and could be possible that the L2TP tunnel runs without encryption and there's no way to know it.

- Do we need MPPE encryption when IPSec is enabled? Probably no. But actually it seems to be active. Is there a way to check if it is really working? I ask this because in the release notes of v6.19 they said: “*) l2tp - force l2tp to not use MPPE encryption if IPsec is used;” How can we be sure that it is disabled?


edit:
-What exactly does activate IPSEC Option in L2TP server?(It was new in 6.16 if i rembember correctly) If have a IPSEC peer already with his key, is necesary to mark the option with the same key? or other key? or is not necesary at all?

Thanks.
 
Clauu
Member Candidate
Member Candidate
Posts: 217
Joined: Fri Mar 21, 2014 8:27 pm
Location: RO

Re: Questions about L2TP/IPSEC.

Wed Sep 17, 2014 5:11 pm

You would know if ipsec fails from logs or from ppp-active connections
 
Nova
newbie
Topic Author
Posts: 25
Joined: Mon Aug 04, 2014 3:44 pm
Location: Spain // Germany

Re: Questions about L2TP/IPSEC.

Thu Sep 18, 2014 10:14 am

Thank you for the answer, but I can't stay every x mins looking at the log.
Would be nice if l2tp only runs when ipsec is active, and if ipsec fails, l2tp stops. But I don't know if it is possible.
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1162
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: Questions about L2TP/IPSEC.

Thu Sep 18, 2014 11:52 am

Do NOT use MPPE when using L2TP with IPSec.
IPSec provides encryption, you do not need MPPE.

As for securing L2TP server to IPSec only:
http://wiki.mikrotik.com/wiki/Securing_ ... _for_IPSec

Who is online

Users browsing this forum: haianh and 18 guests