Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Can not get VPN to work

Locked
 
asle
just joined
Topic Author
Posts: 11
Joined: Fri Nov 03, 2017 12:35 am

Can not get VPN to work

Fri Nov 03, 2017 7:50 pm

Mikrotik 6.33.5 on RB951Ui-2HnD

I have tried many different guides and videos but I can not get VPN to work. I am trying to set up L2TP and to get this to work with Windows 7 and Mac OS X 10.13. I am getting this error:
The L2TP connection attempt failed because the security layer encountered a precessing error during initial negotiations with the remote computer.
In the log on the router I either see no response, no entry. Maybe someone has a minute to look at my config?
Code: Select all
My MikroTik LAN IP: 82.148.164.247
My LAN DHCP Range: 10.0.0.10-10.0.0.60

/ip pool print
 # NAME       RANGES                         
 0 dhcp       10.0.0.5-10.0.0.60             
 1 VPN        10.0.0.70-10.0.0.80

/ppp profile 
Flags: * - default 
 0 * name="default" use-mpls=default use-compression=default use-encryption=default only-one=default
     change-tcp-mss=yes use-upnp=default address-list="" on-up="" on-down="" 

 1   name="profile1" use-mpls=default use-compression=default use-encryption=default only-one=defaul
     change-tcp-mss=default use-upnp=default address-list="" dns-server=10.0.0.1,8.8.8.8 wins-server
     on-up="" on-down="" 

 2   name="lintho" local-address=10.0.0.3 remote-address=dhcp use-mpls=default use-compression=defau
     use-encryption=default only-one=default change-tcp-mss=default use-upnp=default address-list=, 
     dns-server=10.0.0.1,8.8.8.8 wins-server=10.0.0.1 on-up="" on-down="" 

 3   name="L2TP" local-address=10.0.0.2 remote-address=VPN bridge=bridge-local session-timeout=2h30m
     idle-timeout=15m use-mpls=default use-compression=default use-encryption=default only-one=defau
     change-tcp-mss=yes use-upnp=no address-list="" dns-server=10.0.0.1 on-up="" on-down="" 

 4 * name="default-encryption" local-address=192.168.89.1 remote-address=*3 use-mpls=default use-com
     use-encryption=yes only-one=default change-tcp-mss=yes use-upnp=default address-list="" on-up="

/ppp secret print detail 
Flags: X - disabled 
 0   name="username" service=l2tp caller-id="" password="password" profile=L2TP routes="" limit-bytes-in=0 limit-bytes-out=0 
    
/interface pptp-server server print
            enabled: yes
            max-mtu: 1460
            max-mru: 1460
               mrru: disabled
     authentication: pap,chap,mschap1,mschap2
  keepalive-timeout: 30
    default-profile: default-encryption


/ip firewall filter print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=input action=accept connection-state=new protocol=udp dst-address=82.148.164.247 in-interface=ether1 
      dst-port=500,1701,4500 log=no log-prefix="" 

 1    chain=input action=accept connection-state=new protocol=ipsec-esp dst-address=82.148.164.247 in-interface=ether1 log=no 
      log-prefix="" 

/interface ethernet print
Flags: X - disabled, R - running, S - slave 
 #    NAME                        MTU MAC-ADDRESS       ARP        MASTER-PORT                     SWITCH                    
 0 R  ether1                     1500 00:0C:42:C7:8F:E0 enabled    none                            switch1                   
 1 RS ether2                     1500 00:0C:42:C7:8F:E1 enabled    none                            switch1                   
 2 RS ether3                     1500 00:0C:42:C7:8F:E2 enabled    none                            switch1                   
 3  S ether4                     1500 00:0C:42:C7:8F:E3 enabled    none                            switch1                   
 4  S ether5                     1500 00:0C:42:C7:8F:E4 enabled    none                            switch1         

/ip firewall nat print detail
Flags: X - disabled, I - invalid, D - dynamic 
 0    ;;; NAT
      chain=srcnat action=masquerade src-address=10.0.0.0/24 out-interface=pppoe-out log=no log-prefix="" 

 1    chain=srcnat action=masquerade log=no log-prefix="" 

 2    ;;; masq. vpn traffic
      chain=srcnat action=masquerade src-address=192.168.89.0/24 log=no log-prefix=""
Top
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Can not get VPN to work

Sat Nov 04, 2017 11:58 am

If its pure L2TP. then you need to check type of authorization on l2tp client on windows(chap, ms-chap1/2). If this will fail, upgrade your routeros up to 6.40.4.
Top
 
asle
just joined
Topic Author
Posts: 11
Joined: Fri Nov 03, 2017 12:35 am

Re: Can not get VPN to work

Mon Nov 06, 2017 4:13 pm

I upgraded the router to 4.40.4. What do I need to be able to connect with L2TP?

When I try to connect I get this in my connection log:

Mon Nov 6 15:13:53 2017 : IPSec connection started
Mon Nov 6 15:13:53 2017 : IPSec phase 1 client started
Mon Nov 6 15:13:53 2017 : IPSec phase 1 server replied
Mon Nov 6 15:14:00 2017 : IPSec phase 2 started
Mon Nov 6 15:14:04 2017 : IPSec phase 2 established
Mon Nov 6 15:14:04 2017 : IPSec connection established
Mon Nov 6 15:14:04 2017 : L2TP sent SCCRQ
Mon Nov 6 15:14:04 2017 : L2TP received Auth Challenge AVP - not supported
Mon Nov 6 15:14:04 2017 : L2TP received SCCRP
Mon Nov 6 15:14:04 2017 : L2TP sent SCCCN
Mon Nov 6 15:14:04 2017 : L2TP sent ICRQ
Mon Nov 6 15:14:05 2017 : L2TP received StopCCN
Mon Nov 6 15:14:05 2017 : L2TP received invalid message (expected ICRP, received StopCCN)
Top
Locked
  4. RouterOS
  5. Beginner Basics