I just bought new MikroTik hAP AC^2. I read a lot of tutorials and guide how to configured it properly.
I have problem with VPN connection from my iPhone. It connect properly but very stuff get weird when it's disconnecting. After disconnect iPhone create new connection. I attach log to demonstrate what I'm talking about:
Code: Select all
11:45:57 l2tp,ppp,info <l2tp-rechandler>: disconnected
11:45:57 ipsec,info purging ISAKMP-SA 185.78.134.226[4500]<=>37.47.36.39[7962] spi
=1aa57c28b896915e:56b3cc7aed66eefe.
11:45:57 ipsec,info ISAKMP-SA deleted 185.78.134.226[4500]-37.47.36.39[7962] spi:1
aa57c28b896915e:56b3cc7aed66eefe rekey:1
11:46:03 firewall,info Add_Blacklist (L2TP) Blacklist : in:ether1 out:(unknown 0),
src-mac 00:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len
70
11:46:03 firewall,info TEST Blacklist (L2TP): in:ether1 out:(unknown 0), src-mac 0
0:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len 70
11:46:07 firewall,info Add_Blacklist (L2TP) Blacklist : in:ether1 out:(unknown 0),
src-mac 00:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len
70
11:46:07 firewall,info TEST Blacklist (L2TP): in:ether1 out:(unknown 0), src-mac 0
0:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len 70
11:46:11 firewall,info Add_Blacklist (L2TP) Blacklist : in:ether1 out:(unknown 0),
src-mac 00:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len
70
11:46:11 firewall,info TEST Blacklist (L2TP): in:ether1 out:(unknown 0), src-mac 0
0:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len 70
11:46:16 firewall,info Add_Blacklist (L2TP) Blacklist : in:ether1 out:(unknown 0),
src-mac 00:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len
70
11:46:16 firewall,info TEST Blacklist (L2TP): in:ether1 out:(unknown 0), src-mac 0
0:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len 70
11:46:20 firewall,info Add_Blacklist (L2TP) Blacklist : in:ether1 out:(unknown 0),
src-mac 00:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len
70
11:46:20 firewall,info TEST Blacklist (L2TP): in:ether1 out:(unknown 0), src-mac 0
0:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len 70
11:46:24 firewall,info Add_Blacklist (L2TP) Blacklist : in:ether1 out:(unknown 0),
src-mac 00:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len
70
11:46:24 firewall,info TEST Blacklist (L2TP): in:ether1 out:(unknown 0), src-mac 0
0:30:88:21:3a:9c, proto UDP, 37.47.36.39:6883->185.78.134.226:1701, len 70
Code: Select all
add action=add-src-to-address-list address-list="Blacklist (L2TP)" \
address-list-timeout=1w chain="Blacklist (L2TP)" comment="Transfer repeated \
attempts from Blacklist (L2TP) Stage 3. to Blacklist (L2TP)." \
connection-state=new dst-port=1701 log=yes log-prefix=\
"Add_Blacklist (L2TP)" protocol=udp src-address-list=\
"Blacklist (L2TP) Stage 3"
add action=add-src-to-address-list address-list="Blacklist (L2TP) Stage 3" \
address-list-timeout=1m chain="Blacklist (L2TP)" comment=\
"Add succesive attempts to Blacklist (L2TP) Stage 3." connection-state=new \
dst-port=1701 protocol=udp src-address-list="Blacklist (L2TP) Stage 2"
add action=add-src-to-address-list address-list="Blacklist (L2TP) Stage 2" \
address-list-timeout=1m chain="Blacklist (L2TP)" comment=\
"Add succesive attempts to Blacklist (L2TP) Stage 2." connection-state=new \
dst-port=1701 protocol=udp src-address-list="Blacklist (L2TP) Stage 1"
add action=add-src-to-address-list address-list="Blacklist (L2TP) Stage 1" \
address-list-timeout=1m chain="Blacklist (L2TP)" comment=\
"Add initial attempt to Blacklist (L2TP) Stage 1." connection-state=new \
dst-port=1701 protocol=udp
add action=drop chain="Blacklist (L2TP)" comment=\
"Drop anyone in Blacklist (L2TP)." dst-port=1701,500,4500 log=yes \
log-prefix=TEST protocol=udp src-address-list="Blacklist (L2TP)"
add action=drop chain="Blacklist (L2TP)" comment=\
"Drop anyone in Blacklist (L2TP)." protocol=ipsec-esp src-address-list=\
"Blacklist (L2TP)"