Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

L2TP and IPSEC just not working IPSec Error

Locked
 
asle
just joined
Topic Author
Posts: 11
Joined: Fri Nov 03, 2017 12:35 am

L2TP and IPSEC just not working IPSec Error

Wed Feb 28, 2018 5:10 pm

Hi,
I am running 6.40.4
I just have followed all the guides I can see on the net to configure L2TP server and was eventually able to connect from both Windows and Mac but suddenly I am not able to connect.
On the router I see this error:
Code: Select all
ipsec, error   
respond new phase 1 (Identity Protection):
82.148.164.247[500]<=>81.191.248.101[500]
ipsec,error
phase 1 negotiation failed due to time up
82.148.164.247[500]<=>81.191.248.101[500]
xxxxxxx..random number here....
What do I need to share here to get help? What config will help to understand my problem?
Top
 
tholderbaum
newbie
Posts: 38
Joined: Thu Jan 23, 2014 3:34 am
Location: Tampa, Florida
Contact:
Contact tholderbaum

Re: L2TP and IPSEC just not working IPSec Error

Wed Mar 07, 2018 8:51 pm

Can you please post your config? Can you verify that you have UDP/1701,500 and 4500 open on the input chain? Also are you accepting IPSEC-AH,ESP and GRE packets?
Top
 
asle
just joined
Topic Author
Posts: 11
Joined: Fri Nov 03, 2017 12:35 am

Re: L2TP and IPSEC just not working IPSec Error

Wed Mar 14, 2018 2:40 pm

Thanks for answering my post. And sorry that I have not replied. I was about to give up but then I upgraded to the latest firmware 6.41.3 and everything works fine!
So it works and I am not touching it for now :D
Top
 
gargiulo5000
just joined
Posts: 10
Joined: Fri Feb 16, 2018 6:31 pm

Re: L2TP and IPSEC just not working IPSec Error

Wed Mar 14, 2018 4:02 pm

Can you please post your config? Can you verify that you have UDP/1701,500 and 4500 open on the input chain? Also are you accepting IPSEC-AH,ESP and GRE packets?
Hi,
i've got the same problem as OP,
i want my mikrotik to work as a client,
and my interface is able to connect to the server only if don't select the "Use IPSEC" checkbox.
I've tried opening the ports but still, the result is the same.
I don't get any error on the log it just tries to connect and never does.

Thanks.
Top
 
asle
just joined
Topic Author
Posts: 11
Joined: Fri Nov 03, 2017 12:35 am

Re: L2TP and IPSEC just not working IPSec Error

Wed Mar 14, 2018 7:25 pm

Hi, I am not so good at this. What config should I post? I mean how do I get the config to my desktop when I run Winbox4 on my Mac OS X? I run in terminal on the router "export file=backupconfig.txt" but how do I get it to my Mac from the files list?
Top
 
JB172
Member
Member
Posts: 304
Joined: Fri Jul 24, 2015 3:12 pm
Location: AWMN

Re: L2TP and IPSEC just not working IPSec Error

Wed Mar 14, 2018 11:38 pm

Hi, I am not so good at this. What config should I post? I mean how do I get the config to my desktop when I run Winbox4 on my Mac OS X? I run in terminal on the router "export file=backupconfig.txt" but how do I get it to my Mac from the files list?
In New terminal write: /export hide-sensitive
Then copy the code in code display.
Top
 
asle
just joined
Topic Author
Posts: 11
Joined: Fri Nov 03, 2017 12:35 am

Re: L2TP and IPSEC just not working IPSec Error

Thu Mar 15, 2018 12:03 am

Thanks. Here is my config. The login that works is the user "lintho".
Code: Select all
# mar/14/2018 22:58:16 by RouterOS 6.41.3
# software id = 9DIG-R351
#
# model = 951Ui-2HnD
# serial number = 43CE011AD757
/interface bridge
add name=bridge1
add fast-forward=no name=lan-bridge protocol-mode=none
/interface pppoe-client
add add-default-route=yes allow=mschap1,mschap2 default-route-distance=0 disabled=no interface=ether1 keepalive-timeout=60 \
    name=pppoe-out use-peer-dns=yes user=aslint
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n country=norway disabled=no distance=indoors frequency=auto frequency-mode=\
    regulatory-domain mode=ap-bridge radio-name=aslint ssid=Breiband-FE5 wireless-protocol=802.11
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys supplicant-identity=MikroTik
/ip ipsec policy group
set [ find default=yes ] name=*FFFFFFFF
/ip pool
add name=dhcp ranges=10.0.0.5-10.0.0.60
add name=VPN next-pool=dhcp ranges=10.0.0.70-10.0.0.80
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=lan-bridge lease-time=3d name=dhcp1
/ppp profile
add dns-server=10.0.0.1,8.8.8.8 name=profile1 wins-server=10.0.0.1
add change-tcp-mss=yes dns-server=10.0.0.1,8.8.8.8 local-address=dhcp name=lintho remote-address=VPN use-encryption=yes \
    wins-server=10.0.0.1
add change-tcp-mss=yes dns-server=10.0.0.1 idle-timeout=15m local-address=10.0.0.2 name=L2TP remote-address=10.0.0.100 \
    session-timeout=2h30m use-compression=yes use-encryption=yes use-upnp=no
set *FFFFFFFE change-tcp-mss=no dns-server=10.0.0.1 local-address=dhcp remote-address=dhcp use-encryption=default use-mpls=no \
    use-upnp=no
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
add addresses=0.0.0.0/0 name=gipz
/user group
set read policy=\
    local,telnet,ssh,ftp,reboot,read,test,winbox,password,web,sniff,sensitive,api,romon,tikapp,!write,!policy,!dude
/interface bridge port
add bridge=lan-bridge hw=no interface=ether2
add bridge=lan-bridge hw=no interface=ether3
add bridge=lan-bridge hw=no interface=ether4
add bridge=lan-bridge hw=no interface=ether5
add bridge=lan-bridge hw=no interface=wlan1
/ip firewall connection tracking
set enabled=yes
/interface l2tp-server server
set authentication=chap,mschap1,mschap2 default-profile=L2TP enabled=yes max-mru=1460 max-mtu=1460 use-ipsec=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes max-mru=1460 max-mtu=1460
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=10.0.0.2/24 interface=ether2 network=10.0.0.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=10.0.0.0/24 dns-server=10.0.0.1,10.0.0.2,8.8.8.8 gateway=10.0.0.2 netmask=24
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=10.0.0.85 list=VPN
/ip firewall filter
add action=accept chain=input protocol=udp src-port=500,1701,4500
/ip firewall nat
add action=masquerade chain=srcnat comment=NAT out-interface=pppoe-out src-address=10.0.0.0/24
add action=masquerade chain=srcnat
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128,3des generate-policy=port-override nat-traversal=no passive=yes
/ip service
set telnet address=0.0.0.0/0 disabled=yes
set ftp address=10.0.0.0/24
set www address=10.0.0.0/24,81.191.248.128/32,0.0.0.0/0
set ssh address=10.0.0.0/24
set api address=10.0.0.0/24
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=pppoe-out type=external
add interface=lan-bridge type=internal
/ppp secret
add local-address=10.0.0.2 name=asle profile=default-encryption remote-address=10.0.0.65 service=l2tp
add name=lintho profile=L2TP service=l2tp
add local-address=0.0.0.0 name=sissel profile=profile1
add name=L2TP profile=L2TP
add local-address=0.0.0.0 name=ramstad
add name=vpn
/snmp
set contact=GIPZ enabled=yes location=Norway trap-community=gipz
/system clock
set time-zone-name=Europe/Oslo
/system clock manual
set time-zone=+01:00
/system identity
set name=aslint
/system leds
set 5 interface=wlan1
/system logging
add topics=debug,dhcp
/system ntp client
set enabled=yes primary-ntp=82.148.165.182 secondary-ntp=82.148.160.11
/tool graphing interface
add allow-address=192.168.27.0/24
/tool graphing resource
add allow-address=192.168.27.0/24
Top
 
JB172
Member
Member
Posts: 304
Joined: Fri Jul 24, 2015 3:12 pm
Location: AWMN

Re: L2TP and IPSEC just not working IPSec Error

Thu Mar 15, 2018 10:28 am

In New Terminal write:
/ip firewall filter
add chain=input protocol=ipsec-esp
Top
Locked

Who is online

Users browsing this forum: No registered users and 11 guests
  4. RouterOS
  5. Beginner Basics