Hello,

i have set up my new Mikrotik router and configured vlan, network, firewall already. So all is working fine ... only VPN is my problem which i get not running.

I try to use L2TP over IPsec and IPsec Xauth but no success with both. I see incoming informations on the log but L2TP seems getting no data through the channel and stops after some trys...  IPsec Xauth is active on Android phone a short time 2 secs or so and then closed the connection. On Remote peer i see the Source IP was 0.0.0.0 still....

My config:
Internet has a dynamic IP with DynDNS using it... so i connect to that DNS entry...

A Fritzbox from the local provider is used as internet Dial in on internal network 192.168.10.254 ....  the Mikrotik has it's Eth1 on 192.168.10.1  and the Fritzbox forwarded all as Exposed host to the 192.168.10.1 (Mikrotik)

My internal network where i want to connect the VPN to (Android and iOS phones) is 192.168.11.0/24 (Eth2 / VLANx)

Which is here the best solution to get VPN running and is there any example config i can use for this setup with both sides have dynamic IP's?

Thanks a lot.
Regards,
Ben

Hello,

nobody who can help me?

I want to use Mikrotik product and i am so happy with it so far and want to buy a bigger device (3011) but i need to get VPN running ...

Thanks.
Ben

I got it running now but without L2TP... i used now IPSec with XAuth in aggressive Mode...  

I am busy with a similar setup, how did you get it to work?

Found this one, just used my own dynamic provider and it works like a charm.

https://blog.pessoft.com/2016/05/29/mik ... s-and-nat/

(IPSEC) IKEv1 should not be considered as save. IKEv2 nowdays is available only in current firmware.

Which is here the best solution to get VPN running and is there any example config i can use for this setup with both sides have dynamic IP's?

Using WinBox, under Quick Set there is a VPN option. Enable "VPN Access" and enter a secret. This works for me or iOS and MacOSX using the L2TP/IPSEC VPN clients. You login using user "vpn" and you set the secret and password to the secret you entered on the Quick Set page. I had to also add firewall filter rules to open ports 500 and 4500 to get it to work.

To connect from your client you need to know the IP of the MikroTik with the dynamic IP. Again in WinBox, open IP->Cloud. You will see a dialog box to enable a dynamic DNS for your router. Enable this and you can then connect to your router at XXX.sn.mynetname.net from your client.

See also the "L2TP/IpSec setup" section on this page for some more information on manually setting things: https://wiki.mikrotik.com/wiki/Manual:Interface/L2TP